Affects Version/s: 6.0.0, 6.5.0, 188.8.131.52, 6.5.1, 6.5.2, 184.108.40.206, 220.127.116.11, 18.104.22.168, 5.5.2
Component/s: audit logging
AM Audit Logging no longer captures a UserId when logging a failed authentication (even if the failure is an invalid password). Prinicipals no longer captured when logging a successful authentication. This behaviour is different from AM 5, where both fields would be captured regardless of success or failure (except in the case of a non-existent user account).
- Install AM 22.214.171.124 into your chosen container and launch it.
- Perform default configuration of AM from the browser.
- Enable secondary audit logging using the capture method of your choice (JDBC, CSV or some other method).
- Have a user log in successfully, then log out.
- Have a user attempt to log in, but enter the wrong password.
- Attempt to log in using a non-existent user account.
The resulting output will confirm the above findings.
- OK Login will hacve principal and userId (for AM-LOGIN-COMPLETED). This bug only affect AM-LOGIN-COMPLETED and not AM-MODULE-LOGIN-COMPLETED.
- Failed login will not have userId but principal
There is no known workaround.