Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-16433

Audit Logging change of behaviour when capturing "principals" and "userid" data for each authentication entry.



    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 6.0.0, 6.5.0,, 6.5.1, 6.5.2,,,, 5.5.2
    • 5.5.3, 6.0.1, 7.0.0, 6.5.3
    • audit logging
    • AM Sustaining Sprint 76, AM Sustaining Sprint 77
    • 3
    • No
    • No
    • Yes
    • Yes and I used the same an in the description


      Bug description

      AM Audit Logging no longer captures a UserId when logging a failed authentication (even if the failure is an invalid password). Prinicipals no longer captured when logging a successful authentication. This behaviour is different from AM 5, where both fields would be captured regardless of success or failure (except in the case of a non-existent user account).

      How to reproduce the issue

      1. Install AM into your chosen container and launch it.
      2. Perform default configuration of AM from the browser.
      3. Enable secondary audit logging using the capture method of your choice (JDBC, CSV or some other method).
      4. Have a user log in successfully, then log out.
      5. Have a user attempt to log in, but enter the wrong password.
      6. Attempt to log in using a non-existent user account.

      The resulting output will confirm the above findings.

      Expected behaviour
      "principals" field will always be populated with the provided user input either via a REST call or via the GUI. "UserId" will be populated if a user account matching the attempted log in exists.


      • OK Login will have principal and userId (for AM-LOGIN-COMPLETED). This bug only affect AM-LOGIN-COMPLETED and not AM-MODULE-LOGIN-COMPLETED.
      • Failed login will not have userId but principal
      Current behaviour
      "principals" is only populated if authentication fails. It will be let blank if authentication succeeds.
      "UserId" is only populated if authentication was successful. It will be blank in all other authentication failure scenarios.

      Work around

      There is no known workaround.




            chee-weng.chea C-Weng C
            pete.andrews Pete Andrews
            0 Vote for this issue
            5 Start watching this issue