Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-16793

Debug and audit logs for user session creation and destruction do not appear to support the capture of session refresh tokens as part of their logging.

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 6.5.2.1
    • Fix Version/s: None
    • Component/s: audit logging
    • Labels:
    • Support Ticket IDs:

      Description

      Bug description

      User logs regarding session creation and destruction do not have any form of token refresh requests logged. This is required for customer verification of application refresh requests and bug tracking of apps interacting with the ForgeRock platform.

      How to reproduce the issue

       

      Expected behaviour
      Refresh tokens for a given user's authenticated session to be discovered in the audit logs to determine when and how often a session was refreshed over the lifetime of a user login.
      Current behaviour
      While session creation and destruction, authentication and so on are captured in the logs, session refresh tokens are not, and there is no function to enable this behaviour that is known to support.

      Work around

      None presently known.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              pete.andrews Pete Andrews
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: