Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-17719

JATO Federation does not log trackingId in the audit log to permit traceability

    XMLWordPrintable

    Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 6.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.0.0.4, 6.0.0.5, 6.5.0, 6.0.0.6, 6.0.0.7, 6.5.1, 6.5.2, 6.5.2.1, 6.5.2.2, 6.5.2.3, 6.5.3
    • 6.5.4
    • Rank:
      1|i04cc6:
    • AM Sustaining Sprint 85
    • 5
    • No
    • Yes
    • No
    • Yes and I used the same an in the description

      Description

      Bug description

      Although the JATO Federation logs the transactionId and this will appear on the access.audit.json and also on the config.audit.json. The main issue is that without the trackingId which associated the SSOToken to a specific authentication event (to know if this is a delegated admin and method of authentication), it becomes a bit hard to tell how certain JATO config is made by. What we only have is the Cookies and client IP to work with.

      How to reproduce the issue

      1. Create a few SAML2 & COT
      2. Tail the audit.json and check if there is any trackingId
      3. Notice that the new REST call and even new circleOfTrust call does log the trackingId but the Jato /federation URL does not
      Expected behaviour
      Somehow make JATO federation endpoint log the session trackingId too as part of the audit logging event
      
      Current behaviour
      No tracking id
      

      Work around

      None.

      Code analysis

      - The JatoAuditFilter does not audit ssotoken

      AuditAccessServletFilter.java
      ...
       this is the general audit for general endpoint
      ....

        Attachments

          Activity

            People

            chee-weng.chea C-Weng C
            chee-weng.chea C-Weng C
            Votes:
            14 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: