Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-18100

Realm level Audit Logging config ignored

    XMLWordPrintable

    Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 7.1.0
    • None
    • audit logging
    • Rank:
      1|i057ou:

      Description

      Bug description

      Audit Logging service at realm level is not being used. For example, AM only seems to use the Field whitelist filter at a global level.

      How to reproduce the issue

      1. Add Audit Logging Service at Realm level
      2. Add /access/http/request/headers/testHeader to Field whitelist filters
      3. tail -f /path/to/openam/var/audit/access.audit.json
      4. Open browser dev tools and navigate to OAuth2 clients for example
      5. Edit and resend https://openam.example.com:8443/openam/json/global-config/realms?_action=schema 
      6. Edit and resend with the header/value testHeader: testValue
      7. access.audit.json won't log this header
      8. Add the same Field whitelist filters at the global level
      9. Resend the request from Step 6, it will now show in access.audit.json
      Expected behaviour
      Audit logging should log the request header/value when configured in the Realm level service
      Current behaviour
      Audit logging only logs the request header/value when configured at the Global level.

      Work around

      Use Global Audit Logging service only but this means you can use different filters across realms.

        Attachments

          Activity

            People

            Unassigned Unassigned
            aaron.haskins Aaron Haskins
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: