Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-18119

Audit log no longer shows the userID of session being invalidated by amadmin

    XMLWordPrintable

    Details

    • AM Sustaining Sprint 87, AM Sustaining Sprint 88
    • 3

      Description

      Bug description

      When using the 'amadmin' to invalidate a users session via REST, the audit log (activity.audit.log) is supposed to show the userID (i.e "userID":"id=demo...) of the session being invalidated, but instead shows the same user that is running the delete operation (amadmin).  This was not the case pre AM 7.x

      How to reproduce the issue

      1. spin up and configure new AM 7.1
      2. tail -f path/to/activity.audit.log
      3. log in as 'demo' user 
      4. follow guide to invalidate 'demo' users session https://backstage.forgerock.com/docs/am/7.1/authentication-guide/action-invalidating-sessions.html#action-invalidating-sessions
      5. check the audit log for recent invalidation of session, namely userId value
      Expected behaviour
      {"_id":"7a43a3c9-95c2-443a-bca3-4db28692c95d-24220","timestamp":"2021-07-19T19:31:44.964Z","eventName":"AM-SESSION-DESTROYED","transactionId":"7a43a3c9-95c2-443a-bca3-4db28692c95d-24212","trackingIds":["7a43a3c9-95c2-443a-bca3-4db28692c95d-19622","7a43a3c9-95c2-443a-bca3-4db28692c95d-20986"],"userId":"id=demo,ou=user,dc=openam,dc=forgerock,dc=org","runAs":"id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org","objectId":"7a43a3c9-95c2-443a-bca3-4db28692c95d-19622","operation":"DELETE","realm":"/","component":"Session"}
      
      Current behaviour
      {"_id":"7a43a3c9-95c2-443a-bca3-4db28692c95d-24220","timestamp":"2021-07-19T19:31:44.964Z","eventName":"AM-SESSION-DESTROYED","transactionId":"7a43a3c9-95c2-443a-bca3-4db28692c95d-24212","trackingIds":["7a43a3c9-95c2-443a-bca3-4db28692c95d-19622","7a43a3c9-95c2-443a-bca3-4db28692c95d-20986"],"userId":"id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org","runAs":"id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org","objectId":"7a43a3c9-95c2-443a-bca3-4db28692c95d-19622","operation":"DELETE","realm":"/","component":"Session"}
      

       

        Attachments

          Activity

            People

            jay.bowers Jay Bowers
            jason.yuen Jason Yuen
            Votes:
            1 Vote for this issue
            Watchers:
            9 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: