Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-5991

IP Address logging in SAML2 audit logs is not consistent

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 11.0.3, 12.0.0
    • Fix Version/s: 6.0.0
    • Component/s: SAML
    • Labels:
    • Target Version/s:
    • Support Ticket IDs:

      Description

      SAML2 audit logging sometimes records the IP address of the client (from the http request) while other times it will log the server's own IP address.

      A general observation seems to be that successful calls, where a session is created/exists, have the client IP address whereas failed calls where a session does not exist contains the server IP address.

      In my examples 192.168.56.1 is my real 'client' making a request. 192.168.56.3 is the server.

      Successful sign on to SP:

      "2015-04-20 09:43:56"	id=demo,ou=user,dc=openam,dc=forgerock,dc=org|J6eJah5MB5gSlHW64hXWZ+SZSR5k	b2e298c2cf6e224003	id=demo,ou=user,dc=openam,dc=forgerock,dc=org	"Not Available"	INFO	dc=openam,dc=forgerock,dc=org	SAML2-142	"cn=dsameuser,ou=DSAME Users,dc=openam,dc=forgerock,dc=org"	J6eJah5MB5gSlHW64hXWZ+SZSR5k	SAML2.access	192.168.56.1
      

      Failed sign on:

      "2015-04-20 10:18:07"	"http://sp.fedexample.com:8081/openam|Login Failed\\nUser not Active|user_inactive.jsp|"	a663aa58aa000d6403	"cn=dsameuser,ou=DSAME Users,dc=openam,dc=forgerock,dc=org""Not Available"	INFO	dc=openam,dc=forgerock,dc=org	SAML2-166	"cn=dsameuser,ou=DSAME Users,dc=openam,dc=forgerock,dc=org"	"Not Available"	SAML2.error	192.168.56.3
      

      In regular authentication audit logging, things look to be more consistent - even failures are logged with the client IP address:

      "2015-04-20 10:23:01"	"Login Failed"	"Not Available"	id=demo,ou=user,dc=openam,dc=forgerock,dc=org	192.168.56.1	INFO	dc=openam,dc=forgerock,dc=org	AUTHENTICATION-200	"cn=dsameuser,ou=DSAME Users,dc=openam,dc=forgerock,dc=org"	"Not Available"	DataStore	192.168.56.1
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              ian.packer Ian Packer [X] (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: