Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-5991

IP Address logging in SAML2 audit logs is not consistent

    XMLWordPrintable

    Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 11.0.3, 12.0.0
    • 6.0.0
    • SAML
    • Rank:
      1|hzpk9j:

      Description

      SAML2 audit logging sometimes records the IP address of the client (from the http request) while other times it will log the server's own IP address.

      A general observation seems to be that successful calls, where a session is created/exists, have the client IP address whereas failed calls where a session does not exist contains the server IP address.

      In my examples 192.168.56.1 is my real 'client' making a request. 192.168.56.3 is the server.

      Successful sign on to SP:

      "2015-04-20 09:43:56"	id=demo,ou=user,dc=openam,dc=forgerock,dc=org|J6eJah5MB5gSlHW64hXWZ+SZSR5k	b2e298c2cf6e224003	id=demo,ou=user,dc=openam,dc=forgerock,dc=org	"Not Available"	INFO	dc=openam,dc=forgerock,dc=org	SAML2-142	"cn=dsameuser,ou=DSAME Users,dc=openam,dc=forgerock,dc=org"	J6eJah5MB5gSlHW64hXWZ+SZSR5k	SAML2.access	192.168.56.1
      

      Failed sign on:

      "2015-04-20 10:18:07"	"http://sp.fedexample.com:8081/openam|Login Failed\\nUser not Active|user_inactive.jsp|"	a663aa58aa000d6403	"cn=dsameuser,ou=DSAME Users,dc=openam,dc=forgerock,dc=org""Not Available"	INFO	dc=openam,dc=forgerock,dc=org	SAML2-166	"cn=dsameuser,ou=DSAME Users,dc=openam,dc=forgerock,dc=org"	"Not Available"	SAML2.error	192.168.56.3
      

      In regular authentication audit logging, things look to be more consistent - even failures are logged with the client IP address:

      "2015-04-20 10:23:01"	"Login Failed"	"Not Available"	id=demo,ou=user,dc=openam,dc=forgerock,dc=org	192.168.56.1	INFO	dc=openam,dc=forgerock,dc=org	AUTHENTICATION-200	"cn=dsameuser,ou=DSAME Users,dc=openam,dc=forgerock,dc=org"	"Not Available"	DataStore	192.168.56.1
      

        Attachments

          Activity

            People

            Unassigned Unassigned
            ian.packer Ian Packer [X] (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: