Recording SSO Logins during Auditing

  • 7011173
  • 14-Jul-2010
  • 19-Oct-2012

Resolution

Login events are not automatically audited when using SSO.  You could add something similar to this under the SSO Authentication Rule (text in black represents additions) to audit these logins: 

<Rule 
language="beanshell" 
name="SSO Authentication Rule - Example" 
type="SSOAuthentication">

<Source><![CDATA[


// Needed to log AuditEvents
import sailpoint.server.Auditor;
        
...

         String userFromHeader = httpRequest.getHeader( USER_DN );
         String authServer = httpRequest.getHeader( AUTHDIR_NAME );

         Application app = mapAuthDirToApp( ctx, authServer );
         Correlator correlator = new Correlator( ctx );
         Link link = correlator.findLinkByNativeIdentity( app, 
userFromHeader );


         Identity user = null;
         if ( link != null ) {


             user = link.getIdentity();

// Write that down.
if ( Auditor.isEnabled( AuditEvent.ActionLogin ) ) // Check to see if there is auditing logging first...
Auditor.log( AuditEvent.ActionLogin, // Logging actions pertaining to logins.
userFromHeader, // The USER_DN from the HTTP Header  
user );// The Identity we mapped

        } else {


// Login fails
if ( Auditor.isEnabled( AuditEvent.ActionLoginFailure ) )  // Check to see if there is auditing logging first
Auditor.log( AuditEvent.ActionLoginFailure, // Logging an action pertaining to how much this login failed.
userFromHeader );  // The USER_DN from the HTTP Header (or lack thereof) which caused the login failure.
       }
         return user;

     ]]></Source>

</Rule>

Feedback service temporarily unavailable. For content questions or problems, please contact Support.