Environment
Access Manager 4.4
Access Manager 4.3
Access Manager 4.2
Access Manager 4.1
Access Manager 4.3
Access Manager 4.2
Access Manager 4.1
Situation
The events need to be forwarded to external systems for various activities like auditing, action to be taken on an event or combination of events, etc.
Troubleshooting Access, Authentication, Authorization issues
Resolution
The List of events that are captured are given below:
1 | Login Provided |
2 | Login Provided Failure |
3 | Login Consumed |
4 | Login Consumed Failure Generated |
5 | Logout Provided Generated |
6 | Logout Local |
7 | Federation Request Sent |
8 | Federation Request Handled |
9 | Defederation Request Sent |
10 | Defederation Request Handled |
11 | Register Name Request Handled |
12 | Attribute Query Request Handled. |
13 | Web Service Query Handled |
14 | Web Service Modify Handled |
15 | User Account Provisioned |
16 | User Account Provisioned Failure |
17 | LDAP Connection Lost Generated |
18 | Server Started Generated |
19 | Server Stopped Generated |
20 | Server Refreshed Generated |
21 | Intruder Lockout Detected Generated |
22 | Component Log Severe Messages |
23 | Component Log Warning Messages |
24 | Brokering Across Groups Denied |
25 | Brokering Rule Evaluated to Deny |
26 | Brokering Handled |
27 | WebService Request Authenticated |
28 | WebService Request Authentication Failed |
29 | Token Was Issued To WebService |
30 | Token Issue To WebService Failed |
31 | Token Was Validated To A WebService |
32 | Token Validation To WebService Failed |
33 | Token Renewed |
34 | Token Renew Failed |
35 | Risk-Based Authentication Succeeded |
36 | Risk-Based Authentication Failed |
37 | Risk-Based Authentication Action Invoked |
38 | Risk-based Pre-authentication Succeeded |
39 | Risk-based Pre-authentication Failed |
40 | Risk-based Pre-authentication Action Invoked |
41 | Risk-based IP List Load From Datasource Failed |
42 | Risk-based Device Fingerprint Rule Created |
43 | Risk-based Device Fingerprint Rule Match Failed |
44 | OAuth & OpenID Token Issued |
45 | OAuth & OpenID Token Issue Failed |
46 | OAuth Consent Provided |
47 | OAuth Consent Revoked |
48 | OAuth Client Applications |
49 | OAuth & OpenID Token Validation Success |
50 | OAuth & OpenID Token Validation Failed |
51 | OAuth Refresh Token Revocation Success |
52 | OAuth Refresh Token Revocation Failed |
53 | Authorization Code from AA Server |
54 | Access Token from AA Server |
55 | Session Assurance Device Fingerprint Match Failed |
56 | Impersonation Sign-in |
57 | Impersonation Sign-out |
58 | Impersonation Requested |
59 | Impersonation Denied by Impersonatee |
60 | Impersonation Approved by Impersonatee |
61 | Impersonation Policy Failed |
62 | Federation Step-up |
63 IP address **
**Identity Server records the IP address of the client machine from where authentication requests originate into audit events. If the client machine is behind a proxy, then proxy IP address is logged. To log the actual client machine IP address instead of the proxy IP address, configure the RemoteIpValve in the Tomcat configuration file (server.xml) on all Identity Server instances. The server.xml file is located at /opt/novell/nam/idp/conf/server.xml (Linux) and //Program File x(86)/Novell/Tomcat/conf/server.xml (Windows).