+

Search Tips   |   Advanced Search

Context object fields

Each auditable event has an associated set of information that is available for logging. This information is grouped into specific context objects. The context objects that are available for logging a specific event are specified by the event type. This topic details the information that exists for each context object and specifies whether the information is logged by default or is only logged when the verbose logging option is enabled.


The SessionContextObj object

Field Type Description Default or Verbose logging
sessionId String An identifier for the user session Default
remoteAddr String The IP address for the remote host Default
remotePort String The port of the remote host Default
remoteHost String The host name of the remote host Default


The PropagationContextObj object

Field Type Description Default or Verbose logging
firstCaller String The identity of the first user in the caller list Default
callerList String array A list of names representing the identities of the users Verbose


The RegistryContextObj object

Field Type Description Default or Verbose logging
type String The type of user registry being used, such as LDAP or AIX Default


The ProcessContextObj object

Field Type Description Default or Verbose logging
domain String The domain to which the user belongs Verbose
realm String The registry partition to which the user belongs Default


The EventContextObj object

Field Type Description Default or Verbose logging
lastEventTrailId String The last ID associated with a given transaction Verbose
eventTrailId String array An array of IDs that allow events that belong to a given transaction to be correlated Default
creationTime Date The date an event was created Default
globalInstanceId Long The unique identifier of this event Default


The DelegationContextObj object

Field Type Description Default or Verbose logging
delegationType String no delegation, simple delegation, method delegation or switch user delegation Default
roleName String The Run as role being used: runAsClient, runAsSpecified, runAsSystem, own ID Default
identityName String Information about the mapped user Default


The AuthnContextObj object

Field Type Description Default or Verbose logging
authnType String The type of authentication used Default


The ProviderContextObj object

Field Type Description Default or Verbose logging
provider String The provider of the authentication or authorization service Default
providerStatus String Status of whether the authentication or authorization event processed successfully by the provider Default


The AuthnMappingContextObj object

Field Type Description Default or Verbose logging
mappedSecurityDomain String The security domain after mapping has occurred Default
mappedRealm String The realm after mapping has occurred Default
mappedUserName String The user name after mapping has occurred Default


The AuthnTermContextObj object

Field Type Description Default or Verbose logging
terminateReason String The reason authentication ended Default


The AccessContextObj object

Field Type Description Default or Verbose logging
progName String The name of the program that was involved in the event Default
action String The action being performed. Default
registryUserName String The name of the user in the registry Default
appUserName String The name of the user within an application Default
accessDecision String The decision of the authorization call Default
resourceName String The name of the resource in the context of the application Default
resourceType String The type of resource Default
resourceUniqueId Long The unique identifier of the resource Default
permissionsChecked String array The permissions that were checked during the authorization call Default
permissionsGranted String array The permissions that were granted during the authorization call Default
rolesChecked String array The roles that were checked during the authorization call Default
rolesGranted String array The roles that were granted during the authorization call Default


The PolicyContextObj object

Field Type Description Default or Verbose logging
policyName String The name of the policy Default
policyType String The type of policy Default


The KeyContextObj object

Field Type Description Default or Verbose logging
keyLabel String The key or certificate label Default
keyLocation String The physical location of the key database Default
certLifetime Date The date when a certificate expires Default


The CipherContextObj object

Field Type Description Default or Verbose logging
cipherData Byte array The cipher data that is captured Verbose


The MgmtContextObj object

Field Type Description Default or Verbose logging
mgmtType String The type of management operation Default
mgmtCommand String The application-specific command that was performed Default
targetInfoAttributes Target Atrribute array Information about one or more secondary objects involved in this operation Verbose


The ResponseContextObj object

Field Type Description Default or Verbose logging
url String The URL of the HTTP request Default
httpRequestHeaders Attributes array The HTTP request headers provided by the client Verbose
httpResponseHeaders Attributes array The HTTP response headers returned by the server Verbose


The CustomPropertyContextObj object

Field Type Description Default or Verbose logging
key String The label representing the custom property key name Verbose
value Object The object value of the custom property Verbose


Support Objects: Attributes

table describes the Attribute fields.
Field Type Description Default or Verbose logging
name String Name of the attribute Default
value String Value of the attribute Default
Source String Source of the attribute (user, application, or an input for authz rules) Default


Support Objects: TargetAttributes

table describes the TargetAttribute fields.
Field Type Description Default or Verbose logging
name String What object is the operation targeted against? Default
uniqueId Long Target's unique identifier Default


Runtime Event: Context Object mapping

All runtime events need sessionContext, eventContext, accessContext, propagationContext, processContext, and registryContext objects. In addition to these required context objects, each event needs the context objects listed for that event in the following table:

Event Type Context Objects
SECURITY_AUTHN authnContext, providerContext
SECURITY_AUTHN_CREDS_MODIFY
SECURITY_AUTHN_DELEGATION delegationContext
SECURITY_AUTHN_MAPPING authnMapping, providerContext
SECURITY_AUTHN_TERMINATE authnContext, providerContext, authnTermContext
SECURITY_AUTHZ providerContext, policyContext
SECURITY_ENCRYPTION keyContext
SECURITY_MGMT_AUDIT mgmtContext
SECURITY_MGMT_CONFIG mgmtContext
SECURITY_MGMT_KEY mgmtContext, keyContext
SECURITY_MGMT_POLICY mgmtContext, policyContext
SECURITY_MGMT_PROVISIONING mgmtContext, regObjContext
SECURITY_MGMT_REGISTRY mgmtContext, regObjContext
SECURITY_MGMT_RESOURCE mgmtContext
SECURITY_RESOURCE_ACCESS responseContext
SECURITY_RUNTIME
SECURITY_RUNTIME_KEY keyContext
SECURITY_SIGNING keyContext


Related tasks

  • Create security auditing event type filters
  • Audit the security infrastructure

  • Context objects for security auditing