IBM_SECURITY_AUTHN_TERMINATE event

This audit event is generated when a user is logged off. The following table lists the elements that can be shown in the output of an IBM_SECURITY_AUTHN_TERMINATE event.

Element	Description
action	The operation that caused the termination of the authentication to occur - log offThe XPath is: CommonBaseEvent/extendedDataElements [@name='action']/values
authnProvider	Provider of the authentication service. The default is WebSEAL.The XPath is: CommonBaseEvent/extendedDataElements [@name='authnProvider']/values
authnType	The type of authentication used by the user - trustRelationship.The XPath is: CommonBaseEvent/extendedDataElements [@name='authnType']/values
terminateReason	The reason the session was terminated. For example, the user logged off.The XPath is: CommonBaseEvent/extendedDataElements [@name='terminateReason']/values
userInfo.appUserName	Information about the user who is logging off. The XPath is: CommonBaseEvent/extendedDataElements [@name='userInfoList']/children[1]/children [@name='appUserName']/values

Sample of a IBM_SECURITY_AUTHN_TERMINATE event

The following example shows an IBM_SECURITY_AUTHN_TERMINATE event:

<CommonBaseEvent 
 creationTime="2006-04-19T18:13:15.916Z" 
 extensionName="IBM_SECURITY_AUTHN_TERMINATE" 
 globalInstanceId="CE11DACFD02C005F20EE33FA70BA750567" 
 sequenceNumber="10" 
 version="1.0.1">
 <extendedDataElements name="authnType" type="string">
  <values>trustRelationship</values>
 </extendedDataElements>
 <extendedDataElements name="action" type="string">
  <values>logout</values>
 </extendedDataElements>
 <extendedDataElements name="outcome" type="noValue">
  <children name="majorStatus" type="int">
   <values>0</values></children>
  <children name="result" type="string">
   <values>SUCCESSFUL</values></children>
 </extendedDataElements>
 <extendedDataElements name="terminateReason" type="string">
  <values>UserLoggedOut</values>
 </extendedDataElements>
 <extendedDataElements name="authnProvider" type="string">
  <values>webseal</values>
 </extendedDataElements>
 <extendedDataElements name="userInfoList" type="noValue">
  <children name="userInfo" type="noValue">
   <children name="appUserName" type="string">
    <values>me_elain</values></children>
   <children name="registryUserName" type="string">
    <values>Not Available</values></children>
  </children>
 </extendedDataElements>
<sourceComponentId 
 application="IBM Security Verify Access" 
 component="Authentication and Federated Identity" 
 componentIdType="ProductName" 
 executionEnvironment="Linux[x86]#2.4.21-4.EL"  
 location="fimtest.myco.com" 
 locationType="FQHostname" 
 subComponent=
 "com.tivoli.am.fim.saml20.protocol.actions.SAML20LocalLogoutAction" 
 threadId="WebContainer : 0" 
 componentType="http://www.ibm.com/namespaces/autonomic/Tivoli_componentTypes"/>
 <situation categoryName="ReportSituation">
   <situationType xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
                  xsi:type="ReportSituation" 
                  reasoningScope="INTERNAL" 
                  reportCatagory="SECURITY"/>
  </situation>
</CommonBaseEvent>

Parent topic: Audit Federation