security trust events

IBM_SECURITY_TRUST events

This event type is generated by the trust server when it validates a token, issues a token, maps an identity, or authorizes a Web service call.
The following table lists the elements that can be shown in the output of an IBM_SECURITY_TRUST event.
--> -->
Element Description

accessDecision For the authorization module, it is the result of the authorization decision. This element is filled out only when the action is authorized.The XPath is:
CommonBaseEvent/extendedDataElements [@name='accessDecision']/values

action The action being performed. Possible actions are:

authorize
issue
map
validate
The XPath is:
CommonBaseEvent/extendedDataElements [@name='action']/values

appliesTo The destination or resource the request or token applies to.The XPath is:
CommonBaseEvent/extendedDataElements [@name='appliesTo']/values

issuer Party responsible for issuing the token.The XPath is:
CommonBaseEvent/extendedDataElements [@name='issuer']/values

moduleName The module in the STS module chain the action is taken on.The XPath is:
CommonBaseEvent/extendedDataElements [@name='moduleName']/values

ruleName The rule name used for the mapping module. This element is filled out only when specified action is set to map. The XPath is:
CommonBaseEvent/extendedDataElements [@name='ruleName']/values

token The incoming token the action is being taken on. Only the first 1024 characters of the token are set. When the action is set to map, this element represents the incoming principal.The XPath is:
CommonBaseEvent/extendedDataElements [@name='token']/values

tokenInfo The internal representation of the user information after changes are made by the module. Only the first 1024 characters of the token are set. When action is set to map, this element represents the outgoing principal. When the action is set to authorize, this element represents the principal for whom the access decision was made.The XPath is:
CommonBaseEvent/extendedDataElements [@name='tokenInfo']/values

tokenType The type of token the module is using.The XPath is:
CommonBaseEvent/extendedDataElements [@name='tokenType']/values

Samples of IBM_SECURITY_TRUST events
The following example shows an event generated by a Trust request.
<CommonBaseEvent creationTime="2013-07-19T06:21:05.256Z" extensionName="IBM_SECURITY_TRUST" globalInstanceId="FIMf596c16e013f12d38eb0b66d4d925" sequenceNumber="1" version="1.1"> <contextDataElements name="Security Event Factory" type="eventTrailId"> <contextId>FIM_f596bda0013f188f9983b66d4d92542a+971185751</contextId> </contextDataElements> <extendedDataElements name="tokenType" type="string"> <values>Not Available</values> </extendedDataElements> <extendedDataElements name="issuer" type="string"> <values>/otpfed/otp/get/delivery/options/issuer</values> </extendedDataElements> <extendedDataElements name="token" type="string"> <values>user1 [ Attribute 1 name [ value 1 user1 ] ]</values> </extendedDataElements> <extendedDataElements name="ruleName" type="string"> <values>otp_get_methods.js </values> </extendedDataElements> <extendedDataElements name="moduleName" type="string"> <values>com.tivoli.am.fim.trustserver.sts.modules.STSMapDefault</values> </extendedDataElements> <extendedDataElements name="appliesTo" type="string"> <values>/otpfed/otp/get/delivery/options/appliesto</values> </extendedDataElements> <extendedDataElements name="action" type="string"> <values>Map</values> </extendedDataElements> <extendedDataElements name="tokenInfo" type="string"> <values>user1 [ Attribute 1 name [ value 1 user1 ] ]</values> </extendedDataElements> <extendedDataElements name="outcome" type="noValue"> <children name="result" type="string"> <values>SUCCESSFUL</values> </children> <children name="majorStatus" type="int"> <values>0</values> </children> </extendedDataElements> <sourceComponentId application="IBM Security Verify Access" component="Authentication and Federated Identity" componentIdType="ProductName" executionEnvironment="Linux[amd64]#2.6.32-279.14.1.30.iss7_3.x86_64" location="localhost" locationType="FQHostname" subComponent="com.tivoli.am.fim.trustserver.sts.modules.STSMapDefault" threadId="Default Executor-thread-6" componentType="http://www.ibm.com/namespaces/autonomic/Tivoli_componentTypes"/> <situation categoryName="ReportSituation"> <situationType xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ReportSituation" reasoningScope="INTERNAL" reportCategory="SECURITY"/> </situation> </CommonBaseEvent>

Parent topic: Audit Advanced Access Control

Element	Description
accessDecision	For the authorization module, it is the result of the authorization decision. This element is filled out only when the action is authorized.The XPath is: CommonBaseEvent/extendedDataElements [@name='accessDecision']/values
action	The action being performed. Possible actions are: authorize issue map validate The XPath is: CommonBaseEvent/extendedDataElements [@name='action']/values
appliesTo	The destination or resource the request or token applies to.The XPath is: CommonBaseEvent/extendedDataElements [@name='appliesTo']/values
issuer	Party responsible for issuing the token.The XPath is: CommonBaseEvent/extendedDataElements [@name='issuer']/values
moduleName	The module in the STS module chain the action is taken on.The XPath is: CommonBaseEvent/extendedDataElements [@name='moduleName']/values
ruleName	The rule name used for the mapping module. This element is filled out only when specified action is set to map. The XPath is: CommonBaseEvent/extendedDataElements [@name='ruleName']/values
token	The incoming token the action is being taken on. Only the first 1024 characters of the token are set. When the action is set to map, this element represents the incoming principal.The XPath is: CommonBaseEvent/extendedDataElements [@name='token']/values
tokenInfo	The internal representation of the user information after changes are made by the module. Only the first 1024 characters of the token are set. When action is set to map, this element represents the outgoing principal. When the action is set to authorize, this element represents the principal for whom the access decision was made.The XPath is: CommonBaseEvent/extendedDataElements [@name='tokenInfo']/values
tokenType	The type of token the module is using.The XPath is: CommonBaseEvent/extendedDataElements [@name='tokenType']/values