IBM_SECURITY_AUTHN_events
This event type is generated by the authentication service when it authenticates a user accessing a protected resource. The following table lists the elements that can be shown in the output of an IBM_SECURITY_AUTHN event. All elements are included in the output, unless indicated otherwise.
--> -->
Element Description action Optionally specifies the HTTP method on the requested resource or the operation that is performed by the provider of the authentication service.The XPath is: CommonBaseEvent/extendedDataElements [@name='action']/values
authnProvider Provider of the authentication service. Sample data: com.tivoli.am.fim.authsvc.protocol.delegate.AuthSvcDelegate com.tivoli.am.fim.authsvc.action.authenticator.hotp.HOTPAuthnticator The XPath is:
CommonBaseEvent/extendedDataElements [@name='authnProvider']/values
authnScope Optionally specifies the transaction identifier of the authentication policy. Sample data: 94434b2a-748e-42fe-af3d-67db04aa4ba0 The XPath is:
CommonBaseEvent/extendedDataElements [@name='authnScope']/values
authnType The URI identifier of the authentication policy. Sample data: urn:ibm:security:authentication:asf:password_hotp The XPath is:
CommonBaseEvent/extendedDataElements [@name='authnType']/values
partner The authentication service does not utilize this element and will appear in the IBM_SECURITY_AUTHN event as ‘Not Available’.The XPath is: CommonBaseEvent/extendedDataElements [@name='partner']/values
progName Optionally specifies the URL of the requested resource. Sample data: http://www.example.com The XPath is:
CommonBaseEvent/extendedDataElements [@name='progName']/values
tokenType The authentication service does not utilize this element and will appear in the IBM_SECURITY_AUTHN event as ‘Not Available’.The XPath is: CommonBaseEvent/extendedDataElements [@name='tokenType']/values
trustRelationship The authentication service does not utilize this element and will appear in the IBM_SECURITY_AUTHN event as 'Not Available’.The XPath is: CommonBaseEvent/extendedDataElements [@name='trustRelationship']/values
userInfo.appUserName Optionally specifies information about the user who is authenticating.The XPath is: CommonBaseEvent/extendedDataElements [@name='userInfoList']/children[1]/children [@name='appUserName']/values
userInfo.attributes Optionally specifies the following types of additional information about user data audited during authentication:
- licenseFileMetadata
- Metadata that is defined in the license agreement.
- licenseFileName
- The license file name.
- userAction
- The action the user takes when the End-User License Agreement authentication mechanism presents the license agreement. The user can accept the license agreement or decline the license agreement.
The XPath is:
CommonBaseEvent/extendedDataElements [@name='userInfoList']/children [@name='userInfo'] /children [@name='attributes']/children
xmlTokenType The authentication service does not utilize this element and will appear in the IBM_SECURITY_AUTHN event as ‘Not Available’.The XPath is: CommonBaseEvent/extendedDataElements [@name='xmlTokenType']/values
Sample of an IBM_SECURITY_AUTHN event
The following example shows one event generated by the runtime for a two-factor authentication policy requiring both username password and one-time password authentications:<CommonBaseEvent creationTime="2014-02-15T18:50:05.026Z" extensionName="IBM_SECURITY_AUTHN" globalInstanceId="FIM36e24f6301441708947ceef443526" sequenceNumber="2" version="1.1"> <contextDataElements name="Security Event Factory" type="eventTrailId"> <contextId>FIM_36e24f62014415f59913eef443526e68+1246005647</contextId> </contextDataElements> <extendedDataElements name="userInfoList" type="noValue"> <children name="userInfo" type="noValue"> <children name="registryUserName" type="string"> <values>Not Available</values> </children> <children name="appUserName" type="string"> <values>test_user</values> </children> </children> </extendedDataElements> <extendedDataElements name="tokenType" type="string"> <values>Not Available</values> </extendedDataElements> <extendedDataElements name="authnProvider" type="string"> <values>com.tivoli.am.fim.authsvc.action.authenticator.hotp.HOTPAuthenticator</values> </extendedDataElements> <extendedDataElements name="action" type="string"> <values>verify</values> </extendedDataElements> <extendedDataElements name="authnType" type="string"> <values>urn:ibm:security:authentication:asf:password_hotp</values> </extendedDataElements> <extendedDataElements name="outcome" type="noValue"> <children name="result" type="string"> <values>SUCCESSFUL</values> </children> <children name="majorStatus" type="int"> <values>0</values> </children> </extendedDataElements> <extendedDataElements name="trustRelationship" type="string"> <values>Not Available</values> </extendedDataElements> <extendedDataElements name="progName" type="string"> <values>Not Available</values> </extendedDataElements> <extendedDataElements name="authnScope" type="string"> <values>Not Available</values> </extendedDataElements> <sourceComponentId application="IBM Security Verify Access" component="Authentication and Federated Identity" componentIdType="ProductName" executionEnvironment="Linux[amd64]#2.6.32-279.14.1.30.iss7_3.x86_64" location="example" locationType="FQHostname" subComponent="com.tivoli.am.fim.authsvc.action.authenticator.hotp.HOTPAuthenticator" threadId="Default Executor-thread-60" componentType="http://www.ibm.com/namespaces/autonomic/Tivoli_componentTypes"/> <situation categoryName="ReportSituation"> <situationType xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ReportSituation" reasoningScope="INTERNAL" reportCategory="SECURITY"/> </situation> </CommonBaseEvent>
Parent topic: Audit Advanced Access Control