The IDP audit event "NIDS: Roles assignment policy evaluation" does not include any details about the user it is operating/evaluating/assigning Roles against. The affected username should be printed into one or both of the following (just like other IDP audit events already do!): InitUserName and/or TargetUserName -- I'm not entirely sure which is more appropriate. Maybe they both are.
Notice when the user "JohnSmith" logs in the "NIDS: Roles assignment policy evaluation" events show assignments of roles of "Employee" and "authenticated" -- but they leave out this easily included information. Just imagine looking through audit logs on servers that have hundreds of users logging in around the same time and what a pain it would be to try to visually scan which Role evaulations relate to a particular user. There is undoubtedly other details in the parsed event that unintuitively link it with a particular user, but why make it such a pain? Especially when it is so easily fixed by just also including the username into these events.
NAM IDP: 192.168.218.169
NAM AG: 192.168.218.224
- Stefan
Notice when the user "JohnSmith" logs in the "NIDS: Roles assignment policy evaluation" events show assignments of roles of "Employee" and "authenticated" -- but they leave out this easily included information. Just imagine looking through audit logs on servers that have hundreds of users logging in around the same time and what a pain it would be to try to visually scan which Role evaulations relate to a particular user. There is undoubtedly other details in the parsed event that unintuitively link it with a particular user, but why make it such a pain? Especially when it is so easily fixed by just also including the username into these events.
Code:
Severity EventTime EventName Message XDASTaxonomyName XDASOutcomeName InitUserName InitUserDomain InitUserFullName InitUserDepartment EffectiveUserName InitHostName InitIP InitAssetFunction InitServicePortName TargetUserName TargetUserDomain TargetUserFullName TargetUserDepartment TargetHostName TargetIP TargetAssetFunction TargetServicePortName TargetTrustName FileName DataContext ObserverHostName ObserverIP MSSPCustomerName ReporterHostName ReporterIP
0 1/21/2012 15:32 NIDS: Logged out a local authentication AMDEVICEID#esp-73768320D7C25697: AMAUTHID#6A4BDE9482F944211989FDCDF4C86916: Logged out a local authentication. User: [cn=JohnSmith,o=Company] TimedOut: [False] XDAS_AE_TERMINATE_SESSION XDAS_OUT_SUCCESS cn=JohnSmith,o=Company 192.168.218.224 Novell Access Manager 192.168.218.224 unknown 192.168.218.224
0 1/21/2012 15:32 NIDS: Logged out an authentication that was provided to a remote consumer AMDEVICEID#esp-73768320D7C25697: AMAUTHID#6A4BDE9482F944211989FDCDF4C86916: Logged out an authentication that was provided to a remote consumer. User: [cn=JohnSmith,o=Company] TimedOut: [False] XDAS_AE_TERMINATE_SESSION XDAS_OUT_SUCCESS 192.168.218.224 Novell Access Manager cn=JohnSmith,o=Company 192.168.218.224 unknown 192.168.218.224
0 1/21/2012 15:32 NIDS: Logged out a local authentication AMDEVICEID#0881CFF5BBF0D19A: AMAUTHID#F7EC674AB8C2190B4ABE4E48FB272101: Logged out a local authentication. User: [cn=JohnSmith,o=Company] TimedOut: [False] XDAS_AE_TERMINATE_SESSION XDAS_OUT_SUCCESS cn=JohnSmith,o=Company 192.168.218.169 Novell Access Manager 192.168.218.169 unknown 192.168.218.169
0 1/21/2012 15:32 NIDS: User session was authenticated AMDEVICEID#esp-73768320D7C25697: AMAUTHID#6A4BDE9482F944211989FDCDF4C86916: User session was authenticated: [cn=JohnSmith,o=Company]. Authentication Type: [https://beta-auth-https.MyCompany.com:443/nesp/idff/metadata] Authenticating Entity Name: [null] Contract Class or Method Name: [name/password/uri] XDAS_AE_CREATE_SESSION XDAS_OUT_SUCCESS 192.168.218.224 Novell Access Manager cn=JohnSmith,o=Company metadata https://beta-auth-https.MyCompany.com:443/nesp/idff 192.168.218.224 unknown 192.168.218.224
0 1/21/2012 15:32 NIDS: Provided an authentication to a remote consumer AMDEVICEID#0881CFF5BBF0D19A: AMAUTHID#F7EC674AB8C2190B4ABE4E48FB272101: Provided an authentication to a remote consumer on behalf of user: [cn=JohnSmith,o=Company]. Authentication Type: [https://beta-idp.MyCompany.com/nidp/idff/metadata] Authenticating Entity Name: [https://beta-auth-https.MyCompany.com:443/nesp/idff/metadata] Contract Class or Method Name: [name/password/uri] XDAS_AE_CREATE_SESSION XDAS_OUT_SUCCESS 192.168.218.169 Novell Access Manager cn=JohnSmith,o=Company metadata https://beta-idp.MyCompany.com/nidp/idff 192.168.218.169 unknown 192.168.218.169
0 1/21/2012 15:32 NIDS: Roles assignment policy evaluation AMDEVICEID#0881CFF5BBF0D19A: AM#500199050: AMAUTHID#F7EC674AB8C2190B4ABE4E48FB272101: Roles assignment policy evaluaton Assigned Roles: [authenticated] Policy Action Invoked: [system-generated-action] XDAS_AE_MODIFY_SERVICE_CONFIG XDAS_OUT_SUCCESS 192.168.218.169 Novell Access Manager 192.168.218.169 unknown 192.168.218.169
0 1/21/2012 15:32 NIDS: Roles assignment policy evaluation AMDEVICEID#0881CFF5BBF0D19A: AM#500199050: AMAUTHID#F7EC674AB8C2190B4ABE4E48FB272101: Roles assignment policy evaluaton Assigned Roles: [Employee] Policy Action Invoked: [Document=(ou=xpemlPEP,ou=mastercdn,ou=ContentPublisherContainer,ou=Partition,ou=PartitionsContainer,ou=VCDN_Root,ou=accessManagerContainer,o=novell:romaContentCollectionXMLDoc),Policy=(Role_Activate),Rule=(1::RuleID_1325959794615),Action=(AddRole::Action] XDAS_AE_MODIFY_SERVICE_CONFIG XDAS_OUT_SUCCESS 192.168.218.169 Novell Access Manager 192.168.218.169 unknown 192.168.218.169
0 1/21/2012 15:32 NIDS: User session was authenticated AMDEVICEID#0881CFF5BBF0D19A: AMAUTHID#F7EC674AB8C2190B4ABE4E48FB272101: User session was authenticated: [cn=JohnSmith,o=Company]. Authentication Type: [Local] Authenticating Entity Name: [Name/Password - Form] Contract Class or Method Name: [name/password/uri] XDAS_AE_CREATE_SESSION XDAS_OUT_SUCCESS 192.168.218.169 Novell Access Manager cn=JohnSmith,o=Company Local 192.168.218.169 unknown 192.168.218.169NAM IDP: 192.168.218.169
NAM AG: 192.168.218.224
- Stefan