How Audit Logs WorkThe 3DEXPERIENCE platform audit log files are written in a JSON format in the file: <tomee_installation_directory>/logs/passport-audit.{date}.log An attribute, sent to the platform services, carries the correlation ID for the SSO session of the logged user. User Activities Logged by 3DPassport3DPassport can log the following events linked to user activities:
Each event will be logged with the following information:
Here are some examples of the generated JSON audit log: { "timestamp": "514835489 ", "timestamp_hr": "2017-04-25T05:07:00.254Z", "tenant_id": "", "client_ip": "10.10.10.10", "sso_id": "86086050D14661C32CBC29758270C57367550D1466573675", "user_id": "jcdcd54dr45rfezdc54d45ezedz5dez54", "event_name": "LOGIN_OK", "event_success": "0", "data": {"message": "User has successfully signed in"} } { "timestamp": "514835489 ", "timestamp_hr": "2017-04-25T05:07:00.254Z", "tenant_id": "", "client_ip": "10.10.10.10", "sso_id": "86086050D14661C32CBC29758270C57367550D1466573675", "user_id": "jcdcd54dr45rfezdc54d45ezedz5dez54", "event_name": "LOGIN_KO", "event_success": "1", "data": {"message": "User has failed to sign in"} } { "timestamp": "514835489 ", "timestamp_hr": "2017-04-25T05:07:00.254Z", "tenant_id": "", "client_ip": "10.10.10.10", "sso_id": "86086050D14661C32CBC29758270C57367550D1466573675", "user_id": "jcdcd54dr45rfezdc54d45ezedz5dez54", "event_name": "UPDATE_ACC_KO", "event_success": "2", "data": {"message": "User has failed to update his account", "user_data": {"username":"xxx", …}} } { "timestamp": "514835489 ", "timestamp_hr": "2017-04-25T05:07:00.254Z", "tenant_id": "", "client_ip": "10.10.10.10", "sso_id": "86086050D14661C32CBC29758270C57367550D1466573675", "user_id": "jcdcd54dr45rfezdc54d45ezedz5dez54", "event_name": "LOCKED_ACC", "event_success": "3", "data": {"message": "User account has been locked out"} } { "timestamp": "514835489 ", "timestamp_hr": "2017-04-25T05:07:00.254Z", "tenant_id": "", "client_ip": "10.10.10.10", "sso_id": "86086050D14661C32CBC29758270C57367550D1466573675", "user_id": "jcdcd54dr45rfezdc54d45ezedz5dez54", "event_name": "DEACTIVATED_ACC", "event_success": "3", "data": {"message": "User account has been deactivated by administrator"} } Here is a sample of the attributes sent upon CAS service ticket validation with the new <cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas"> <cas:authenticationSuccess> <cas:user>admin_platform</cas:user> <cas:attributes> <cas:zip/> <cas:address/> <cas:city/> <cas:telephone>+33612345678</cas:telephone> <cas:company/> <cas:email>admin_platform@3ds.com</cas:email> <cas:username>admin_platform</cas:username> <cas:sso_id>86086050D14661C32CBC29758270C57367550D1466573675</cas:ssoId> </cas:attributes> </cas:authenticationSuccess> </cas:serviceResponse> |