Overview#

XDASv1 specified authentication as a modification of session attributes.

XDASv2 makes authentication a first class event because authentication is critical to an audit.

Authenticate Session#

Authenticate Session to generate an event when a user authenticates a session, a new identity is associated with that session, as shown in the following example:
Jan 08 10:11:50 eDirectory: INFO
{
    "Source": "eDirectory#DS",
    "Observer": {
        "Account": {
            "Domain": "MYTREE",
            "Name": "CN=SRV1,O=mycom"
        },
        "Entity": {
            "SysAddr": "100.1.2.164",
            "SysName": "SLES11-SP2-164"
        }
    },
    "Initiator": {
        "Account": {
            "Name": "CN=admin,O=mycom",
            "Id": "32809"
        },
        "Entity": {
            "SysAddr": "100.1.2.164:54162"
        },
        "Assertions": {
            "NetAddress": "100.1.2.164",
            "NullPassword": "FALSE",
            "bindery login": "FALSE"
        }
    },
    "Target": {
        "Data": {
            "ClassName": "User",
            "Name": "CN=SRV1,O=mycom"
        }
    },
    "Action": {
        "Event": {
            "Id": "0.0.11.0",
            "Name": "AUTHENTICATE_SESSION",
            "CorrelationID": "eDirectory#25#",
            "SubEvent": "DSE_LOGIN"
        },
        "Time": {
            "Offset": 1389847310
        },
        "Log": {
            "Severity": 7
        },
        "Outcome": "0",
        "ExtendedOutcome": "0"
    }
}

Unauthenticate Session##

Unauthenticate Session to generate an event when a user authenticates a session, a new identity is associated with that session, as shown in the following example:
Jan 08 10:20:26 eDirectory : INFO 
{
    "Source": "eDirectory#LDAP",
    "Observer": {
        "Account": {
            "Domain": "MYTREE",
            "Name": "CN=SRV1,O=mycom"
        },
        "Entity": {
            "SysAddr": "100.1.2.164",
            "SysName": "SLES11-SP2-164"
        }
    },
    "Initiator": {
        "Account": {
            "Name": "cn=admin,o=mycom"
        },
        "Entity": {
            "SysAddr": "164.99.136.142:42181"
        },
        "Assertions": {
            "msgID": "54",
            "netAddress": "164.99.136.142:50596",
            "operationTime": "01/16/14 10:20:26"
        }
    },
    "Target": {
        "Data": {
            "connection": "231405696"
        }
    },
    "Action": {
        "Event": {
            "Id": "0.0.11.1",
            "Name": "UNAUTHENTICATE_SESSION",
            "CorrelationID": "eDirectory#4294967295#",
            "SubEvent": "DSE_LDAP_UNBIND"
        },
        "Time": {
            "Offset": 1389847826
        },
        "Log": {
            "Severity": 7
        },
        "Outcome": "0",
        "ExtendedOutcome": "0"
    }
}

Create Access Token#

Create Access Token to generate an event when a resource access token is created by a service (or identity) provider to send to a service consumer, as shown in the following example:
Jan 08 10:18:34 eDirectory : INFO 
{
    "Source": "eDirectory#DS",
    "Observer": {
        "Account": {
            "Domain": "MYTREE",
            "Name": "CN=SRV1,O=mycom"
        },
        "Entity": {
            "SysAddr": "100.1.2.164",
            "SysName": "SLES11-SP2-164"
        }
    },
    "Initiator": {
        "Account": {
            "Domain": "MYTREE"
        },
        "Entity": {
            "SysAddr": "0.0.0.0:0"
        }
    },
    "Target": {
        "Data": {
            "ClassName": "NCP Server",
            "Name": "CN=SRV1,O=mycom"
        }
    },
    "Action": {
        "Event": {
            "Id": "0.0.11.4",
            "Name": "CREATE_ACCESS_TOKEN",
            "CorrelationID": "eDirectory#0#",
            "SubEvent": "DSE_ALLOW_LOGIN"
        },
        "Time": {
            "Offset": 1389847714
        },
        "Log": {
            "Severity": 7
        },
        "Outcome": "0",
        "ExtendedOutcome": "0"
    }
}

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-3) was last changed on 22-Sep-2016 19:14 by jim