This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
XDAS Authentications
XDAS Authentications

Version management

Difference between version and

At line 1 added 166 lines
!!! Overview
XDASv1 specified authentication as a modification of session attributes.
XDASv2 makes authentication a first class event because authentication is critical to an audit.
!! Authenticate Session
Authenticate Session to generate an event when a user authenticates a session, a new identity is associated with that session, as shown in the following example:
%%prettify
{{{
Jan 08 10:11:50 eDirectory: INFO
{
"Source": "eDirectory#DS",
"Observer": {
"Account": {
"Domain": "MYTREE",
"Name": "CN=SRV1,O=mycom"
},
"Entity": {
"SysAddr": "100.1.2.164",
"SysName": "SLES11-SP2-164"
}
},
"Initiator": {
"Account": {
"Name": "CN=admin,O=mycom",
"Id": "32809"
},
"Entity": {
"SysAddr": "100.1.2.164:54162"
},
"Assertions": {
"NetAddress": "100.1.2.164",
"NullPassword": "FALSE",
"bindery login": "FALSE"
}
},
"Target": {
"Data": {
"ClassName": "User",
"Name": "CN=SRV1,O=mycom"
}
},
"Action": {
"Event": {
"Id": "0.0.11.0",
"Name": "AUTHENTICATE_SESSION",
"CorrelationID": "eDirectory#25#",
"SubEvent": "DSE_LOGIN"
},
"Time": {
"Offset": 1389847310
},
"Log": {
"Severity": 7
},
"Outcome": "0",
"ExtendedOutcome": "0"
}
}
}}} /%!! Unauthenticate Session#
Unauthenticate Session to generate an event when a user authenticates a session, a new identity is associated with that session, as shown in the following example:
%%prettify
{{{
Jan 08 10:20:26 eDirectory : INFO
{
"Source": "eDirectory#LDAP",
"Observer": {
"Account": {
"Domain": "MYTREE",
"Name": "CN=SRV1,O=mycom"
},
"Entity": {
"SysAddr": "100.1.2.164",
"SysName": "SLES11-SP2-164"
}
},
"Initiator": {
"Account": {
"Name": "cn=admin,o=mycom"
},
"Entity": {
"SysAddr": "164.99.136.142:42181"
},
"Assertions": {
"msgID": "54",
"netAddress": "164.99.136.142:50596",
"operationTime": "01/16/14 10:20:26"
}
},
"Target": {
"Data": {
"connection": "231405696"
}
},
"Action": {
"Event": {
"Id": "0.0.11.1",
"Name": "UNAUTHENTICATE_SESSION",
"CorrelationID": "eDirectory#4294967295#",
"SubEvent": "DSE_LDAP_UNBIND"
},
"Time": {
"Offset": 1389847826
},
"Log": {
"Severity": 7
},
"Outcome": "0",
"ExtendedOutcome": "0"
}
}
}}} /%
!! Create Access Token
Create Access Token to generate an event when a resource access token is created by a service (or identity) provider to send to a service consumer, as shown in the following [example]:
%%prettify
{{{
Jan 08 10:18:34 eDirectory : INFO
{
"Source": "eDirectory#DS",
"Observer": {
"Account": {
"Domain": "MYTREE",
"Name": "CN=SRV1,O=mycom"
},
"Entity": {
"SysAddr": "100.1.2.164",
"SysName": "SLES11-SP2-164"
}
},
"Initiator": {
"Account": {
"Domain": "MYTREE"
},
"Entity": {
"SysAddr": "0.0.0.0:0"
}
},
"Target": {
"Data": {
"ClassName": "NCP Server",
"Name": "CN=SRV1,O=mycom"
}
},
"Action": {
"Event": {
"Id": "0.0.11.4",
"Name": "CREATE_ACCESS_TOKEN",
"CorrelationID": "eDirectory#0#",
"SubEvent": "DSE_ALLOW_LOGIN"
},
"Time": {
"Offset": 1389847714
},
"Log": {
"Severity": 7
},
"Outcome": "0",
"ExtendedOutcome": "0"
}
}
}}} /%
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop