Overview#
XDASv1 specified authentication as a modification of session attributes.XDASv2 makes authentication a first class event because authentication is critical to an audit.
Authenticate Session#
Authenticate Session to generate an event when a user authenticates a session, a new identity is associated with that session, as shown in the following example:
Jan 08 10:11:50 eDirectory: INFO
{
"Source": "eDirectory#DS",
"Observer": {
"Account": {
"Domain": "MYTREE",
"Name": "CN=SRV1,O=mycom"
},
"Entity": {
"SysAddr": "100.1.2.164",
"SysName": "SLES11-SP2-164"
}
},
"Initiator": {
"Account": {
"Name": "CN=admin,O=mycom",
"Id": "32809"
},
"Entity": {
"SysAddr": "100.1.2.164:54162"
},
"Assertions": {
"NetAddress": "100.1.2.164",
"NullPassword": "FALSE",
"bindery login": "FALSE"
}
},
"Target": {
"Data": {
"ClassName": "User",
"Name": "CN=SRV1,O=mycom"
}
},
"Action": {
"Event": {
"Id": "0.0.11.0",
"Name": "AUTHENTICATE_SESSION",
"CorrelationID": "eDirectory#25#",
"SubEvent": "DSE_LOGIN"
},
"Time": {
"Offset": 1389847310
},
"Log": {
"Severity": 7
},
"Outcome": "0",
"ExtendedOutcome": "0"
}
}
Jan 08 10:20:26 eDirectory : INFO
{
"Source": "eDirectory#LDAP",
"Observer": {
"Account": {
"Domain": "MYTREE",
"Name": "CN=SRV1,O=mycom"
},
"Entity": {
"SysAddr": "100.1.2.164",
"SysName": "SLES11-SP2-164"
}
},
"Initiator": {
"Account": {
"Name": "cn=admin,o=mycom"
},
"Entity": {
"SysAddr": "164.99.136.142:42181"
},
"Assertions": {
"msgID": "54",
"netAddress": "164.99.136.142:50596",
"operationTime": "01/16/14 10:20:26"
}
},
"Target": {
"Data": {
"connection": "231405696"
}
},
"Action": {
"Event": {
"Id": "0.0.11.1",
"Name": "UNAUTHENTICATE_SESSION",
"CorrelationID": "eDirectory#4294967295#",
"SubEvent": "DSE_LDAP_UNBIND"
},
"Time": {
"Offset": 1389847826
},
"Log": {
"Severity": 7
},
"Outcome": "0",
"ExtendedOutcome": "0"
}
}
Create Access Token#
Create Access Token to generate an event when a resource access token is created by a service (or identity) provider to send to a service consumer, as shown in the following example:
Jan 08 10:18:34 eDirectory : INFO
{
"Source": "eDirectory#DS",
"Observer": {
"Account": {
"Domain": "MYTREE",
"Name": "CN=SRV1,O=mycom"
},
"Entity": {
"SysAddr": "100.1.2.164",
"SysName": "SLES11-SP2-164"
}
},
"Initiator": {
"Account": {
"Domain": "MYTREE"
},
"Entity": {
"SysAddr": "0.0.0.0:0"
}
},
"Target": {
"Data": {
"ClassName": "NCP Server",
"Name": "CN=SRV1,O=mycom"
}
},
"Action": {
"Event": {
"Id": "0.0.11.4",
"Name": "CREATE_ACCESS_TOKEN",
"CorrelationID": "eDirectory#0#",
"SubEvent": "DSE_ALLOW_LOGIN"
},
"Time": {
"Offset": 1389847714
},
"Log": {
"Severity": 7
},
"Outcome": "0",
"ExtendedOutcome": "0"
}
}
