search

Altinn / altinn-auth-audit-log

Audit log for authentication and authorisation activities
MIT License
0 stars 1 forks source link

Client Ipaddress not received from app #62

Closed acn-dgopa closed 6 months ago

acn-dgopa commented 8 months ago

Description of the bug

When app sends authorization request, it is actually sent by the PEP package to the platform authorization api. The PEP package does not include the x-forwarded-for header in the api request sent to the platform authorization api. Therefore the iaddress received in the authorization component is the ipaddress of the app cluster. But we need the ipaddress of the app client. To acheive this,

Steps To Reproduce

  1. Instantiate/open an existing instance
  2. edit a field
  3. Go to the auditlog database and query authz.eventlog
  4. Ipaddress of the app cluster is logged in the ipaddress column

Expected : Ipaddress of the app client is logged in the ipaddress column

Additional Information

No response

acn-dgopa commented 6 months ago

The required changes are done in app and other packages. However, the changes will reflect once app updates its pep package reference