Open dilinisg opened 6 years ago
fausto83
commented
3 years ago hi, i have this problem in wso2is 5.4.0. I have enabled audit logs from console and i can see login e logout, but i don't see login failed,example when i try to login with a incorrect username or username correct e wrong password. In this two cases i obtain this: Initiator : null | Action : Login .........
i want to obtain the username (Initiator: username) also in this 2 cases. How i can resolve this? Thanks
gdiamond
commented
3 years ago Not sure if anyone has looked into this problem or has any interest in doing this but I ran into the problem in my 5.4.1 production server. I found that the user was showing up in a domain they did not belong to. I have 2 secondary user stores. If the user logged in via OIDC they got in as domain1/username. If they logged in via SAML they failed. I then disable the user store for domain1. I could then log in via OIDC and SAML successfully and get in as domain2/username. Funny thing is, username does exist in domain1, never has.
I tracked this down by viewing _authzuser and _userdomain in the _idn_oauth2_authorizationcode table. Temporarily disabling the user store was a "what could it hurt?" option that fixed the problem. I'm hoping this is fixed in 5.10.0 so I don't have to track it to a root cause.
Steps:
Issue Initiator is null in the audit logs
[2018-02-20 13:09:07,087] INFO {AUDIT_LOG}- Initiator : null | Action : Login | Target : ApplicationAuthenticationFramework | Data : { "ContextIdentifier" : "d2eacc28-a6f7-4d9b-9837-9fe73eacf9a7","ServiceProviderName" : "travelocity.com","RequestType" : "samlsso","RelyingParty" : "travelocity.com","StepNo" : "0" } | Result : Failed