Audit Log - success/failed authentications

Christopher Bongaarts cab at
Tue Jul 10 18:07:11 EDT 2018

On 7/10/2018 2:24 PM, Cantor, Scott wrote:
>> Can the audit log be configured to capture both successful and fail
>> authentications?
> It logs neither, auditing records the results of completing profile requests. Authentication is not represented formally there, only completed requests. If a profile request completing successfully implies something about authentication, current or otherwise, that's as close as it gets.

If you are using LDAP authentication, you can get ldaptive to at least 
log some of this to the idp-process.log (or elsewhere with sufficient 
logback wizardry).  Easiest way is to set the ldap loglevel variable at 
the top of logback.xml to INFO or higher:

     <variable name="idp.loglevel.ldap" value="INFO" />

You'll get more than just the success and failure, and the logs will 
reflect the LDAP DN rather than the entered username.

It's possible other authn methods have similar logging that could be 

%%  Christopher A. Bongaarts   %%  cab at          %%
%%  OIT - Identity Management  %%  %%
%%  University of Minnesota    %%  +1 (612) 625-1809    %%

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list