Input to audit logging of authentication flows
cantor.2 at osu.edu
Wed Dec 7 17:04:52 UTC 2022
This is just a call for feedback on what people would be interested in seeing logged (or at least built-in so possible to log) in a new audit enhancement.
Phil came up with a clean way to add audit logging to the various login flows (a thing people constantly asked for that I couldn't see a way to do), so I'm finishing up that feature for 4.3 and just want to make sure we include any fields people might want.
Feedback is preferred in Jira at
rather than a big email thread, I just want to bring it to people's attention.
Not everything is that easy to get, but if it's reasonable, we can at least wire it in so people don't have to do extra work to get things added.
Right now each flow has its own audit format, but they're all roughly similar to each other and just differ in a few places (e.g. most flows log a username but X.509 flows log the cert subject/issuer).
Roughly, they all include:
Session ID if any
Login flow ID
Error event or Success
Password also logs the credential validator bean that was used.
The fields are extensible like in the normal audit layer but there are more limitations since there's only so much information available, but as I say if something else obvious is useful I can include it or at least make sure it's easy to enable.
More information about the users