0
    
 
  
          
  
  
  
    
            Security Event Logging
The following grid contains the security event the system logs with release v8.1+.
| Event | Description | Value | Additional Payload | |
| authentication. account_reactivated_password_ok | During logon: account-status is expired, but password expired date is updated, retry count is reset | - | - | |
| authentication. authentication_id _loginhint_mismatch | During SSO: login-hint doesn't match the current logged in user => SSO failed | authentication-id | - | |
| authentication. authentication_id_session_mismatch | During SSO: session-pin cookie and authentication-cookie doesn't belong together => SSO failed | authentication-id | - | |
| authentication. authentication_issued_more_than _max_age | During SSO: authentication issued morethan the specific max-age => SSO failed | authentication-id | - | |
| authentication. authorized | HTTP Header: authentication: Passed | - | - | |
| authentication. bearer_ok | HTTP Header: authentication: Passed | - | iss, tid | |
| authentication. cookie_authentication_succeeded | During SSO: authentication using cookie passed | authentication-id | - | |
| authentication. expired_authentication_id | During SSO: Authentication cookie is expired | authentication-id | - | |
| authentication. expired_jwt_token | During logon: access-token is expired (JWT.payload.exp) or issued after current time (JWT.payload.iat) | - | - | |
| authentication. failed_due_to_account_not_active | Authentication failed since account is not active (anymore) | - | - | |
| authentication. guest_ok | Guest authentication and authorization passed | - | - | |
| authentication. invalid_jwt_aud | HTTP Header authentication: JWT aud-claim is not corrected; this should be the client-id or any configured valid aud-values | - | aud, iss, tid | |
| authentication. invalid_jwt_purpose | HTTP Header authentication: JWT.purpose is invalid; 'access_token' or 'access' expected | - | token_type, iss, tid | |
| authentication. jwt_token_from_nottrusted_iss | HTTP Header authentication: JWT signature cannot be verified (ISS not recognized or non matching public key) | - | iss, tid | |
| authentication. jwt_token_validation_failed | HTTP Header authentication: JWT signature check failed | - | iss, tid | |
| authentication. logged_out | User logged out | email/user-id | - | |
| authentication. non_jwt_bearer_token | HTTP Header authentication: Non JWT bearer token | - | - | |
| authentication. not_allowed_to_login _with_server_account | During logon: Server user tries to login via UI | - | - | |
| authentication. not_authenticated | During SSO: Authentication cookie not usable anymore | - | - | |
| authentication. ok | Logon: authentication: Passed | email/user-id | ||
| authentication. password_ok | During logon: password matches | - | - | |
| authentication. returned_from_logon | Authentication+Authorized done returning to original session | authentication-state (AUTHENTICATION, NOT_AUTHORIZED) | - | |
| authentication. unknown_authentication_id | During SSO: Authentication id referenced by cookie not found | - | - | |
| authentication. user_profile_generated | Generate user token: Passed | scope | token | |
| category. deactivate_non_latest | All packages of a specific category are deactivated; except the latest | category | package, category | |
| company.created | A company is created | company | - | |
| company.deleted | A company is deleted | company | - | |
| company.uploaded | A new company is uploaded | company | - | |
| error.account_expired | During logon: When account appears to be expired, set account-status to expired | email/user-id | - | |
| error.account_expired | During logon: Password is expired, set account status to expired | |||
| error. authentication_external_failed | Remote IDP authentication failed | error | authentication_status, error-description | |
| error.authentication_failed | During logon: wrong password is entered | - | - | |
| error.authentication_guest_failed | No authorization header passed and guest account is disabled or not authorized | - | - | |
| error. authentication_password_failed | During logon: Wrong password entered | - | ||
| error.invalid_session_type | Corrupted session | - | - | |
| error. missing_authentication_header | Missing HTTP authorization header | - | - | |
| error.not_authorized | Authentication passed, but authorization failed | - | - | |
| error.password_expired | During logon: Account is blocked when temporary password is expired, set account-status to blocked | - | - | |
| error.session_create_failed | Failed to create session, disk rights problem? | - | - | |
| error.session_expired | User accessed an expired session | - | - | |
| error.session_finished | User accessed an finished/closed session | - | - | |
| error.system_busy | Sesssion request is rejected since other requests of the same session are running longer than a timeout | - | - | |
| error.system_no_permission | Session pin and session-id doesn't belong to eachother | - | - | |
| error.unknown_authentication_state | Unknown authentication state while processing the session | - | - | |
| error. unsupported_authorization _header_type | HTTP authorization header type is not supported; only basic and bearer are supported | - | - | |
| external_accounts.created | External account (Server connection) is created | <username> for <url> | username, url, purpose, scope | |
| external_accounts.deleted | External account (Server connection) is deleted | <username> for <url> | username, url | |
| oauth.authentication_failed | Authentication via external IdP failed | access_provider/idp | error-code, error-description, access_provider/idp | |
| oauth.authentication_succeeded | Authentication via external IdP password | access_provider/idp | access_provider/idp | |
| package.activated | Package is activated | package | package, category | |
| package.deactivated | Package is deactivated | package | package | |
| package.installed | Package is installed | package | package, stamp | |
| package.uninstalled | Package is uninstalled | package | package | |
| package.updated | Package is updated | package | package, stamp | |
| runtime.bootstrap | Webserver is started | - | - | |
| session. authentication_refresh_failed | Refreshing the authentication-session failed, probably since the authentication is expired (no other session kept the authentication alive) | - | - | |
| session.authentication_refreshed | Authentication refreshed | - | - | |
| session.pin_created | Session cookie created | new-pin-id | - | |
| session_cloned | Session is cloned | - | - | |
| session_closed | Session is closed | - | - | |
| session_created | Session is created | - | current-session | |
| startcode.activated | A start code is activated | <startcode> of <package> | startcode, package | |
| startcode.attached | A start code is attached to package | <startcode> of <package> | startcode, package | |
| startcode.deactivated | A start code is deactivated | <startcode> of <package> | startcode, package | |
| startcode.detached | A start code is detached from package | <startcode> from <package> | startcode, package | |
| user.created | User is created | email/user-id | - | |
| user.deleted | User is deleted | email/user-id | - | |
| user.details_updated | User details are updated | email/user-id | <details> (no password) | |
| user.password_updated | Password updated: temporary, update, rehash | <reason>:<email/userid> | email/userid, reason | |
| user.reactivate_account | Expired user account is reactivated | email/user-id | - | |
| user.status_updated | Change account status | <email/userid>:<old-status>=><new-status> | email/userid, old-status, new-status | |
| user_role.created | Package/Category role is attached to user | <category>.<role> for <email/user-id> | created_by, category, role, email/user-id | |
| usergroup.created | User group is created | group | group | |
| usergroup.deleted | User group Is deleted | group | group | |
| usergroup.updated | User group details are updated | <old-name> => <new-name> | updated-name, description, pwd-policy, mfa-methods | |
| usergroup_admingroup.created | An admin group is added to an usergroup. Members of an admin group can manage the user group | <admin-group> added to <usergroup> | usergroup, admin-group | |
| usergroup_admingroup.deleted | An admin group is removed from an usergroup. Members of an admin group cannot manage the user group anymore | <admin-group> removed from <usergroup> | usergroup, admin-group | |
| usergroup_categories.created | A category is added to the usergroup portal-page | <category> added to <usergroup> | usergroup, category | |
| usergroup_categories.deleted | A category is removed from the usergroup portal-page | <category> removed from <usergroup> | usergroup, category | |
| usergroup_packages.created | A package is added to the usergroup portal-page | <package> added to <usergroup> | usergroup, package | |
| usergroup_packages.deleted | A package is removed from the usergroup portal-page | <package> removed from <usergroup> | usergroup, package | |
| usergroup_role.created | A role is added to the usergroup; members of this usergroup will now have this role when packages of this category are opened | <category>.<role> for <usergroup> | usergroup, category, role | |
| usergroup_role.deleted | A role is removed from the usergroup; members of this usergroup will NOT have this role when packages of this category are opened | <category>.<role> for <usergroup> | usergroup, category, role | |
| usergroup_terms_and_conditions. created | A new user-terms and condition item is created | <terms_and_conditions_guid> added to <usergroup> | terms_and_conditions_guid, usergorup | |
| usergroup_terms_and_conditions. deleted | A terms and condition item is removed | <terms_and_conditions_guid> removed from <usergroup> | terms_and_conditions_guid, usergorup | |
| usergroup_usergroupchilds. created | An child group is added to an usergroup. Members of this usergroup will also inherit the rights from the child-usergroup | <child-group> added to <usergroup> | usergroup, child-usergroup | |
| usergroup_usergroupchilds. deleted | An child group is removed from an usergroup. | <child-group> removed from <usergroup> | usergroup, child-usergroup | |
| usergroup_users. created | An user is added to an usergroup | <user> added to <usergroup> | usergroup, user | |
| usergroup_users. delete_user_from_all_groups | An user is removed from an usergroup | <user> removed from <usergroup> | usergroup, user | |
| usergroup_users. deleted | An user is removed from all usergroups | <user> | usergroup, user | |
| usergroup_workspace.created | A workspace is added to the usergroup portal-page | <workspace> added to <usergroup> | workspace, usergroup | |
| usergroup_workspace.deleted | A workspace is removed from the usergroup portal-page | <workspace> removed from <usergroup> | workspace, usergroup | |
| usergroup_workspace_role.created | A workspace role is added to the usergroup; members of this usergroup will now have this workspace-role when this workspace is opened | <workspace>.<role> for <usergroup> | workspace, usergroup, role | |
| usergroup_workspace_role.deleted | A workspace role is removed from the usergroup | <workspace>.<role> for <usergroup> | workspace, usergroup, role | |
| users_workspace. remove_user_from_all_packages | All user assigned packages on portal-page are removed from the user' portal page | user | user | |
| users_workspace. remove_user_from_all_workspaces | All user assigned workspace on portal-page are removed from the user' portal page | user | user | |
| workspace.created | A workspace is created | workspace | workspace | |
| workspace.deleted | A workspace is removed | workspace | workspace | |
| redirect.not_allowed | 
 | redirect URL | workspace | |
| outbound_webservice. url_not_allowed | Not approved URI used in outbound web service. Please add it to the allowed list if the URI is correct (see Outbound API Security) | Outbound URL | - | |
| outbound_webservice. passing_userprofile_not_allowed | For the outbound URL it is not allowed to pass the user profile. Please update configuration (see Outbound API Security) | Outbound URL | - | 
Reply
Content aside
- 1 yr agoLast active
- 35Views
- 
    1
    Following
    
