0
Security Event Logging
The following grid contains the security event the system logs with release v8.1+.
| Event | Description | Value | Additional Payload |
| authentication. account_reactivated_password_ok |
During logon: account-status is expired, but password expired date is updated, retry count is reset | - | - |
| authentication. authentication_id_loginhint_mismatch |
During SSO: login-hint doesn't match the current logged in user => SSO failed | authentication-id | - |
| authentication. authentication_id_session_mismatch |
During SSO: session-pin cookie and authentication-cookie doesn't belong together => SSO failed | authentication-id | - |
| authentication. authentication_issued_more_than_max_age |
During SSO: authentication issued morethan the specific max-age => SSO failed | authentication-id | - |
| authentication. authorized |
HTTP Header: authentication: Passed | - | - |
| authentication. bearer_ok |
HTTP Header: authentication: Passed | - | iss, tid |
| authentication. cookie_authentication_succeeded |
During SSO: authentication using cookie passed | authentication-id | - |
| authentication. expired_authentication_id |
During SSO: Authentication cookie is expired | authentication-id | - |
| authentication. expired_jwt_token |
During logon: access-token is expired (JWT.payload.exp) or issued after current time (JWT.payload.iat) | - | - |
| authentication. failed_due_to_account_not_active |
Authentication failed since account is not active (anymore) | - | - |
| authentication. guest_ok |
Guest authentication and authorization passed | - | - |
| authentication. invalid_jwt_aud |
HTTP Header authentication: JWT aud-claim is not corrected; this should be the client-id or any configured valid aud-values | - | aud, iss, tid |
| authentication. invalid_jwt_purpose |
HTTP Header authentication: JWT.purpose is invalid; 'access_token' or 'access' expected | - | token_type, iss, tid |
| authentication. jwt_token_from_nottrusted_iss |
HTTP Header authentication: JWT signature cannot be verified (ISS not recognized or non matching public key) | - | iss, tid |
| authentication. jwt_token_validation_failed |
HTTP Header authentication: JWT signature check failed | - | iss, tid |
| authentication. logged_out |
User logged out | email/user-id | - |
| authentication. non_jwt_bearer_token |
HTTP Header authentication: Non JWT bearer token | - | - |
| authentication. not_allowed_to_login_with_server_account |
During logon: Server user tries to login via UI | - | - |
| authentication. not_authenticated |
During SSO: Authentication cookie not usable anymore | - | - |
| authentication. ok |
Logon: authentication: Passed | email/user-id | |
| authentication. password_ok |
During logon: password matches | - | - |
| authentication. returned_from_logon |
Authentication+Authorized done returning to original session | authentication-state (AUTHENTICATION,NOT_AUTHORIZED) | - |
| authentication. unknown_authentication_id |
During SSO: Authentication id referenced by cookie not found | - | - |
| authentication. user_profile_generated |
Generate user token: Passed | scope | token |
| category. deactivate_non_latest |
All packages of a specific category are deactivated; except the latest | category | package, category |
| company.created | A company is created | company | - |
| company.deleted | A company is deleted | company | - |
| company.uploaded | A new company is uploaded | company | - |
| error.account_expired | During logon: When account appears to be expired, set account-status to expired | email/user-id | - |
| error.account_expired | During logon: Password is expired, set account status to expired | ||
| error.authentication_external_failed | Remote IDP authentication failed | error | authentication_status, error-description |
| error.authentication_failed | During logon: wrong password is entered | - | - |
| error.authentication_guest_failed | No authorization header passed and guest account is disabled or not authorized | - | - |
| error.authentication_password_failed | During logon: Wrong password entered | - | |
| error.invalid_session_type | Corrupted session | - | - |
| error.missing_authentication_header | Missing HTTP authorization header | - | - |
| error.not_authorized | Authentication passed, but authorization failed | - | - |
| error.password_expired | During logon: Account is blocked when temporary password is expired, set account-status to blocked | - | - |
| error.session_create_failed | Failed to create session, disk rights problem? | - | - |
| error.session_expired | User accessed an expired session | - | - |
| error.session_finished | User accessed an finished/closed session | - | - |
| error.system_busy | Sesssion request is rejected since other requests of the same session are running longer than a timeout | - | - |
| error.system_no_permission | Session pin and session-id doesn't belong to eachother | - | - |
| error.unknown_authentication_state | Unknown authentication state while processing the session | - | - |
| error.unsupported_authorization_header_type | HTTP authorization header type is not supported; only basic and bearer are supported | - | - |
| external_accounts.created | External account (Server connection) is created | <username> for <url> | username, url, purpose, scope |
| external_accounts.deleted | External account (Server connection) is deleted | <username> for <url> | username, url |
| oauth.authentication_failed | Authentication via external IdP failed | access_provider/idp | error-code, error-description, access_provider/idp |
| oauth.authentication_succeeded | Authentication via external IdP password | access_provider/idp | access_provider/idp |
| package.activated | Package is activated | package | package, category |
| package.deactivated | Package is deactivated | package | package |
| package.installed | Package is installed | package | package, stamp |
| package.uninstalled | Package is uninstalled | package | package |
| package.updated | Package is updated | package | package, stamp |
| runtime.bootstrap | Webserver is started | - | - |
| session.authentication_refresh_failed | Refreshing the authentication-session failed, probably since the authentication is expired (no other session kept the authentication alive) | - | - |
| session.authentication_refreshed | Authentication refreshed | - | - |
| session.pin_created | Session cookie created | new-pin-id | - |
| session_cloned | Session is cloned | - | - |
| session_closed | Session is closed | - | - |
| session_created | Session is created | - | current-session |
| startcode.activated | A start code is activated | <startcode> of <package> | startcode, package |
| startcode.attached | A start code is attached to package | <startcode> of <package> | startcode, package |
| startcode.deactivated | A start code is deactivated | <startcode> of <package> | startcode, package |
| startcode.detached | A start code is detached from package | <startcode> from <package> | startcode, package |
| user.created | User is created | email/user-id | - |
| user.deleted | User is deleted | email/user-id | - |
| user.details_updated | User details are updated | email/user-id | <details> (no password) |
| user.password_updated | Password updated: temporary, update, rehash | <reason>:<email/userid> | email/userid, reason |
| user.reactivate_account | Expired user account is reactivated | email/user-id | - |
| user.status_updated | Change account status | <email/userid>:<old-status>=><new-status> | email/userid, old-status, new-status |
| user_role.created | Package/Category role is attached to user | <category>.<role> for <email/user-id> | created_by, category, role, email/user-id |
| usergroup.created | User group is created | group | group |
| usergroup.deleted | User group Is deleted | group | group |
| usergroup.updated | User group details are updated | <old-name> => <new-name> | updated-name, description, pwd-policy, mfa-methods |
| usergroup_admingroup.created | An admin group is added to an usergroup. Members of an admin group can manage the user group | <admin-group> added to <usergroup> | usergroup, admin-group |
| usergroup_admingroup.deleted | An admin group is removed from an usergroup. Members of an admin group cannot manage the user group anymore | <admin-group> removed from <usergroup> | usergroup, admin-group |
| usergroup_categories.created | A category is added to the usergroup portal-page | <category> added to <usergroup> | usergroup, category |
| usergroup_categories.deleted | A category is removed from the usergroup portal-page | <category> removed from <usergroup> | usergroup, category |
| usergroup_packages.created | A package is added to the usergroup portal-page | <package> added to <usergroup> | usergroup, package |
| usergroup_packages.deleted | A package is removed from the usergroup portal-page | <package> removed from <usergroup> | usergroup, package |
| usergroup_role.created | A role is added to the usergroup; members of this usergroup will now have this role when packages of this category are opened | <category>.<role> for <usergroup> | usergroup, category, role |
| usergroup_role.deleted | A role is removed from the usergroup; members of this usergroup will NOT have this role when packages of this category are opened | <category>.<role> for <usergroup> | usergroup, category, role |
| usergroup_terms_and_conditions. created |
A new user-terms and condition item is created | <terms_and_conditions_guid> added to <usergroup> | terms_and_conditions_guid, usergorup |
| usergroup_terms_and_conditions. deleted |
A terms and condition item is removed | <terms_and_conditions_guid> removed from <usergroup> | terms_and_conditions_guid, usergorup |
| usergroup_usergroupchilds. created |
An child group is added to an usergroup. Members of this usergroup will also inherit the rights from the child-usergroup | <child-group> added to <usergroup> | usergroup, child-usergroup |
| usergroup_usergroupchilds. deleted |
An child group is removed from an usergroup. | <child-group> removed from <usergroup> | usergroup, child-usergroup |
| usergroup_users. created |
An user is added to an usergroup | <user> added to <usergroup> | usergroup, user |
| usergroup_users. delete_user_from_all_groups |
An user is removed from an usergroup | <user> removed from <usergroup> | usergroup, user |
| usergroup_users. deleted |
An user is removed from all usergroups | <user> | usergroup, user |
| usergroup_workspace.created | A workspace is added to the usergroup portal-page | <workspace> added to <usergroup> | workspace, usergroup |
| usergroup_workspace.deleted | A workspace is removed from the usergroup portal-page | <workspace> removed from <usergroup> | workspace, usergroup |
| usergroup_workspace_role.created | A workspace role is added to the usergroup; members of this usergroup will now have this workspace-role when this workspace is opened | <workspace>.<role> for <usergroup> | workspace, usergroup, role |
| usergroup_workspace_role.deleted | A workspace role is removed from the usergroup | <workspace>.<role> for <usergroup> | workspace, usergroup, role |
| users_workspace. remove_user_from_all_packages |
All user assigned packages on portal-page are removed from the user' portal page | user | user |
| users_workspace. remove_user_from_all_workspaces |
All user assigned workspace on portal-page are removed from the user' portal page | user | user |
| workspace.created | A workspace is created | workspace | workspace |
| workspace.deleted | A workspace is removed | workspace | workspace |
Like
Follow
Reply