0

Security Event Logging

  • updated 7 mths ago

The following grid contains the security event the system logs with release v8.1+.

Event Description Value Additional Payload
authentication.
account_reactivated_password_ok
During logon: account-status is expired, but password expired date is updated, retry count is reset - -
authentication.
authentication_id
_loginhint_mismatch
During SSO: login-hint doesn't match the current logged in user => SSO failed authentication-id -
authentication.
authentication_id_session_mismatch
During SSO: session-pin cookie and authentication-cookie doesn't belong together  => SSO failed authentication-id -
authentication.
authentication_issued_more_than
_max_age
During SSO: authentication issued morethan the specific max-age  => SSO failed authentication-id -
authentication.
authorized
HTTP Header: authentication: Passed - -
authentication.
bearer_ok
HTTP Header: authentication: Passed - iss, tid
authentication.
cookie_authentication_succeeded
During SSO: authentication using cookie passed authentication-id -
authentication.
expired_authentication_id
During SSO: Authentication cookie is expired authentication-id -
authentication.
expired_jwt_token
During logon: access-token is expired (JWT.payload.exp) or issued after current time (JWT.payload.iat) - -
authentication.
failed_due_to_account_not_active
Authentication failed since account is not active (anymore) - -
authentication.
guest_ok
Guest authentication and authorization passed - -
authentication.
invalid_jwt_aud
HTTP Header authentication: JWT aud-claim is not corrected; this should be the client-id or any configured valid aud-values - aud, iss, tid
authentication.
invalid_jwt_purpose
HTTP Header authentication: JWT.purpose is invalid; 'access_token' or 'access' expected - token_type, iss, tid
authentication.
jwt_token_from_nottrusted_iss
HTTP Header authentication: JWT signature cannot be verified (ISS not recognized or non matching public key) - iss, tid
authentication.
jwt_token_validation_failed
HTTP Header authentication: JWT signature check failed - iss, tid
authentication.
logged_out
User logged out email/user-id -
authentication.
non_jwt_bearer_token
HTTP Header authentication: Non JWT bearer token - -
authentication.
not_allowed_to_login
_with_server_account
During logon: Server user tries to login via UI - -
authentication.
not_authenticated
During SSO: Authentication cookie not usable anymore - -
authentication.
ok
Logon: authentication: Passed email/user-id  
authentication.
password_ok
During logon: password matches - -
authentication.
returned_from_logon
Authentication+Authorized done returning to original session authentication-state (AUTHENTICATION, NOT_AUTHORIZED) -
authentication.
unknown_authentication_id
During SSO: Authentication id referenced by cookie not found - -
authentication.
user_profile_generated
Generate user token: Passed scope token
category.
deactivate_non_latest
All packages of a specific category are deactivated; except the latest category package, category
company.created A company is created company -
company.deleted A company is deleted company -
company.uploaded A new company is uploaded company -
error.account_expired During logon: When account appears to be expired, set account-status to expired email/user-id -
error.account_expired During logon: Password is expired, set account status to expired    
error.
authentication_external_failed
Remote IDP authentication failed error authentication_status, error-description
error.authentication_failed During logon: wrong password is entered - -
error.authentication_guest_failed No authorization header passed and guest account is disabled or not authorized - -
error.
authentication_password_failed
During logon: Wrong password entered email -
error.invalid_session_type Corrupted session - -
error.
missing_authentication_header
Missing HTTP authorization header - -
error.not_authorized Authentication passed, but authorization failed - -
error.password_expired During logon: Account is blocked when temporary password is expired, set account-status to blocked - -
error.session_create_failed Failed to create session, disk rights problem? - -
error.session_expired User accessed an expired session - -
error.session_finished User accessed an finished/closed session - -
error.system_busy Sesssion request is rejected since other requests of the same session are running longer than a timeout - -
error.system_no_permission Session pin and session-id doesn't belong to eachother - -
error.unknown_authentication_state Unknown authentication state while processing the session - -
error.
unsupported_authorization
_header_type
HTTP authorization header type is not supported; only basic and bearer are supported - -
external_accounts.created External account (Server connection) is created <username> for <url> username, url, purpose, scope
external_accounts.deleted External account (Server connection) is deleted <username> for <url> username, url
oauth.authentication_failed Authentication via external IdP failed access_provider/idp error-code, error-description, access_provider/idp
oauth.authentication_succeeded Authentication via external IdP password access_provider/idp access_provider/idp
package.activated Package is activated package package, category
package.deactivated Package is deactivated package package
package.installed Package is installed package package, stamp
package.uninstalled Package is uninstalled package package
package.updated Package is updated package package, stamp
runtime.bootstrap Webserver is started - -
session.
authentication_refresh_failed
Refreshing the authentication-session failed, probably since the authentication is expired (no other session kept the authentication alive) - -
session.authentication_refreshed Authentication refreshed - -
session.pin_created Session cookie created new-pin-id -
session_cloned Session is cloned - -
session_closed Session is closed - -
session_created Session is created - current-session
startcode.activated A start code is activated <startcode> of <package> startcode, package
startcode.attached A start code is attached to package <startcode> of <package> startcode, package
startcode.deactivated A start code is deactivated <startcode> of <package> startcode, package
startcode.detached A start code is detached from package <startcode> from <package> startcode, package
user.created User is created email/user-id -
user.deleted User is deleted email/user-id -
user.details_updated User details are updated email/user-id <details> (no password)
user.password_updated Password updated: temporary, update, rehash <reason>:<email/userid> email/userid, reason
user.reactivate_account Expired user account is reactivated email/user-id -
user.status_updated Change account status <email/userid>:<old-status>=><new-status> email/userid, old-status, new-status
user_role.created Package/Category role is attached to user <category>.<role> for <email/user-id> created_by, category, role, email/user-id
usergroup.created User group is created group group
usergroup.deleted User group Is deleted group group
usergroup.updated User group details are updated <old-name> => <new-name> updated-name, description, pwd-policy, mfa-methods
usergroup_admingroup.created An admin group is added to an usergroup. Members of an admin group can manage the user group <admin-group> added to <usergroup> usergroup, admin-group
usergroup_admingroup.deleted An admin group is removed from an usergroup. Members of an admin group cannot manage the user group anymore <admin-group> removed from <usergroup> usergroup, admin-group
usergroup_categories.created A category is added to the usergroup portal-page <category> added to <usergroup> usergroup, category
usergroup_categories.deleted A category is removed from the usergroup portal-page <category> removed from <usergroup> usergroup, category
usergroup_packages.created A package is added to the usergroup portal-page <package> added to <usergroup> usergroup, package
usergroup_packages.deleted A package is removed from the usergroup portal-page <package> removed from <usergroup> usergroup, package
usergroup_role.created A role is added to the usergroup; members of this usergroup will now have this role when packages of this category are opened <category>.<role> for <usergroup> usergroup, category, role
usergroup_role.deleted A role is removed from the usergroup; members of this usergroup will NOT have this role when packages of this category are opened <category>.<role> for <usergroup> usergroup, category, role
usergroup_terms_and_conditions.
created
A new user-terms and condition item is created <terms_and_conditions_guid> added to <usergroup> terms_and_conditions_guid, usergorup
usergroup_terms_and_conditions.
deleted
A terms and condition item is removed <terms_and_conditions_guid> removed from <usergroup> terms_and_conditions_guid, usergorup
usergroup_usergroupchilds.
created
An child group is added to an usergroup. Members of this usergroup will also inherit the rights from the child-usergroup <child-group> added to <usergroup> usergroup, child-usergroup
usergroup_usergroupchilds.
deleted
An child group is removed from an usergroup.  <child-group> removed from <usergroup> usergroup, child-usergroup
usergroup_users.
created
An user is added to an usergroup <user> added to <usergroup> usergroup, user
usergroup_users.
delete_user_from_all_groups
An user is removed from an usergroup <user> removed from <usergroup> usergroup, user
usergroup_users.
deleted
An user is removed from all usergroups <user> usergroup, user
usergroup_workspace.created A workspace is added to the usergroup portal-page <workspace> added to <usergroup> workspace, usergroup
usergroup_workspace.deleted A workspace is removed from the usergroup portal-page <workspace> removed from <usergroup> workspace, usergroup
usergroup_workspace_role.created A workspace role is added to the usergroup; members of this usergroup will now have this workspace-role when this workspace is opened <workspace>.<role> for <usergroup> workspace, usergroup, role
usergroup_workspace_role.deleted A workspace role is removed from the usergroup <workspace>.<role> for <usergroup> workspace, usergroup, role
users_workspace.
remove_user_from_all_packages
All user assigned packages on portal-page are removed from the user' portal page user user
users_workspace.
remove_user_from_all_workspaces
All user assigned workspace on portal-page are removed from the user' portal page user user
workspace.created A workspace is created workspace workspace
workspace.deleted A workspace is removed workspace workspace
redirect.not_allowed

This event will be generated when a redirect URL is not whitelisted. Redirect URLs can be whitelisted via the configuration manager (see also Redirect Session)

redirect URL workspace
outbound_webservice.
url_not_allowed
Not approved URI used in outbound web service. Please add it to the allowed list if the URI is correct (see Outbound API Security) Outbound URL -
outbound_webservice.
passing_userprofile_not_allowed
For the outbound URL it is not allowed to pass the user profile. Please update configuration (see Outbound API Security) Outbound URL -
Reply Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
Like Follow
  • 10 mths agoLast active
  • 25Views
  • 1 Following

Home