Skip Headers
Oracle® Fusion Middleware Administrator's Guide for Oracle Identity Federation
11g Release 1 (11.1.1)

Part Number E13400-04
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
View PDF

7 Diagnostics and Auditing

This chapter describes monitoring and logging features in Oracle Enterprise Manager Fusion Middleware Control for Oracle Identity Federation. It contains these sections:

Note:

Liberty 1.x support is deprecated.

7.1 Monitoring

This section describes how to monitor your Oracle Identity Federation server.

7.1.1 Oracle Identity Federation Home Page

This is the home page for your Oracle Identity Federation server instance.

Surrounding text describes oifhome2.gif.

This page summarizes statistics about the server instance. For details about the metrics shown here, see Section 7.1.2, "Performance Summary".

7.1.2 Performance Summary

Oracle Identity Federation provides a number of built-in metrics to enable application developers, system administrators, and others to measure application-specific performance information. Metrics for system, state, and phase events are available in these functional areas:

  • Protocol Profiles

  • Enterprise Data Tier Connectivity

  • Security Protocol Messages

  • Data Model (JVT DiscoveryProviders)

This section contains these topics:

7.1.2.1 About Sensor Weights

The DMS sensor weight is a setting on the managed server on which Oracle Identity Federation is running; the sensor weight determines which metrics you see:

  • all - all sensors are activated.

  • normal (or no weight value set) - all the sensors at the normal level are activated

  • heavy - all the sensors at the default level and at the heavy level are activated

  • None - none of the sensors is activated.

Given the cost of running expensive instrumentation, setting the sensor weight to conditionally activate only the necessary sensors lets you efficiently collect relevant metric data about the server.

Set the Sensor Weight

If you start Oracle WebLogic Server using the administration console, set the -Doracle.dms.sensors=level property in the servers/serverName/server start/arguments section of the server, where level is one of the sensor levels described above.

If you start Oracle WebLogic Server through a script, set the -Doracle.dms.sensors=level property in the domain_home/bin/startManagedWebLogic.sh script.

7.1.2.2 Event Metrics

This section contains these topics:

Note:

In the table, the Label and Description refers to the short label attached to the metric in Fusion Middleware Control, followed by a description of the metric.
7.1.2.2.1 Protocol Profiles

Table 7-1 shows the protocol profile metrics:

Table 7-1 Protocol Profile Events

Name Label, Description Weight

Requests

HTTP and SOAP Requests

Total number of requests received. This is the addition of the RequestsHTTP and RequestsSOAP request messages.

normal

RequestsHTTPRedirect

HTTP Requests using Redirect Binding

Total number of requests sent or received using HTTP Redirect binding.

normal

RequestsHTTPPOST

HTTP Requests using POST Binding

Total number of requests sent or received using HTTP-POST binding.

normal

RequestsHTTPPOSTSimpleSign

HTTP Requests using POST Simple Sign Binding

Total number of requests sent or received using HTTP-POST Simple Sign binding.

normal

RequestsSOAP

SOAP Requests

Total number of requests sent or received using the SOAP binding.

normal

WellFormedRequests

Received XML Requests successfully parsed

Total number of well-formed requests received, that is, those that resulted in no XML translation errors.

normal

BadlyFormedRequests

Received XML Requests with parsing failures

Total number of badly formed requests, that is, those that resulted in XML translation errors.

normal

SignedRequests

Requests signed

Total number of requests sent or received with message level signatures.

normal

EncryptedRequests

Requests encrypted

Total number of requests sent or received with message level encryption.

normal

SignedAndEncryptedRequests

Requests both signed and encrypted

Total number of requests sent or received with message level signatures and encryption.

normal

Responses

HTTP or SOAP Responses

Total number of responses sent or received. This is the sum of the ResponsesHTTP and ResponsesSOAP response messages.

normal

ResponsesHTTPRedirect

HTTP Responses using Redirect Binding

Total number of responses sent or received using HTTP Redirect binding.

normal

ResponsesHTTPPOST

HTTP Responses using POST Binding

Total number of responses sent or received using HTTP-POST binding.

normal

ResponsesHTTPPOSTSimpleSign

HTTP Responses using POST Simple Sign Binding

Total number of responses sent or received using HTTP-POST Simple Sign binding.

normal

ResponsesSOAP

SOAP Responses

Total number of responses sent or received using the SOAP binding.

normal

ErrorResponses

Error Responses

Total number of responses sent or received with error status

normal

SignedResponses

Responses Signed

Total number of responses sent or received with message level signatures

normal

EncryptedResponses

Responses Encrypted

Total number of responses sent or received with message level encryption

normal

SignedAndEncryptedResponses

Response both Signed and Encrypted

Total number of responses sent or received with message level signatures and encryption

normal

AttributeQueryRequests

AttributeQuery Requests

Total number of <AttributeQuery> requests sent by the SP or received by the IDP.

normal

AttributeQueryResponses

AttributeQuery Responses

Total number of <Response> responses sent by the IDP or received by the SP.

normal

AttributeQueryErrorResponses

AttributeQuery Error Responses

Total number of <Response> error responses sent by the IDP or received by the SP.

normal

AuthnRequestRequests

AuthnRequest Requests

Total number of <AuthnRequest| Request> requests sent by the SP or received by the IDP.

normal

AuthnRequestResponses

AuthnRequest Responses

Total number of <Response|AuthnResponse> responses sent by the IDP or received by the SP.

normal

AuthnRequestErrorResponses

AuthnRequest Error Responses

Total number of <Response| AuthnResponse > error responses sent by the IDP or received by the SP.

normal

SecurityTokenResponses

RequestSecurityToken Responses

Total number of <RequestSecurityTokenResponse > responses sent by the IDP or received by the SP.

normal

LogoutRequests

Logout Requests

Total number of <LogoutRequest| SignOut> requests sent or received.

normal

LogoutResponses

Logout Responses

Number of LogoutResponse messages sent or received.

normal

LogoutErrorResponses

Logout Error Responses

Number of LogoutResponse messages with error status sent or received.

normal

NameIDManagementRequests

ManageNameIDRequests

Total number of <ManageNameIDRequest|RegisterNameIdentifier|FederationTerminationNotification> requests sent or received.

normal

NameIDManagementResponses

ManageNameIDResponses

Total number of <ManageNameIDResponse> or RegisterNameIdentifier responses sent or received.

normal

NameIDManagementErrorResponses

ManageNameID Error Responses

Total number of <ManageNameIDRequest|RegisterNameIdentifier|FederationTerminationNotification> error responses sent or received.

normal

ArtifactResolutionRequests

ArtifactResolve Requests

Total number of <ArtifactResolve|Request> requests sent by the SP or received by the IDP.

normal

ArtifactResolutionResponses

ArtifactResolve Responses

Total number of <ArtifactResponse|Response> responses sent by the IDP or received by the SP.

normal

ArtifactResolutionErrorResponses

ArtifactResolve Error Responses

Total number of <ArtifactResponse|Response> error responses sent by the IDP or received by the SP.

normal

NameIdentifierFormat_Persistent

NameIDs of Persistent format processed

Total usage of Persistent Name Identifier in messages processed at the SP or IDP.

normal

NameIdentifierFormat_Transient

NameIDs of Transient format processed

Total usage of Transient Name Identifier in messages processed at the SP or IDP.

normal

NameIdentifierFormat_Unspecified

NameIDs of Unspecified format processed

Total usage of Unspecified Name Identifier in messages processed at the SP or IDP.

normal

NameIdentifierFormat_EmailAddress

NameIDs of EmailAddress format processed

Total usage of Email Address Name Identifier in messages processed at the SP or IDP.

normal

NameIdentifierFormat_X509DN

NameIDs of X509SubjectName format processed

Total usage of X.509 Subject Name Identifier in messages processed at the SP or IDP.

normal

NameIdentifierFormat_Windows

NameIDs of WindowsDomainQualifiedName format processed

Total usage of Windows Domain Qualified Name Identifier in messages processed at the SP or IDP.

normal

NameIdentifierFormat_Kerberos

NameIDs of Kerberos format processed

Total usage of Kerberos Principal Name Identifier in messages processed at the SP or IDP.

normal

RequestProcessed

ApplicationController Requests

Total number of requests processed by ApplicationController.

normal


7.1.2.2.2 Security Processing

Table 7-2 shows the protocol profile metrics:

Note:

In the table, the Label and Description refers to the short label attached to the metric in Fusion Middleware Control, followed by a description of the metric.

Table 7-2 Security Processing Events

Name Label, Description Weight

XMLSignatures_Signed

XML Signatures Generated

Total number of XML signatures generated.

normal

XMLSignatures_Verified

XML Signatures Verification Successes

Total number of XML signatures verified successfully.

normal

XMLSignatures_VerifyFailed

XML Signatures Verification Failures

Total number of XML signature verification failures.

normal

XMLEncryption_Encryptions

XML Encryptions Generated

Total number of XML encryptions generated.

normal

XMLEncryption _Decryptions

XML Decryption Successes

Total number of successful XML decryptions.

normal

XMLEncryption _DecryptionFailures

XML Decryption Failures

Total number of XML decryption failures.

normal


7.1.2.3 State Events

The following metric is collected for enterprise data-tier connectivity:

  • Server_OpenSessions - The Fusion Middleware Control label for this metric is "Open Server Connections". It represents the total number of open connections with LDAP or RDBMS server.

    The sensor weight is "all".

7.1.2.4 Phase Events

This section contains these topics:

7.1.2.4.1 Data Model

Table 7-3 shows the JVTDiscoveryProviders metrics by phase event sensors:

Note:

In the table, the Label and Description refers to the short label attached to the metric in Fusion Middleware Control, followed by a description of the metric.

Table 7-3 JVTDiscoveryProvider Events

Name Label and Description Weight

ArtifactCreation

SAML Artifact Creation Time (ms)

Time taken to create the artifact by Artifact DiscoveryProvider.

heavy

LocateArtifact

SAML Artifact Retrieval Time (ms)

Time taken to locate the artifact by Artifact DiscoveryProvider.

heavy

LocateConfiguration

Server Configuration Retrieval Time (ms)

Time taken to locate protocol/server configuration by Configuration DiscoveryProvider.

heavy

LocateMetadata

Provider Metadata Retrieval Time (ms)

Time taken to locate the metadata by Metadata Discovery Provider.

heavy

ProfileStateCreation

ProfileState Object Creation Time (ms)

Time taken to create profile state by ProfileState DiscoveryProvider.

heavy

LocateProfileState

ProfileState Object Retrieval Time (ms)

Time taken to locate profile state by ProfileState DiscoveryProvider.

heavy

SessionCreation

User Session Retrieval or Creation Time (ms)

Time taken to create or locate the user session by Session DiscoveryProvider.

heavy

LocateUser

User Object Retrieval Time (ms)

Time taken to locate the user by User DiscoveryProvider.

heavy

LocateSession

Session Object Retrieval Time (ms)

Time taken to locate the session.

heavy

CreateActiveServiceProviderFederation

Active SP Federation Creation Time (ms)

Time taken to create the active service provider federation.

heavy

LocateActiveServiceProviderFederation

Active SP Federation Retrieval Time (ms)

Time taken to locate the active service provider federation.

heavy

CreateActiveIdentityProviderFederation

Active IdP Federation Creation Time (ms)

Time taken to create the active Identity Provider federation.

heavy

LocateActiveIdentityProviderFederation

Active IdP Federation Retrieval Time (ms)

Time taken to locate the active Identity Provider federation.

heavy

LocateProviderFederation

Provider Federation Retrieval Time (ms)

Time taken to locate the Provider federation.

heavy

LocateTemporaryProviderFederation

Temporary Provider Federation Retrieval Time (ms)

Time taken to locate the active Temporary Provider federation

heavy

CreateAffiliationProviderFederation

Affiliation Federation Creation Time (ms)

Time taken to create the Affiliation Provider federation.

heavy

LocateAffiliationFederation

Affiliation Federation Retrieval Time (ms)

Time taken to locate the Affiliation federation

heavy

CreateServiceProviderFederation

SP Federation Creation Time (ms)

Time taken to create the service provider federation

heavy

CreateIdentityProviderFederation

IdP Federation Creation Time (ms)

Time taken to create the Identity Provider federation.

heavy

DeleteSession

Session Deletion Time (ms)

Time taken to delete the session.

heavy

CreateBinaryLargeObject

Database BLOB Creation Time (ms)

Time taken to create the Blob.

heavy

LocateBinaryLargeObject

Database BLOB Retrieval Time (ms)

Time taken to locate the Blob.

heavy

SessionPersistence

Time to Persist Session Data (ms)

Time taken to persist the session.

heavy

DeleteArtifact

SAML Artifact Deletion Time (ms)

Time taken to delete the artifact

heavy

DeleteProfileState

ProfileState Data Deletion Time (ms)

Time taken to delete the Profile State.

heavy

DeleteActiveIdPFederation

Active IdP Federation Deletion Time (ms)

Time taken to delete the active IdP federation.

heavy

DeleteActiveSPFederation

Active SP Federation Deletion Time (ms)

Time taken to delete the active SP federation.

heavy

DeleteProviderFederation

Provider Federation Deletion Time (ms)

Time taken to delete the provider federation.

heavy

ProviderFederationPersistence

Time to Persist a Provider Federation(ms)

Time taken to persist the provider federation.

heavy


7.1.2.4.2 Protocol Profiles

Table 7-4 shows the protocol profile metrics collected by phase event sensors for requests and responses:

Note:

In the table, the Label and Description refers to the short label attached to the metric in Fusion Middleware Control, followed by a description of the metric.

Table 7-4 Protocol Profile Events

Name Label and Description Weight

LocalAuthn

Local User Authentication Time (ms)

Time taken by the user to get authenticated locally at IdP/SP.

normal

AuthnRequestProcessing

AuthnRequest Processing time at the IdP (ms)

Time taken to process AuthnRequest at IdP.

heavy

AuthnResponseProcessing

AuthnResponse Processing Time at SP (ms)

Time taken to process AuthnResponse at SP.

normal

ArtifactProcessing

SAML Artifact Processing Time (ms)

Time taken to process Artifact.

heavy

Logout

Global Logout Time (ms)

Time taken for global logout.

heavy

RequestProcessing

Incoming Request Processing Time (ms)

Time taken by ApplicationController to process request.

normal

EventProcessing

Event Processing Time (ms)

Time taken by ActionStateMachine to process event.

heavy


7.1.2.4.3 Security Processing

Table 7-5 shows the metrics collected during security processing by phase event sensors:

Note:

In the table, the Label and Description refers to the short label attached to the metric in Fusion Middleware Control, followed by a description of the metric.

Table 7-5 Security Processing for Phase Events

Name Label and Description Weight

XMLSigner

XML Message Signing Time (ms)

Time taken by XMLSigner to sign message.

heavy

XMLSignatureVerifier

XML Message Signature Verification Time (ms)

Time taken by XMLSignatureVerifier to verify the message signature.

heavy

QueryStringSigner

URL Query String Signing Time (ms)

Time taken to sign the Query string.

heavy

QueryStringSignatureVerifier

URL Query String Signature Verification Time (ms)

Time taken to verify the signature for Query string.

heavy

XMLEncryptionService

XML Message Encryption Time (ms)

Time taken to encrypt the message.

heavy

XMLDecryptionService

XML Message Decryption Time (ms)

Time taken to decrypt the message.

heavy

SerializeMessage

XML Message Marshalling Time (ms)

Time taken by LibertyProtocolMarshaller to serialize the message.

heavy

DeSerializeMessage

XML Message Unmarshalling Time (ms)

Time taken by the LibertyProtocolMarshaller to deserialize the message.

heavy


7.2 Availability

Oracle Identity Federation is a Java component whose availability is tracked through Fusion Middleware Control.

For details, see Getting Started Using Oracle Enterprise Manager Fusion Middleware Control in the Oracle Fusion Middleware Administrator's Guide.

7.3 Logging

This section describes logging for Oracle Identity Federation:

For more information about logging in Oracle Fusion Middleware, see Managing Log Files and Diagnostic Data in the Oracle Fusion Middleware Administrator's Guide.

7.3.1 About Oracle Identity Federation Logging

This section provides a basic overview of logging for Oracle Identity Federation. Topics include:

7.3.1.1 Types of Logs

Oracle Identity Federation provides two types of logs:

  • Persistent Logs - These logs persist across component restarts.

  • Runtime Logs - These logs are created automatically by the server at runtime and become active when a specific feature is activated.

The persistent log files include:

  • servername-diagnostic.log - Contains general application log messages, debug messages, and error messages. This log is also referred to as the federation log.

  • Other log files that may contain logging messages pertaining to Oracle Identity Federation are servername.log and servername.out.

7.3.1.2 Log Levels

Table 7-6 shows the log levels of Oracle Identity Federation log messages:

Table 7-6 Oracle Identity Federation Log levels

Log Level description

INTERNAL ERROR

Events that represent unrecoverable errors.

ERROR

Events that represent recoverable and unrecoverable errors.

WARNING

Events that represent failures in processing external and implicit Oracle Identity Federation server actions.

NOTIFICATION

High Level Oracle Identity Federation operational events describing a flow.

TRACE

Events with detailed processing flows and state information.


7.3.1.3 Message IDs

Oracle Identity Federation log messages fall into these categories:

Table 7-7 Oracle Identity Federation Message Categories

Message ID Range Message Category

FED-10000 to FED-10099

Compliance

FED-10100 to FED-10999

Configuration

FED-11000 to FED-11699

Data

FED-11700 to FED-11999

Network

FED-12000 to FED-12999

Other

FED-13000 to FED-14999

Programmatic

FED-15000 to FED-17999

Requests and Responses

FED-18000 to FED-19999

Security

FED-20000 to FED-20099

Threads


7.3.1.4 Tools for Log Configuration

Oracle Identity Federation provides two tools for log configuration and management:

  • Fusion Middleware Control for GUI-based configuration

  • wlst for command-line configuration

7.3.2 Viewing Oracle Identity Federation Log Messages

Log in to Fusion Middleware Control and navigate to Oracle Identity Federation instance. In the Oracle Identity Federation drop down menu, select Logs, then View Log Messages.

7.3.2.1 Select Messages to View

Take these steps to select messages to view:

  1. From the Oracle Identity Federation menu, select Logs, then View Log Messages. The Log Messages page appears.

  2. Select the date range for the logs you want to view. You can select most recent, by minutes, hours or days. Alternatively, you can select a time interval and specify the date and time to start and end.

  3. Select the message types you want to view.

  4. Specify any additional conditions (such as display only messages that contain some string).

  5. To perform a specific search, choose Add Fields and add fields on which to search. For each field, select a criterion from the list, then enter text into the box. Choose the red X to delete a field. Choose Add Fields to add additional fields. When you have finished adding criteria, click Search.

7.3.2.2 Specify View Options

In addition to specifying messages to view, several other viewing options are available:

  • Use the Broaden Target Scope list to view messages for the domain.

  • Choose Export Messages to File to export the log messages to a file as XML, text, or comma-separated list.

  • Click Target Log Files to view information about individual log files.

  • You can indicate when to refresh the view. Select Manual Refresh, 30-Second Refresh, or One Minute Refresh from the list on the upper right.

  • Use the View list to change the columns listed or to reorder columns.

  • Use the Show list to change the grouping of messages.

  • Collapse the Search label to view only the list of log messages.

  • To view the contents of a log file, double-click the file name in the Log File column. The View Log File: filename page is displayed. You can use the up and down arrows in the Time, Message Type, and Message ID columns to reorder the records in the file.

7.3.3 Configuring Oracle Identity Federation Logs

Use these pages to view and configure Oracle Identity Federation server logs.

Take these steps to navigate to the log configuration page:

  1. Log in to Fusion Middleware Control and navigate to the Oracle Identity Federation instance.

  2. In the Oracle Identity Federation drop-down menu, select Logs, then Log Configuration.

Topics include:

7.3.3.1 Configure Oracle Identity Federation Log Levels

Use this page to:

  • view and update logging levels for Oracle Identity Federation loggers.

  • create a new persistent logger.

Each logger logs messages for a specific server function; for example, the EJB deployment logger logs messages for an EJB module.

View or Update Logger Level

Use the View drop-down to select the logger.

Fields include:

  • Logger Name - This is the name of the logger.

  • Oracle Diagnostic Logging Level - This is the logging level. Use the level drop-down to change the log level.

  • Log File - This is the name of the log file. Click on a log file name to view and update the properties of the log file.

Specify a Logger

This portion of the page appears when you select "Loggers with Persistent Log Level" in the View drop-down.

Supply the following information to create a persistent logger:

  • Name - Enter a name for the new logger.

  • Oracle Diagnostic Logging Level - This is the logging level. Use the level drop-down to select a log level.

Buttons on the page perform the following functions:

  • Apply - Save the logger configuration updates or generate the new logger information.

  • Revert - Discard the configuration updates.

7.3.3.2 Configure Oracle Identity Federation Log Files

For information on configuring log files, see Configuring Settings for Log Files in the Oracle Fusion Middleware Administrator's Guide.

7.3.4 Common Log Messages

This section explains some common messages you may encounter in the Oracle Identity Federation logs.

7.3.4.1 thread interrupt Messages

You may see a message like the following in the managed server log file:

oracle.security.fed.jvt.discovery.model.session.RDBMSSessionDiscoveryProvider
run
WARNING: InterruptedException: thread interrupt occurred during sleep()
java.lang.InterruptedException: sleep interrupted

These messages are only notifications indicating that the RDBMS sleeping threads have been killed as a result of a configuration reload; new threads were created to replace these threads. No action is required.

7.4 Auditing

Oracle Identity Federation uses the Fusion Middleware Audit Framework for auditing.

This section explains what events are audited, and how to configure auditing for Oracle Identity Federation. It contains these sections:

See Also:

Configuring and Managing Auditing in the Oracle Fusion Middleware Application Security Guide for details about audit configuration.

7.4.1 About Auditing in Oracle Identity Federation

This section lists the events that you can audit in different categories, and explains audit levels.

7.4.1.1 Categories of Audit Events

There are four categories of audit events for Oracle Identity Federation:

  • User Session Management

  • Protocol Flow

  • Server Configuration

  • Security

The events for each category are described in these subsections.

7.4.1.1.1 User Session Management Events

Session management events and the attributes of each event are as follows:

  • CreateUserSession – Creation of a user session after a successful login

    • SessionID

    • AuthenticationMechanism

    • UserID

  • DeleteUserSession – Deletion of a user session after logout

    • SessionID

    • AuthenticationMechanism

    • UserID

  • CreateUserFederation – Creation of a user federation between two remote servers

    • FederationID

    • FederationType (SP/IdP/Affiliation)

    • UserID

    • RemoteProviderID

    • ProtocolVersion

    • NameIDFormat

    • NameIDQualifier

    • NameIDValue

  • UpdateUserFederation - Updating the user federation between two remote servers

    • FederationID

    • FederationType (SP/IdP)

    • UserID

    • RemoteProviderID

    • ProtocolVersion

    • NameIDFormat

    • NameIDQualifier

    • NameIDValue

    • OldNameIDQualifier

    • OldNameIDValue

  • DeleteUserFederation – Deletion of a user federation between two remote servers

    • FederationID

    • FederationType (SP/IdP)

    • UserID

    • RemoteProviderID

    • ProtocolVersion

    • NameIDFormat

    • NameIDQualifier

    • NameIDValue

  • CreateActiveUserFederation – Creation of an active federation after successful login

    • FederationID

    • FederationType (SP/IdP)

    • SessionID

    • UserID

    • RemoteProviderID

    • ProtocolVersion

  • DeleteActiveUserFederation - Deletion of an active federation after logout

    • FederationID

    • FederationType (SP/IdP)

    • SessionID

    • UserID

    • RemoteProviderID

    • ProtocolVersion

  • LocalAuthentication – Authentication of a user at OIF

    • AuthenticationMechanism

    • AuthenticationEngineID

    • RemoteIP

    • SessionID

    • UserID

  • LocalLogout - Logout of a user at Oracle Identity Federation

    • RemoteIP

    • SessionID

    • UserID

7.4.1.1.2 Protocol Flow Events

Protocol flow events and their attributes are as follows:

  • IncomingMessage – Message being received by Oracle Identity Federation

    • RemoteIP

    • Binding (for example, SOAP/GET/POST/Artifact/…)

    • ProtocolVersion (for example, SAML2/Libv11/…)

    • RemoteProviderID

    • Role (for example, Service Provider/Identity Provider/Attribute Authority/…)

    • IncomingMessageString (CLOB)

    • MessageType (for example, SSOLoginRequest/SSOLoginResponse/SSOLogoutRequest/…)

  • OutgoingMessage - Message being sent by Oracle Identity Federation (Success only)

    • RemoteIP

    • Binding (for example, SOAP/GET/POST/Artifact/…)

    • ProtocolVersion (for example, SAML2/Libv11/…)

    • RemoteProviderID

    • Role (for example, Service Provider/Identity Provider/Attribute Authority/…)

    • OutgoingMessageString (CLOB)

    • MessageType (for example, SSOLoginRequest/SSOLoginResponse/SSOLogoutRequest/…)

  • AssertionCreation – Creation of an assertion by Oracle Identity Federation (Success only)

    • RemoteIP

    • ProtocolVersion (for example, SAML2/Libv11/…)

    • AssertionVersion (for example, 2.0)

    • IssueInstant

    • Issuer

    • NameIDQualifier

    • NameIDValue

    • NameIDFormat

    • AssertionID

    • UserID

    • SessionID

    • FederationID

    • RemoteProviderID

  • AssertionConsumption - Consumption of an assertion by Oracle Identity Federation (Success only)

    • ProtocolVersion (for example, SAML2/Libv11/…)

    • AssertionVersion (for example, 2.0)

    • IssueInstant

    • Issuer

    • NameIDQualifier

    • NameIDValue

    • NameIDFormat

    • AssertionID

    • UserID

    • SessionID

    • FederationID

    • RemoteProviderID

7.4.1.1.3 Server Configuration Events

Server configuration events and their attributes are as follows:

  • CreateConfigProperty – Adding a new configuration property(Success only)

    • PropertyName

    • PropertyType (for example, PropertiesList, PropertiesMap, String, Boolean…)

    • Value

    • PeerProviderID

    • Hierarchy

  • ChangeConfigProperty - Changing the value of an existing configuration property(Success only)

    • PropertyName

    • PropertyType (for example, PropertiesList, PropertiesMap, String, Boolean…)

    • OldValue

    • NewValue

    • PeerProviderID

    • Hierarchy

  • DeleteConfigProperty - Deleting a configuration property (Success only)

    • PropertyName

    • PropertyType (for example, PropertiesList, PropertiesMap, String, Boolean…)

    • OldValue

    • PeerProviderID

    • Hierarchy

  • CreatePeerProvider – Adding a new provider to the list of trusted providers (Success only)

    • PeerProviderID

    • ProviderType (for example, sp, idp, sp idp,…)

    • ProtocolVersion

    • Description

  • UpdatePeerProvider - Updating the information on an existing provider in the list of trusted providers (Success only)PeerProviderID

    • PeerProviderID

    • ProviderType (for example, sp, idp, sp idp,…)

    • ProtocolVersion

    • Description

  • DeletePeerProvider - Deleting a provider from the list of trusted providers (Success only

    • PeerProviderID

    • ProviderType (for example, sp, idp, sp idp,…)

    • ProtocolVersion

    • Description

  • LoadMetadata – Loading of metadata (Success only)

    • Metadata

    • Description

  • SetDataStoreType – Changing the type of a data store (Success only)

    • DataStoreName

    • OldValue

    • NewDataStoreType

  • ChangeDataStore – Setting of the federation data store (Success only)

    • DataStoreBefore

    • DataStoreAfter

  • ChangeFederation – Changing of the trusted providers (Success only)

    • COTBefore

    • COTAfter

  • ChangeServerProperty – Changing of a server configuration property (Success only)

    • ServerConfigBefore

    • ServerConfigAfter

7.4.1.1.4 Security Events

Security events and their attributes are as follows:

  • CreateSignature – Creation of a digital signature by Oracle Identity Federation

    • Type (XML, String)

  • VerifySignature – Verification of a digital signature by Oracle Identity Federation

    • Type (XML, String)

  • EncryptData – Encryption of data by Oracle Identity Federation

    • Type (XML, String)

  • DecryptData – Decryption of data by Oracle Identity Federation

    • Type (XML, String)

7.4.1.1.5 Attributes Shared by All Events

In addition there are attributes shared for all events:

  • timestamp - the timestamp of when the audit event occurred

  • initiator - the initiator of the audit event (for some events this attribute may be empty)

  • ECID - the execution context ID

7.4.1.2 Audit Levels

Fusion Middleware Audit Framework supports the following audit levels:

  • None

  • Low

  • Medium

  • Custom

The following audit events get audited at the Low and Medium audit levels:

Note:

FAILURESONLY denotes that the event will only get audited in case of failure.

Events Audited at Low level

  • ServerConfiguration

    • CreateConfigProperty

    • ChangeConfigProperty

    • DeleteConfigProperty

    • CreatePeerProvider

    • UpdatePeerProvider

    • DeletePeerProvider

    • LoadMetadata

    • SetDataStoreType

    • ChangeDataStore

    • ChangeCOT

    • ChangeServerProperty

Events Audited at Medium level

  • ServerConfiguration

    • CreateConfigProperty

    • ChangeConfigProperty

    • DeleteConfigProperty

    • CreatePeerProvider

    • UpdatePeerProvider

    • DeletePeerProvider

    • LoadMetadata

    • SetDataStoreType

    • ChangeDataStore

    • ChangeCOT

    • ChangeServerProperty

  • UserSession.FAILUREONLY

    • CreateUserSession.FAILUREONLY

    • DeleteUserSession.FAILUREONLY

    • CreateUserFederation.FAILUREONLY

    • UpdateUserFederation.FAILUREONLY

    • DeleteUserFederation.FAILUREONLY

    • CreateActiveUserFederation.FAILUREONLY

    • DeleteActiveUserFederation.FAILUREONLY

    • LocalAuthentication.FAILUREONLY

    • LocalLogout.FAILUREONLY

  • ProtocolFlow.FAILUREONLY

    • IncomingMessage.FAILUREONLY

    • OutgoingMessage.FAILUREONLY

    • AssertionCreation.FAILUREONLY

    • AssertionConsumption.FAILUREONLY

  • Security.FAILUREONLY

    • CreateSignature.FAILUREONLY

    • VerifySignature.FAILUREONLY

    • EncryptData.FAILUREONLY

    • DecryptData.FAILUREONLY

Events Audited at Custom Level

The Custom audit level allows you to select only the events you wish to audit.

See Also:

Configuring and Managing Auditing in the Oracle Fusion Middleware Application Security Guide.

7.4.2 Configuring Auditing for Oracle Identity Federation

You can use Oracle Enterprise Manager Fusion Middleware Control or WLST command-line interface to configure auditing.

Take these steps to get started with configuring auditing with Fusion Middleware Control:

  1. Log in to Fusion Middleware Control and navigate to the Identity Management domain.

  2. In the Weblogic Domain drop down menu, select Security, then Audit Policy.

  3. Select the Oracle Identity Federation component.

  4. In the Audit Level menu, select the desired audit level.

    You can view the audit policies that will be enforced in different categories by expanding the + check-box for the component.

    Note:

    If selected level is Custom, refer to Section 7.4.2.1, "Configuring Auditing at the Custom Level".
  5. Optionally, in the Users text box, you can add users who will always be audited for all events, regardless of audit level.

  6. Click Apply.

7.4.2.1 Configuring Auditing at the Custom Level

Take these steps if you are configuring audit policies and wish to use the Custom audit level:

  1. In the Audit Level menu, select Custom as the audit level.

  2. Select the events to audit in the table of events:

    • Click the + sign next to the component name to get the list of audit event categories.

    • Click the + sign next to the category name to get the list of events.

    • Click the + sign next to the event name to get Success/Failure audit options.

  3. Check the Enable Audit box next to the events or categories desired to audit. (for example, checking the box next to Security will audit all security events. Checking the box next to CreateUserSession Failure event will audit all CreateUserSession failure events.

  4. Optionally, you can add filters for fine-grained auditing.

    Click the pencil icon to the right of the event or category name. Add the desired filter conditions.

  5. Click OK when finished.

See Also:

Configuring and Managing Auditing in the Oracle Fusion Middleware Application Security Guide for details about audit policy configuration.

7.4.3 Viewing Audit Data

Your audit data may reside in files (also known as bus-stop files), or it may reside in a database audit store.

If the audit data resides in a bus-stop file, you can query the file directly at this location:

<domain_home>/servers/<server_name>/logs/auditlogs/OIF/audit.log

If the audit data resides in a database, you can use a tool like Oracle Business Intelligence Publisher to view audit reports.

See Also:

Using Audit Analysis and Reporting in the Oracle Fusion Middleware Application Security Guide.