8.6 Security Token Service Events You Can Audit

Security Token Service provides an independent audit configuration file, named component_events.xml, that defines specific event types and events to audit.

The following sections provide more details.

8.6.1 About Audit Record Content Common to All Events

Regardless of the event or event type that is audited, some of the audit record content is Common to All Events.

The following data is part of each audit record::

Date and time of event
IP address of the client initiating event
Client identity
Processing time for the event

8.6.2 Security Token Service Administrative Events You Can Audit

Security Token Service administrative events fall into several configuration management operations defined in component_events.xml.

Table 8-11 lists additional information.

Table 8-11 Security Token Service Configuration Management Operations

Security Token Service Configuration Operations	Description
Common Attributes	OldSettings: The string representing the previous settings before the change was applied. NewSettings: The string representing the new settings. TemplateID: The ID of the Validation or Issuance Template being created or updated or deleted. ProfileID: The ID of the Partner Profile being created or updated or deleted. PartnerID: The ID of the Partner being created or updated or deleted. SettingsID: The ID of the generic settings being created or updated or deleted.
Create Validation Template	Audit event recorded for the creation of a Validation Template referenced by CreateValidationTemplate. Attributes: TemplateID NewSettings
Update Validation Template	Audit event recorded for the update of a Validation Template referenced by UpdateValidationTemplate. Attributes: TemplateID OldSettings NewSettings
Delete Validation Template	Audit event recorded for the delete event of a Validation Template referenced by DeleteValidationTemplate. Attributes: TemplateID OldSettings
Create Issuance Template	Audit event recorded for the creation of an Issuance Template referenced by CreateIssuanceTemplate. Attributes: TemplateID NewSettings
Update Issuance Template	Audit event recorded for the update of an Issuance Template referenced by UpdateIssuanceTemplate. Attributes: TemplateID OldSettings NewSettings
Delete Issuance Template	Audit event recorded for the delete event of an Issuance Template referenced by DeleteIssuanceTemplate. Attributes: TemplateID OldSettings
Create Partner Profile	Audit event recorded for the creation of Partner Profile referenced by CreatePartnerProfile. Attributes: ProfileID NewSettings
Update Partner Profile	Audit event recorded for the update of a Partner Profile referenced by UpdatePartnerProfile. Attributes: ProfileID OldSettings NewSettings
Delete Partner Profile	Audit event recorded for the delete event of Partner Profile referenced by DeletePartnerProfile. Attributes: ProfileID OldSettings
Create Partner	Audit event recorded for the creation of Partner Profile referenced by CreatePartner. Attributes: PartnerID NewSettings
Update Partner	Audit event recorded for the update of a Partner Profile referenced by UpdatePartner. Attributes: PartnerID OldSettings NewSettings
Delete Partner	Audit event recorded for the delete event of Partner Profile referenced by DeletePartner. Attributes: PartnerID OldSettings
Generic Admin Creation	Audit event recorded for the generic create administrative operation referenced by GenericAdminCreation. Attributes: SettingsID NewSettings
Generic Admin Update	Audit event recorded for the update of a generic update administrative operation referenced by GenericAdminUpdate. Attributes: SettingsID OldSettings NewSettings
Generic Admin Removal	Audit event recorded for generic delete administrative operation referenced by GenericAdminDeletion. Attributes: SettingsID OldSettings

8.6.3 Security Token Service Run-time Events You Can Audit

Security Token Service-specific run-time events for token operations are defined in component_events.xml.

See details in Table 8-12.

Table 8-12 Security Token Service-specific Run-time Events

Token Operations	Description
Common Attributes	Requester: Who made the request by sending the RST RelyingParty: The one for whom the token is created UserID: End user identity TokenType: Either SAML11, SAML20, Username, X.509, Kerberos, OAM or Custom Token: The XML value of the token TokenContext: The Context data passed for token operations Message: The XML representation of the incoming or outgoing message
Incoming Message	Incoming RSTR message received by Security Token Service referenced by OutgoingMessage. Attributes populated for this event, if available: Requester RelyingParty Message
Outgoing Message	Outgoing RSTR message received by Security Token Service referenced by IncomingMessage. Attributes populated for this event, if available: Requester RelyingParty Message
Token Validation	Audit event for token validation in Security Token Service referenced by TokenValidation. The status attribute indicates whether or not the validation operation was successful. Attributes populated for this event, if available: Requester RelyingParty Token TokenType TokenContext Status
Token Generation	Audit event for token generation in Security Token Service referenced by TokenGeneration. Attributes populated for this event, if available: Requester RelyingParty Token TokenType TokenContext UserID
LDAP User Authentication	Audit event for local user authentication with the LDAP Directory referenced by LDAPUserAuthentication. Attributes populated for this event, if available: UserID Status
Generic Runtime Operation	Audit event for a generic operation performed by Security Token Service referenced by GenericRuntimeOperation Attributes populated for this event, if available: OperationType: type of operation OperationData: string representing context of the operation