The Identity Federation service also uses the Fusion Middleware Audit Framework for auditing.
The following data is part of each audit record, regardless of the event or event type that is audited:
timestamp - Date and time the audit event occurred
initiator - the initiator of the audit event (for some events this attribute may be empty)
ECID - the execution context ID
The Fusion Middleware Audit Framework supports the following audit levels:
None
Low
Medium
Custom
Events can be audited in different categories and audit levels.
Table 8-6 lists the event categories.
Table 8-6 Categories of Audit Events for Identity Federation
| Category | Described in ... |
|---|---|
|
Session Management |
|
|
Protocol Flow |
|
|
Server Configuration |
|
|
Security |
The following section contain more information.
Session Management events for this Identity Federation release, include a subset of auditable events for the previous release.
Table 8-7 Identity Federation Session Management Events
| Auditable Events | Auditing Not Supported in This Release for ... |
|---|---|
|
CreateUserSession – Creation of a session after a successful login |
CreateUserFederation – Creation of a user federation between two remote servers |
|
DeleteUserSession – Deletion of a session after logout |
UpdateUserFederation - Updating the user federation between two remote servers |
|
CreateActiveUserFederation – Creation of an active federation after successful login |
DeleteUserFederation – Deletion of a user federation between two remote servers |
|
CreateActiveUserFederation – Creation of an active federation after successful login |
|
|
DeleteActiveUserFederation - Deletion of an active federation after logout |
|
|
LocalAuthentication – Authentication of a user at OIF |
|
|
LocalLogout - Logout of a user at Identity Federation |
Protocol flow events for this Identity Federation release, include a subset of auditable events for the previous Identity Federation release.
Table 8-8 Protocol Flow Events for Identity Federation
| Auditable Events | Auditing Not Supported in This Release for ... |
|---|---|
|
IncomingMessage Message being received by Identity Federation |
AssertionCreation Creation of an assertion by Identity Federation (Success only |
|
OutgoingMessage Message being sent by Identity Federation (Success only) |
|
|
AssertionConsumption Consumption of an assertion by Identity Federation (Success only) |
Auditable Server configuration events for this Identity Federation release, include a subset of auditable events for the previous Identity Federation release.
Table 8-9 Server Configuration Identity Federation
| Auditable Events | Auditing Not Supported in This Release for ... |
|---|---|
|
CreateConfigProperty Adding a new configuration property (Success only) |
SetDataStoreType Changing the type of a data store (Success only) |
|
ChangeConfigProperty Changing the value of an existing configuration property (Success only) |
ChangeDataStore Setting of the federation data store (Success only) |
|
DeleteConfigProperty Deleting a configuration property (Success only) |
|
|
CreatePeerProvider Adding a new provider to the list of trusted providers (Success only) |
|
|
UpdatePeerProvider Updating the information on an existing provider in the list of trusted providers (Success only) PeerProviderID |
|
|
DeletePeerProvider Deleting a provider from the list of trusted providers (Success only) |
|
|
LoadMetadata Loading of metadata (Success only) |
|
|
ChangeFederation Changing of the trusted providers (Success only) |
|
|
ChangeServerProperty Changing of a server configuration property (Success only) |
Auditable security events for this Identity Federation release, include all auditable events for the previous Identity Federation release.
Table 8-10 Security Events for Identity Federation
| Auditable Events | Auditing Not Supported in This Release for ... |
|---|---|
|
CreateSignature Creation of a digital signature by Identity Federation |
n/a |
|
VerifySignature Verification of a digital signature by Identity Federation |
|
|
EncryptData Encryption of data by Identity Federation |
|
|
DecryptData Decryption of data by Identity Federation |