Oracle® Fusion Middleware Administrator's Guide for Oracle Identity Federation 11g Release 1 (11.1.1) Part Number E13400-02 |
|
|
View PDF |
This chapter describes monitoring features and logging for Oracle Identity Federation. It contains these sections:
This section describes how to monitor your Oracle Identity Federation server.
This is the home page for your Oracle Identity Federation server instance.
This page summarizes statistics about the server instance. For details about the metrics shown here, see Section 7.1.2, "Performance Summary".
Oracle Identity Federation provides a number of built-in metrics to enable application developers, system administrators, and others to measure application specific performance information. Metrics for system, state, and phase events are available in these functional areas:
Protocol Profiles
Enterprise Data Tier Connectivity
Security Protocol Messages
Data Model (JVT DiscoveryProviders)
This section contains these topics:
The DMS sensor weight is a setting on the managed server on which Oracle Identity Federation is running; the sensor weight determines which metrics you see:
all - all sensors are activated.
normal (or no weight value set) - all the sensors at the normal level are activated
heavy - all the sensors at the default level and at the heavy level are activated
None - none of the sensors is activated.
Given the cost of running expensive instrumentation, setting the sensor weight to conditionally activate only the necessary sensors lets you efficiently collect relevant metric data about the server.
Set the Sensor Weight
If you start Oracle WebLogic Server using the administration console, set the -Doracle.dms.sensors=
level
property in the servers/
serverName
/server start/
arguments
section of the server, where level
is one of the sensor levels described above.
If you start Oracle WebLogic Server through a script, set the -Doracle.dms.sensors=
level
property in the domain_home
/bin/startManagedWebLogic.sh
script.
This section contains these topics:
Note:
In the table, the Label and Description refers to the short label attached to the metric in Oracle Enterprise Manager Fusion Middleware Control, followed by a description of the metric.Table 7-1 shows the protocol profile metrics:
Table 7-1 Protocol Profile Events
Name | Label, Description | Weight |
---|---|---|
Requests |
HTTP and SOAP Requests Total number of requests received. This is the addition of the RequestsHTTP and RequestsSOAP request messages. |
normal |
RequestsHTTPRedirect |
HTTP Requests using Redirect Binding Total number of requests sent or received using HTTP Redirect binding. |
normal |
RequestsHTTPPOST |
HTTP Requests using POST Binding Total number of requests sent or received using HTTP-POST binding. |
normal |
RequestsHTTPPOSTSimpleSign |
HTTP Requests using POST Simple Sign Binding Total number of requests sent or received using HTTP-POST Simple Sign binding. |
normal |
RequestsSOAP |
SOAP Requests Total number of requests sent or received using the SOAP binding. |
normal |
WellFormedRequests |
Received XML Requests successfully parsed Total number of well-formed requests received, that is, those that resulted in no XML translation errors. |
normal |
BadlyFormedRequests |
Received XML Requests with parsing failures Total number of badly formed requests, that is, those that resulted in XML translation errors. |
normal |
SignedRequests |
Requests signed Total number of requests sent or received with message level signatures. |
normal |
EncryptedRequests |
Requests encrypted Total number of requests sent or received with message level encryption. |
normal |
SignedAndEncryptedRequests |
Requests both signed and encrypted Total number of requests sent or received with message level signatures and encryption. |
normal |
Responses |
HTTP or SOAP Responses Total number of responses sent or received. This is the sum of the ResponsesHTTP and ResponsesSOAP response messages. |
normal |
ResponsesHTTPRedirect |
HTTP Responses using Redirect Binding Total number of responses sent or received using HTTP Redirect binding. |
normal |
ResponsesHTTPPOST |
HTTP Responses using POST Binding Total number of responses sent or received using HTTP-POST binding. |
normal |
ResponsesHTTPPOSTSimpleSign |
HTTP Responses using POST Simple Sign Binding Total number of responses sent or received using HTTP-POST Simple Sign binding. |
normal |
ResponsesSOAP |
SOAP Responses Total number of responses sent or received using the SOAP binding. |
normal |
ErrorResponses |
Error Responses Total number of responses sent or received with error status |
normal |
SignedResponses |
Responses Signed Total number of responses sent or received with message level signatures |
normal |
EncryptedResponses |
Responses Encrypted Total number of responses sent or received with message level encryption |
normal |
SignedAndEncryptedResponses |
Response both Signed and Encrypted Total number of responses sent or received with message level signatures and encryption |
normal |
AttributeQueryRequests |
AttributeQuery Requests Total number of |
normal |
AttributeQueryResponses |
AttributeQuery Responses Total number of |
normal |
AttributeQueryErrorResponses |
AttributeQuery Error Responses Total number of |
normal |
AuthnRequestRequests |
AuthnRequest Requests Total number of |
normal |
AuthnRequestResponses |
AuthnRequest Responses Total number of |
normal |
AuthnRequestErrorResponses |
AuthnRequest Error Responses Total number of |
normal |
SecurityTokenResponses |
RequestSecurityToken Responses Total number of |
normal |
LogoutRequests |
Logout Requests Total number of |
normal |
LogoutResponses |
Logout Responses Number of LogoutResponse messages sent or received. |
normal |
LogoutErrorResponses |
Logout Error Responses Number of LogoutResponse messages with error status sent or received. |
normal |
NameIDManagementRequests |
ManageNameIDRequests Total number of |
normal |
NameIDManagementResponses |
ManageNameIDResponses Total number of |
normal |
NameIDManagementErrorResponses |
ManageNameID Error Responses Total number of |
normal |
ArtifactResolutionRequests |
ArtifactResolve Requests Total number of |
normal |
ArtifactResolutionResponses |
ArtifactResolve Responses Total number of |
normal |
ArtifactResolutionErrorResponses |
ArtifactResolve Error Responses Total number of |
normal |
NameIdentifierFormat_Persistent |
NameIDs of Persistent format processed Total usage of Persistent Name Identifier in messages processed at the SP or IDP. |
normal |
NameIdentifierFormat_Transient |
NameIDs of Transient format processed Total usage of Transient Name Identifier in messages processed at the SP or IDP. |
normal |
NameIdentifierFormat_Unspecified |
NameIDs of Unspecified format processed Total usage of Unspecified Name Identifier in messages processed at the SP or IDP. |
normal |
NameIdentifierFormat_EmailAddress |
NameIDs of EmailAddress format processed Total usage of Email Address Name Identifier in messages processed at the SP or IDP. |
normal |
NameIdentifierFormat_X509DN |
NameIDs of X509SubjectName format processed Total usage of X.509 Subject Name Identifier in messages processed at the SP or IDP. |
normal |
NameIdentifierFormat_Windows |
NameIDs of WindowsDomainQualifiedName format processed Total usage of Windows Domain Qualified Name Identifier in messages processed at the SP or IDP. |
normal |
NameIdentifierFormat_Kerberos |
NameIDs of Kerberos format processed Total usage of Kerberos Principal Name Identifier in messages processed at the SP or IDP. |
normal |
RequestProcessed |
ApplicationController Requests Total number of requests processed by ApplicationController. |
normal |
Table 7-2 shows the protocol profile metrics:
Note:
In the table, the Label and Description refers to the short label attached to the metric in Oracle Enterprise Manager Fusion Middleware Control, followed by a description of the metric.Table 7-2 Security Processing Events
Name | Label, Description | Weight |
---|---|---|
XMLSignatures_Signed |
XML Signatures Generated Total number of XML signatures generated. |
normal |
XMLSignatures_Verified |
XML Signatures Verification Successes Total number of XML signatures verified successfully. |
normal |
XMLSignatures_VerifyFailed |
XML Signatures Verification Failures Total number of XML signature verification failures. |
normal |
XMLEncryption_Encryptions |
XML Encryptions Generated Total number of XML encryptions generated. |
normal |
XMLEncryption _Decryptions |
XML Decryption Successes Total number of successful XML decryptions. |
normal |
XMLEncryption _DecryptionFailures |
XML Decryption Failures Total number of XML decryption failures. |
normal |
The following metric is collected for Enterprise Data-Tier Connectivity:
Server_OpenSessions - The Fusion Middleware Control label for this metric is "Open Server Connections". It represents the total number of open connections with LDAP or RDBMS server.
The sensor weight is "all".
This section contains these topics:
Table 7-3 shows the JVTDiscoveryProviders metrics by phase event sensors:
Note:
In the table, the Label and Description refers to the short label attached to the metric in Oracle Enterprise Manager Fusion Middleware Control, followed by a description of the metric.Table 7-3 JVTDiscoveryProvider Events
Name | Label and Description | Weight |
---|---|---|
ArtifactCreation |
SAML Artifact Creation Time (ms) Time taken to create the artifact by Artifact DiscoveryProvider. |
heavy |
LocateArtifact |
SAML Artifact Retrieval Time (ms) Time taken to locate the artifact by Artifact DiscoveryProvider. |
heavy |
LocateConfiguration |
Server Configuration Retrieval Time (ms) Time taken to locate protocol/server configuration by Configuration DiscoveryProvider. |
heavy |
LocateMetadata |
Provider Metadata Retrieval Time (ms) Time taken to locate the metadata by Metadata Discovery Provider. |
heavy |
ProfileStateCreation |
ProfileState Object Creation Time (ms) Time taken to create profile state by ProfileState DiscoveryProvider. |
heavy |
LocateProfileState |
ProfileState Object Retrieval Time (ms) Time taken to locate profile state by ProfileState DiscoveryProvider. |
heavy |
SessionCreation |
User Session Retrieval or Creation Time (ms) Time taken to create or locate the user session by Session DiscoveryProvider. |
heavy |
LocateUser |
User Object Retrieval Time (ms) Time taken to locate the user by User DiscoveryProvider. |
heavy |
LocateSession |
Session Object Retrieval Time (ms) Time taken to locate the session. |
heavy |
CreateActiveServiceProviderFederation |
Active SP Federation Creation Time (ms) Time taken to create the active service provider federation. |
heavy |
LocateActiveServiceProviderFederation |
Active SP Federation Retrieval Time (ms) Time taken to locate the active service provider federation. |
heavy |
CreateActiveIdentityProviderFederation |
Active IdP Federation Creation Time (ms) Time taken to create the active Identity Provider federation. |
heavy |
LocateActiveIdentityProviderFederation |
Active IdP Federation Retrieval Time (ms) Time taken to locate the active Identity Provider federation. |
heavy |
LocateProviderFederation |
Provider Federation Retrieval Time (ms) Time taken to locate the Provider federation. |
heavy |
LocateTemporaryProviderFederation |
Temporary Provider Federation Retrieval Time (ms) Time taken to locate the active Temporary Provider federation |
heavy |
CreateAffiliationProviderFederation |
Affiliation Federation Creation Time (ms) Time taken to create the Affiliation Provider federation. |
heavy |
LocateAffiliationFederation |
Affiliation Federation Retrieval Time (ms) Time taken to locate the Affiliation federation |
heavy |
CreateServiceProviderFederation |
SP Federation Creation Time (ms) Time taken to create the service provider federation |
heavy |
CreateIdentityProviderFederation |
IdP Federation Creation Time (ms) Time taken to create the Identity Provider federation. |
heavy |
DeleteSession |
Session Deletion Time (ms) Time taken to delete the session. |
heavy |
CreateBinaryLargeObject |
Database BLOB Creation Time (ms) Time taken to create the Blob. |
heavy |
LocateBinaryLargeObject |
Database BLOB Retrieval Time (ms) Time taken to locate the Blob. |
heavy |
SessionPersistence |
Time to Persist Session Data (ms) Time taken to persist the session. |
heavy |
DeleteArtifact |
SAML Artifact Deletion Time (ms) Time taken to delete the artifact |
heavy |
DeleteProfileState |
ProfileState Data Deletion Time (ms) Time taken to delete the Profile State. |
heavy |
DeleteActiveIdPFederation |
Active IdP Federation Deletion Time (ms) Time taken to delete the active IdP federation. |
heavy |
DeleteActiveSPFederation |
Active SP Federation Deletion Time (ms) Time taken to delete the active SP federation. |
heavy |
DeleteProviderFederation |
Provider Federation Deletion Time (ms) Time taken to delete the provider federation. |
heavy |
ProviderFederationPersistence |
Time to Persist a Provider Federation(ms) Time taken to persist the provider federation. |
heavy |
Table 7-4 shows the protocol profile metrics collected by phase event sensors for requests and responses:
Note:
In the table, the Label and Description refers to the short label attached to the metric in Oracle Enterprise Manager Fusion Middleware Control, followed by a description of the metric.Table 7-4 Protocol Profile Events
Name | Label and Description | Weight |
---|---|---|
LocalAuthn |
Local User Authentication Time (ms) Time taken by the user to get authenticated locally at IdP/SP. |
normal |
AuthnRequestProcessing |
AuthnRequest Processing time at the IdP (ms) Time taken to process AuthnRequest at IdP. |
heavy |
AuthnResponseProcessing |
AuthnResponse Processing Time at SP (ms) Time taken to process AuthnResponse at SP. |
normal |
ArtifactProcessing |
SAML Artifact Processing Time (ms) Time taken to process Artifact. |
heavy |
Logout |
Global Logout Time (ms) Time taken for global logout. |
heavy |
RequestProcessing |
Incoming Request Processing Time (ms) Time taken by ApplicationController to process request. |
normal |
EventProcessing |
Event Processing Time (ms) Time taken by ActionStateMachine to process event. |
heavy |
Table 7-5 shows the metrics collected during security processing by phase event sensors:
Note:
In the table, the Label and Description refers to the short label attached to the metric in Oracle Enterprise Manager Fusion Middleware Control, followed by a description of the metric.Table 7-5 Security Processing for Phase Events
Name | Label and Description | Weight |
---|---|---|
XMLSigner |
XML Message Signing Time (ms) Time taken by XMLSigner to sign message. |
heavy |
XMLSignatureVerifier |
XML Message Signature Verification Time (ms) Time taken by XMLSignatureVerifier to verify the message signature. |
heavy |
QueryStringSigner |
URL Query String Signing Time (ms) Time taken to sign the Query string. |
heavy |
QueryStringSignatureVerifier |
URL Query String Signature Verification Time (ms) Time taken to verify the signature for Query string. |
heavy |
XMLEncryptionService |
XML Message Encryption Time (ms) Time taken to encrypt the message. |
heavy |
XMLDecryptionService |
XML Message Decryption Time (ms) Time taken to decrypt the message. |
heavy |
SerializeMessage |
XML Message Marshalling Time (ms) Time taken by LibertyProtocolMarshaller to serialize the message. |
heavy |
DeSerializeMessage |
XML Message Unmarshalling Time (ms) Time taken by the LibertyProtocolMarshaller to deserialize the message. |
heavy |
Oracle Identity Federation is a Java component whose availability is tracked through Fusion Middleware Control.
For details, see Getting Started Using Oracle Enterprise Manager Fusion Middleware Control in the Oracle Fusion Middleware Administrator's Guide.
This section describes logging for Oracle Identity Federation:
For more information about logging in Oracle Fusion Middleware, see Managing Log Files and Diagnostic Data in the Oracle Fusion Middleware Administrator's Guide.
This section provides a basic overview of logging for Oracle Identity Federation. Topics include:
Oracle Identity Federation provides two types of logs:
Persistent Logs - These logs persist across component restarts.
Runtime Logs - These logs are created automatically by the server at runtime and become active when a specific feature is activated.
The persistent log files include:
servername
-diagnostic.log
- Contains general application log messages, debug messages, and error messages. This log is also referred to as the federation log.
Other log files that may contain logging messages pertaining to Oracle Identity Federation are servername
.log
and servername
.out
.
Table 7-6 shows the log levels of Oracle Identity Federation log messages:
Table 7-6 Oracle Identity Federation Log levels
Log Level | description |
---|---|
INTERNAL ERROR |
Events that represent unrecoverable errors. |
ERROR |
Events that represent recoverable and unrecoverable errors. |
WARNING |
Events that represent failures in processing external and implicit Oracle Identity Federation server actions. |
NOTIFICATION |
High Level Oracle Identity Federation operational events describing a flow. |
TRACE |
Events with detailed processing flows and state information. |
Oracle Identity Federation log messages fall into these categories:
Table 7-7 Oracle Identity Federation Message Categories
Message ID Range | Message Category |
---|---|
FED-10000 to FED-10099 |
Compliance |
FED-10100 to FED-10999 |
Configuration |
FED-11000 to FED-11699 |
Data |
FED-11700 to FED-11999 |
Network |
FED-12000 to FED-12999 |
Other |
FED-13000 to FED-14999 |
Programmatic |
FED-15000 to FED-17999 |
Requests and Responses |
FED-18000 to FED-19999 |
Security |
FED-20000 to FED-20099 |
Threads |
Oracle Identity Federation provides two tools for log configuration and management:
Fusion Middleware Control for GUI-based configuration
wlst
for command-line configuration
Log in to Fusion Middleware Control and navigate to Oracle Identity Federation instance. In the Oracle Identity Federation drop down menu, select Logs, then View Log Messages.
Take these steps to select messages to view:
From the Oracle Identity Federation menu, select Logs, then View Log Messages. The Log Messages page appears.
Select the date range for the logs you want to view. You can select Most Recent, by minutes, hours or days. Alternatively, you can select a Time Interval and specify the date and time to start and end.
Select the Message Types you want to view.
Specify any additional conditions (such as display only messages that contain some string).
To perform a specific search, choose Add Fields and add fields on which to search. For each field, select a criterion from the list, then enter text into the box. Choose the red X to delete a field. Choose Add Fields to add additional fields. When you have finished adding criteria, choose Search.
In addition to specifying messages to view, several other viewing options are available:
Use the Broaden Target Scope list to view messages for the domain.
Choose Export Messages to File to export the log messages to a file as XML, text, or comma-separated list.
Click Target Log Files to view information about individual log files.
You can indicate when to refresh the view. Select Manual Refresh, 30-Second Refresh, or One Minute Refresh from the list on the upper right.
Use the View list to change the columns listed or to reorder columns.
Use the Show list to change the grouping of messages.
Collapse the Search label to view only the list of log messages.
To view the contents of a log file, double click the file name in the Log File column. The View Log File: filename page is displayed. You can use the up and down arrows in the Time, Message Type, and Message ID to reorder the records in the file.
Use these pages to view and configure Oracle Identity Federation server logs.
Take these steps to navigate to the log configuration page:
Log in to Fusion Middleware Control and navigate to the Oracle Identity Federation instance.
In the Oracle Identity Federation drop down menu, select 'Logs', then 'Log Configuration'.
Topics include:
Use this page to:
view and update logging levels for Oracle Identity Federation loggers.
create a new persistent logger.
Each logger logs messages for a specific server function; for example, the EJB deployment logger logs messages for an EJB module.
View or Update Logger Level
Use the View drop-down to select the logger.
Fields include:
Logger Name - This is the name of the logger.
Oracle Diagnostic Logging Level - This is the logging level. Use the level drop-down to change the log level.
Log File - This is the name of the log file. Click on a log file name to view and update the properties of the log file.
Specify a Logger
This portion of the page appears when you select "Loggers with Persistent Log Level" in the View drop-down.
Supply the following information to create a persistent logger:
Name - Enter a name for the new logger.
Oracle Diagnostic Logging Level - This is the logging level. Use the level drop-down to select a log level.
Buttons on the page perform the following functions:
Apply - Save the logger configuration updates or generate the new logger information.
Revert - Discard the configuration updates.
For information on configuring log files, see Configuring Settings for Log Files in the Oracle Fusion Middleware Administrator's Guide.
This section explains some common messages you may encounter in the Oracle Identity Federation logs.
You may see a message like the following in the managed server log file:
oracle.security.fed.jvt.discovery.model.session.RDBMSSessionDiscoveryProvider run WARNING: InterruptedException: thread interrupt occurred during sleep() java.lang.InterruptedException: sleep interrupted
These messages are only notifications indicating that the RDBMS sleeping threads have been killed as a result of a configuration reload; new threads were created to replace these threads. No action is required.
Oracle Identity Federation uses the Fusion Middleware Audit Framework for auditing.
This section explains what events are audited, and how to configure auditing for Oracle Identity Federation. It contains these sections:
See Also:
Configuring and Managing Auditing in the Oracle Fusion Middleware Security Guide for details about audit configuration.This section lists the events in different categories that can be audited, and explains audit levels.
There are 4 categories of audit events for Oracle Identity Federation:
User Session Management
Protocol Flow
Server Configuration
Security
The events for each category are described in these subsections.
Session management events and the attributes of each event are as follows:
CreateUserSession – Creation of a user session after a successful login
SessionID
AuthenticationMechanism
UserID
DeleteUserSession – Deletion of a user session after logout
SessionID
AuthenticationMechanism
UserID
CreateUserFederation – Creation of a user federation between two remote servers
FederationID
FederationType (SP/IdP/Affiliation)
UserID
RemoteProviderID
ProtocolVersion
NameIDFormat
NameIDQualifier
NameIDValue
UpdateUserFederation - Updating the user federation between two remote servers
FederationID
FederationType (SP/IdP)
UserID
RemoteProviderID
ProtocolVersion
NameIDFormat
NameIDQualifier
NameIDValue
OldNameIDQualifier
OldNameIDValue
DeleteUserFederation – Deletion of a user federation between two remote servers
FederationID
FederationType (SP/IdP)
UserID
RemoteProviderID
ProtocolVersion
NameIDFormat
NameIDQualifier
NameIDValue
CreateActiveUserFederation – Creation of an active federation after successful login
FederationID
FederationType (SP/IdP)
SessionID
UserID
RemoteProviderID
ProtocolVersion
DeleteActiveUserFederation - Deletion of an active federation after logout
FederationID
FederationType (SP/IdP)
SessionID
UserID
RemoteProviderID
ProtocolVersion
LocalAuthentication – Authentication of a user at OIF
AuthenticationMechanism
AuthenticationEngineID
RemoteIP
SessionID
UserID
LocalLogout - Logout of a user at Oracle Identity Federation
RemoteIP
SessionID
UserID
Protocol flow events and their attributes are as follows:
IncomingMessage – Message being received by Oracle Identity Federation
RemoteIP
Binding (for example, SOAP/GET/POST/Artifact/…)
ProtocolVersion (for example, SAML2/Libv11/…)
RemoteProviderID
Role (for example, Service Provider/Identity Provider/Attribute Authority/…)
IncomingMessageString (CLOB)
MessageType (for example, SSOLoginRequest/SSOLoginResponse/SSOLogoutRequest/…)
OutgoingMessage - Message being sent by Oracle Identity Federation (Success only)
RemoteIP
Binding (for example, SOAP/GET/POST/Artifact/…)
ProtocolVersion (for example, SAML2/Libv11/…)
RemoteProviderID
Role (for example, Service Provider/Identity Provider/Attribute Authority/…)
OutgoingMessageString (CLOB)
MessageType (for example, SSOLoginRequest/SSOLoginResponse/SSOLogoutRequest/…)
AssertionCreation – Creation of an assertion by Oracle Identity Federation (Success only)
RemoteIP
ProtocolVersion (for example, SAML2/Libv11/…)
AssertionVersion (for example, 2.0)
IssueInstant
Issuer
NameIDQualifier
NameIDValue
NameIDFormat
AssertionID
UserID
SessionID
FederationID
RemoteProviderID
AssertionConsumption - Consumption of an assertion by Oracle Identity Federation (Success only)
ProtocolVersion (for example, SAML2/Libv11/…)
AssertionVersion (for example, 2.0)
IssueInstant
Issuer
NameIDQualifier
NameIDValue
NameIDFormat
AssertionID
UserID
SessionID
FederationID
RemoteProviderID
Server configuration events and their attributes are as follows:
CreateConfigProperty – Adding a new configuration property(Success only)
PropertyName
PropertyType (for example, PropertiesList, PropertiesMap, String, Boolean…)
Value
PeerProviderID
Hierarchy
ChangeConfigProperty - Changing the value of an existing configuration property(Success only)
PropertyName
PropertyType (for example, PropertiesList, PropertiesMap, String, Boolean…)
OldValue
NewValue
PeerProviderID
Hierarchy
DeleteConfigProperty - Deleting a configuration property (Success only)
PropertyName
PropertyType (for example, PropertiesList, PropertiesMap, String, Boolean…)
OldValue
PeerProviderID
Hierarchy
CreatePeerProvider – Adding a new provider to the list of trusted providers (Success only)
PeerProviderID
ProviderType (for example, sp, idp, sp idp,…)
ProtocolVersion
Description
UpdatePeerProvider - Updating the information on an existing provider in the list of trusted providers (Success only)PeerProviderID
PeerProviderID
ProviderType (for example, sp, idp, sp idp,…)
ProtocolVersion
Description
DeletePeerProvider - Deleting a provider from the list of trusted providers (Success only
PeerProviderID
ProviderType (for example, sp, idp, sp idp,…)
ProtocolVersion
Description
LoadMetadata – Loading of metadata (Success only)
Metadata
Description
SetDataStoreType – Changing the type of a data store (Success only)
DataStoreName
OldValue
NewDataStoreType
ChangeDataStore – Setting of the federation data store (Success only)
DataStoreBefore
DataStoreAfter
ChangeFederation – Changing of the trusted providers (Success only)
COTBefore
COTAfter
ChangeServerProperty – Changing of a server configuration property (Success only)
ServerConfigBefore
ServerConfigAfter
Security events and their attributes are as follows:
CreateSignature – Creation of a digital signature by Oracle Identity Federation
Type (XML, String)
VerifySignature – Verification of a digital signature by Oracle Identity Federation
Type (XML, String)
EncryptData – Encryption of data by Oracle Identity Federation
Type (XML, String)
DecryptData – Decryption of data by Oracle Identity Federation
Type (XML, String)
Fusion Middleware Audit Framework supports the following audit levels:
None
Low
Medium
Custom
The following audit events get audited at the Low and Medium audit levels:
Note:
FAILURESONLY denotes that the event will only get audited in case of failure.Events Audited at Low level
ServerConfiguration
CreateConfigProperty
ChangeConfigProperty
DeleteConfigProperty
CreatePeerProvider
UpdatePeerProvider
DeletePeerProvider
LoadMetadata
SetDataStoreType
ChangeDataStore
ChangeCOT
ChangeServerProperty
Events Audited at Medium level
ServerConfiguration
CreateConfigProperty
ChangeConfigProperty
DeleteConfigProperty
CreatePeerProvider
UpdatePeerProvider
DeletePeerProvider
LoadMetadata
SetDataStoreType
ChangeDataStore
ChangeCOT
ChangeServerProperty
UserSession.FAILUREONLY
CreateUserSession.FAILUREONLY
DeleteUserSession.FAILUREONLY
CreateUserFederation.FAILUREONLY
UpdateUserFederation.FAILUREONLY
DeleteUserFederation.FAILUREONLY
CreateActiveUserFederation.FAILUREONLY
DeleteActiveUserFederation.FAILUREONLY
LocalAuthentication.FAILUREONLY
LocalLogout.FAILUREONLY
ProtocolFlow.FAILUREONLY
IncomingMessage.FAILUREONLY
OutgoingMessage.FAILUREONLY
AssertionCreation.FAILUREONLY
AssertionConsumption.FAILUREONLY
Security.FAILUREONLY
CreateSignature.FAILUREONLY
VerifySignature.FAILUREONLY
EncryptData.FAILUREONLY
DecryptData.FAILUREONLY
Events Audited at Custom Level
The Custom audit level allows the user to select the events he/she wants to audit.
You can use Oracle Enterprise Manager Fusion Middleware Control or WLST
command-line interface to configure auditing.
Take these steps to configure auditing with Fusion Middleware Control:
Log in to Fusion Middleware Control and navigate to the Identity Management domain.
In the Weblogic Domain drop down menu, select Security, then Audit Policy.
In the Audit Level menu, select the desired audit level.
Note:
If selected level is Custom, refer to Section 7.4.2.1, "Configuring Auditing at the Custom Level".Optionally, in the Users text box, you can add users who will always be audited for all events, regardless of audit level.
Click Apply.
Take these steps if you are configuring audit policies and wish to use the Custom audit level:
In the Audit Level menu, select Custom as the audit level.
Select the events to audit in the table of events:
Click the + sign next to the component name to get the list of audit event categories.
Click the + sign next to the category name to get the list of events.
Click the + sign next to the event name to get Success/Failure audit options.
Check the Enable Audit box next to the events or categories desired to audit. (for example, checking the box next to Security will audit all security events. Checking the box next to CreateUserSession Failure
event will audit all CreateUserSession
failure events.
Optionally, you can add filters for fine-grained auditing.
Click the pencil icon to the right of the event or category name. Add the desired filter conditions.
Click OK when finished.
Your audit data may reside in files (also known as bus-stop files), or it may reside in a database audit store.
If the audit data resides in a bus-stop file, you can query the file directly at this location:
<domain_home>/servers/<server_name>/logs/auditlogs/OIF/audit.log
If the audit data resides in a database, you can use a tool like Oracle Business Intelligence Publisher to view audit reports.