Skip to main content
Skip table of contents

Event logs

All of the operational applications will have the capability of generating functional events.  These events are all added to an event queue, and are then handled by a listener.

For an initial concept, the listener has a very straightforward duty: it will dispatch the events to a selected workflow. A different workflow can be selected for each event type.

The configuration of the Auditing Events can be done from the admin portal > Auditing tab.

Event Overview

Event Type

Description

Authentication Events

Authentication events are triggered each time a user successfully or unsuccessfully authenticates, using any Identity Provider configured in TrustBuilder.

Authorization Events

Authorization events are triggered each time a user successfully or unsuccessfully tries to access any Service Provider configured in TrustBuilder.

Log-out events

The Log-out events are generated when a users logs-out.

Session Events

Creates an event every time a session is updated.

Administration Events

Creates an event for administration actions.

Format

The events are passed in a JSON-like format to the selected workflow. Date and time are represented in the epoch format. The data for each of the events is described in the Event Type pages, which are linked in the table above.

Auditing Configuration

From the Admin Portal, go to Auditing > Event Handling. This page allows you to configure which auditing events are handled by which workflow.

Events are generated and put on an Event Queue. There is a listener that will process all these events, and dispatch them to the appropriate workflow.

Field

Description

Event Type

Describes to which event types the application will listen.

Workflow Handler

Select which workflow will handles events of this type.

Enabled

Can be toggled to enable or disable listening to a specific event type

Batch

Can be toggled to group multiple events of the same type into a batch. More information below.

For environments with a lot of traffic, it could be desirable not to kick off a new workflow with each event.  For these circumstances, we've added the possibility to group the events into batches, so they can be handled more efficiently, while remaining available in near real-time.

Currently the settings are set as follows:

  • Maximum Batch Size: 100
    This means that the maximum amount of events (of this event type) that will be grouped into one batch will be 100. As soon as the hundredth event is added, the whole batch will be sent to the workflow.

  • Idle Time-out: 1000 milliseconds
    This means that after 1000 milliseconds (1 second) of not receiving a new event of this type, all the grouped events will be pushed to the workflow.

Events types

Authentication events

Trigger

Event Code

Authentication Succeeded

ORCH-1010

Authentication Failed

ORCH-1020

Data

  • timestamp (in milliseconds)

  • eventType = “Authentication event”

  • eventCode

  • statusMessage (in case of failure)

  • source (IP Address)

  • subject

  • statusCode

  • SessionID

  • authenticationMethod

  • idp 

  • attributes { Key / Value pairs } (Only those received from the IDP)

Authorization events

There are two types of Authorization Events that correspond to the policies that can be set on the Service Provider pages.

  • Authentication Rules (coarse grained)

  • Authorization Rules (fine grained)

Authentication Rules

Trigger

Event Code

Authorization Allowed

ORCH-2010

Authorization Denied

ORCH-2020

Step-up

ORCH-2030

Reauthenticate

ORCH-2040

Data

  • timestamp (in milliseconds)

  • eventType = “Coarse grained authorization event”

  • eventCode

  • statusCode

  • source (IP Address)

  • subject

  • SessionID

  • authenticatedAuthenticationMethod (method with which you are authenticated for that SP)

  • idpName (possible in case of reauthenticate)

  • stepUpAuthenticationMethod (in case of step-up)

  • stepUpAuthenticationMethodComparion (in case of step-up)

  • spName

  • attributes { Key / Value pairs } (to be sent to SP)

Application Rules

Trigger

Event Code

Allow

ORCH-2110

Deny

ORCH-2120

Step-up

ORCH-2130

Reauthenticate

ORCH-2140

Data

  • timestamp (in milliseconds)

  • eventType = “Fine grained authorization event”

  • eventCode

  • statusCode

  • source (IP Address)

  • subject

  • SessionID

  • authenticationMethod (in case of step-up)

  • authenticationMethodComparison (in case of step-up)

  • location

  • httpHeaders

  • requestURI

  • requestHostname

  • httpMethod

  • requestType(WEB, PUBLIC_WEB or API)

Log-out events

Trigger

Event Code

INITIAL_LOGOUT_REQUEST

ORCH-3010

INTERMEDIATE_LOGOUT_REQUEST

ORCH-3110

INTERMEDIATE_LOGOUT_SUCCESSFUL

ORCH-3210

INTERMEDIATE_LOGOUT_PARTIALLY_SUCCESSFUL

ORCH-3220

INTERMEDIATE_LOGOUT_FAILED

ORCH-3230

COMPLETE_LOGOUT_SUCCESSFUL

ORCH-3310

COMPLETE_LOGOUT_PARTIALLY_SUCCESSFUL

ORCH-3320

Data

  • timestamp (in milliseconds)

  • eventType = “Logout event”

  • eventCode

  • statusCode

  • source (IP Address)

  • subject (if present)

  • SessionID

  • partner

  • requestId (identifier to match request and response)

Session events

Trigger

Event Code

SESSION_UPDATE

ORCH-4000

Data

  • timestamp (in milliseconds)

  • session

  • eventType = “Session update” 

  • eventCode

Administration events

Admin access

Administration Access

Trigger

Event Code

Successful Administrator login

ADMN-1010

Administrator logged out

ADMN-1020

Failed Administration login

ADMN-1030

Json

  • Event Type = “AdminAccess”

  • Event Code

  • Timestamp

  • Username

  • User IP Address

User changes

Configuration Change

Trigger

Event Code

Configuration Object Created

ADMN-3010

Configuration Object Updated

ADMN-3020

Configuration Object Deleted

ADMN-3030

Json

  • eventType = “Administration”

  • eventCode

  • timestamp

  • subType (USER_DATA_CREATION / USER_DATA_MODIFICATION / USER_DATA_REMOVAL)

  • objectType (PRINCIPAL / …)

  • adminUserId

  • In case of creation or removal

    • data

  • In case of update, for each attribute:

User CRUD event

Trigger

Event Code

User Created

USER-1010

User Edited

USER-1020

User Removed

USER-1030

Json

  • Timestamp

  • Event type = “UserEvent”

  • Event Code

  • UserID

Config Change Events

Configuration Change

Trigger

Event Code

Configuration Object Created

ADMN-4010

Configuration Object Updated

ADMN-4020

Configuration Object Deleted

ADMN-4030

Json

  • eventType = “Administration”

  • eventCode

  • timestamp

  • subType (CONFIGURATION_CREATION / CONFIGURATION_MODIFICATION / CONFIGURATION_REMOVAL)

  • objectType (IDP / SP / …)

  • adminUserId

  • In case of creation or removal

    • data

  • In case of update, for each attribute:

Server Events

Server Restart

Trigger

Event Code

Server stopped

ADMN-2010

Server started

ADMN-2020

Json

  • Event Type = “ServerRestart”

  • Event Code

  • Timestamp

  • Server IP

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close