Create report to audit authentications per service and authentication method
This document is written for PhenixID Server.
The reader should have some basic knowledge about PhenixID Server.
This document describes how to create a report to view authentications per service (application) and/or authentication method.
The solution contains two steps:
1. Add custom event logging to configured authenticators
2. Create custom report.
Add custom event logging to configured authenticators
- Login to Configuration Manager
- Locate the authenticator
- Get the pipeID value for the authenticator
- Locate the pipe
- Add an event valve to the pipe. Place the event valve last in the pipe.
Configuration example
This pipe is connected to a SAML authenticator (username, password, otp).
{
"id":"otpValidator",
"valves":[
{
"name":"SessionLoadValve",
"config":{
"id":"{{request.session_id}}"
}
},
{
"name":"OTPValidationValve",
"config":{
"provided_otp_param_name":"{{request.otp}}",
"generated_otp_param_name":"generated_otp"
}
},
{
"name":"LDAPSearchValve",
"config":{
"connection_ref":"MyAD",
"base_dn":"ou=demo,DC=demo,DC=phenixid,DC=net",
"scope":"SUB",
"size_limit":"0",
"filter_template":"(&(objectClass=user)(samaccountname={{request.username}}))",
"attributes":"mail"
}
},
{
"name":"AssertionProvider",
"config":{
"targetEntityID":"MyIDP",
"nameIDAttribute":"mail",
"misc":{
"excludeSubjectNotBefore":"true"
}
}
},
{
"name":"AuthnRequestDecoder",
"config":{
}
},
{
"name":"EventValve",
"config":{
"event_key":"EVT_000052",
"parameters":[
{
"parameter":"requestMethod",
"value":"Username-Password-OTP"
},
{
"parameter":"duser",
"value":"{{request.username}}"
},
{
"parameter":"destinationServiceName",
"value":"{{item.issuer}}"
},
{
"parameter":"proto",
"value":"SAML"
}
]
}
}
]
}
Create custom report
Follow this guide to create a custom report. Use these values for the report.
{
"displayName": "View all authentications",
"category":"Authentication",
"description": "Shows every authentication",
"query": "select from event where eventID ='EVT_000052'"
}