User interface of Log Viewer - SSO

Initial view

When Log Viewer is invoked, it initially loads the current Audit log file, selects the last page and scrolls directly to the bottom of the page, displaying the log entries that were last written by Ubisecure SSO.

Figure 1: Log Viewer initial view, viewing Audit log

Note that initially the extended log entry information is not shown on the page, in order to make the event history more legible.

Date / Type - Selection menus

These dropdown-select boxes make it easier to navigate to a certain date. The view updates immediately when any field is changed. The date fields are laid out in descending format, that is: year, month and day. Only the years, days and months of logs that are in the logs directory, are shown in selection list.

Ext. Msg. radio buttons

Ext. msg. is an abbreviation of extended messages. These are initially turned off in order to make the view more legible. Changing the value immediately updates the view. Multi-line system errors are only displayed if Ext. msg is on.

Entries/Page menu

Available options are 22, 50, 100 and all. Changing this value immediately updates the view with the new values. Note that it also resets the view to the beginning of the log file.

These links vary depending on the number of available pages as follows:

  • for 1 page – Refresh
  • for 2 pages - First Page, Last Page
  • greater than or equal to 3 pages First Page, Prev Page, Next Page, Last Page

In addition to reloading the log file, "Refresh" and "Last Page" will dynamically scroll the view down to the last available log entry. This feature makes it easier to trace newly written log entries if the view holds more entries than can be viewed simultaneously.

Logfile navigation buttons

These buttons navigate between the entire range of log files of the currently selected type – for example, seeing the same log type from the next or previous day.

Headers

Log Viewer's each header is a generic description of the individual event's each field. Since most events contain different information by type, the view would expand inconveniently if each field were represented under an exactly describing header and therefore make the event tracing cumbersome.

Entry representation of Audit-Events:

About the different entry types (authentication method list, authentication method selection, login, etc.) and content of them see also Audit log description.

The "login" event (successful authentication)

Headers

Name by specification

REMOTE_ADDR

addr

ACTION

"login"

USER INFO


INFO


MASTER SESSION

masterSessionId

LOGIN INFO

authMethod

APPLICATION

application

USER AGENT

userAgent

The "invalid login" event

Headers

Name by specification

REMOTE_ADDR

addr

ACTION

"invalid.login"

USER INFO

loginName

INFO

reason

MASTER SESSION

masterSessionId

LOGIN INFO

authMethod

APPLICATION

application

USER AGENT

userAgent

The "ticket granted" event

Headers

Name by specification

REMOTE_ADDR

addr

ACTION

"ticket granted"

USER INFO

mappedUsername (userName)

INFO

application URL

MASTER SESSION

masterSessionId

LOGIN INFO

requestId

APPLICATION

application

USER AGENT

userAgent

The "access denied" event

Headers

Name by specification

REMOTE_ADDR

addr

ACTION

"access denied"

USER INFO


INFO

reason

MASTER SESSION

masterSessionId

LOGIN INFO


APPLICATION

application

USER AGENT

userAgent

The "logout" event

Headers

Name by specification

REMOTE_ADDR

addr

ACTION

"logout"

USER INFO


INFO


MASTER SESSION

masterSessionId

LOGIN INFO


APPLICATION


USER AGENT

userAgent

The "authentication method list" event

Headers

Name by specification

REMOTE_ADDR

addr

ACTION

"authentication method list"

USER INFO


INFO


MASTER SESSION

masterSessionId

LOGIN INFO


APPLICATION

application

USER AGENT

userAgent


The "authentication method selected" event

Headers

Name by specification

REMOTE_ADDR

addr

ACTION

"authentication method selected"

USER INFO


INFO


MASTER SESSION

masterSessionId

LOGIN INFO

authMethod

APPLICATION

application

USER AGENT

userAgent


The "assertion received" event

Headers

Name by specification

REMOTE_ADDR

addr

ACTION

"assertion received"

USER INFO


INFO

authenticatorId / attributes

MASTER SESSION

masterSessionId

LOGIN INFO

authMethod

APPLICATION


USER AGENT

userAgent


Entry representation of Diag-Events:

About the different entry types (authentication method list, authentication method selection, login, etc.) and content of them see also Diag log description.

All events

Headers

Description

CONTEXT

Which web application caused the event (uas, sso-api, search, etc.)

TYPEDiagnostic entry type or the class name printing the event
LEVELThe log level

IP ADDRESS

The client's ip address - sso-api events only

MESSAGE

The actual log message, in case of sso-api it starts with the authenticated user name (sub)

This web page (including any attachments) may contain confidential, proprietary, or privileged information – not for disclosure without authorization from Ubisecure Inc. Copyright © 2024. All Rights Reserved.