Client's IP Address not visible in SSO/CID access logs
Problem
Load balancer's IP address observed in SSO/CID access logs, Client's IP address not visible.
Symptoms
Reverse Proxy server setting are updated in the SSO's win32.config/unix.config.
| proxy.remote-addr-name=X-Forwarded-For |
|---|
However, in SSO/CID access logs the Loadbalancer IP address is visible instead of client's IP address.
Log Snippet from SSO access logs, before change is applied:
Solution
You need to add below pattern on tomcat server in server.xml file.
pattern="%{X-Forwarded-For}i %h %l %u %t %r %s %b"
Example:
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="/logs/tomcat" prefix="sso_access_log" suffix=".txt" pattern="%{X-Forwarded-For}i %h %l %u %t %r %s %b" />
Also, update Tomcat using below:
Updating Tomcat on Linux
cd /usr/local/ubisecure/ubilogin-sso/ubilogin
./config/tomcat/update.sh
Updating Tomcat on Windows
cd /d "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin"
config\tomcat\update.cmd
Log Snippet from SSO access logs, after change is applied:
