Hi everyone,
I need a sample log from idm-authentication source. But not aware how to authenticate directly in /openidm endpoint.
use access token acquired from /am endpoint with idm service account won’t generate any log in idm-authentication source.
Can you help share a sample call to authenticate a user directly with /openidm endpoint?
reference doc I found:
What logging sources are available in Identity Cloud? | ForgeRock Backstage
Hi @chuac,
You’ll find it in the am-access source:
{
"_id": "d5eb0168-3d1f-4618-9c9b-9a5084d3d0cb-55018",
"client": {
"ip": "203.221.5.137"
},
"component": "OAuth",
"eventName": "AM-ACCESS-ATTEMPT",
"http": {
"request": {
"headers": {
"accept": [
"*/*"
],
"content-type": [
"application/x-www-form-urlencoded"
],
"host": [
"openam-nom1.forgeblocks.com"
],
"user-agent": [
"PostmanRuntime/7.32.3"
],
"x-forwarded-for": [
"203.221.5.137, 34.111.195.11, 10.168.0.4"
],
"x-forwarded-proto": [
"https"
]
},
"method": "POST",
"path": "https://openam-nom1.forgeblocks.com/am/oauth2/realms/root/access_token",
"secure": true
}
},
"level": "INFO",
"realm": "/",
"request": {
"detail": {
"client_id": "service-account",
"grant_type": "urn:ietf:params:oauth:grant-type:jwt-bearer",
"scope": "fr:idm:* fr:am:* fr:idc:esv:*"
}
},
"source": "audit",
"timestamp": "2023-09-06T23:51:34.506Z",
"topic": "access",
"transactionId": "1694044294504-d28a708e9b40a56cf6e9-358735/0"
}
Then access to IDM will show in idm-access
{
"_id": "d71a9ee3-4556-47ce-9de2-2280137349de-160012",
"client": {
"ip": "203.221.5.137",
"port": 39768
},
"eventName": "access",
"http": {
"request": {
"headers": {
"accept": [
"*/*"
],
"host": [
"openam-nom1.forgeblocks.com:443"
],
"user-agent": [
"PostmanRuntime/7.32.3"
],
"x-forwarded-for": [
"203.221.5.137, 34.111.195.11, 10.168.0.4"
],
"x-forwarded-proto": [
"https"
]
},
"method": "GET",
"path": "https://openam-nom1.forgeblocks.com/openidm/repo/synchronisation/pooledSyncStage/SYSTEMMSSQLACCOUNT",
"secure": true
}
},
"level": "INFO",
"request": {
"operation": "READ",
"protocol": "CREST"
},
"response": {
"elapsedTime": 18,
"elapsedTimeUnits": "MILLISECONDS",
"status": "SUCCESSFUL",
"statusCode": "200"
},
"roles": [
"internal/role/openidm-svcacct",
"internal/role/openidm-authorized"
],
"server": {
"ip": "10.68.1.253",
"port": 8080
},
"source": "audit",
"timestamp": "2023-09-06T23:53:23.453Z",
"topic": "access",
"trackingIds": [
"d5eb0168-3d1f-4618-9c9b-9a5084d3d0cb-55020"
],
"transactionId": "1694044403418-d28a708e9b40a56cf6e9-358910/0",
"userId": "3614c5e2-6b46-4828-b487-a819e0ef258c"
}
Usually, I would look into am-everything, and idm-everything, but these can be quite verbose on a dev environment. Tip: use the Splunk integration: Splunk Integration
And this is a convenient filter to use in the Splunk search: source="My Source" NOT "http://localhost:8080/openidm/info/ping" NOT "http://idm/openidm/info/ping"
I hope this helps
Regards
Patrick
Hi Patrick,
Thanks for the reply. The use case of using am issued access token for IDM admin activity is clear.
We are looking for some sample log from idm-authentication source for log streaming and filtering. So need authentication happened from /openidm endpoint.
Best,
Chaopeng
Hi @chuac,
You just need to create log api key and secret to access the logs as explained here : Get audit and debug logs :: ForgeRock Identity Cloud Docs
Regards
Patrick