SLO event payload
You can use the following single log-out (slo) event payloads to trigger asynchronous workflows and synchronizations for event notification webhooks and APIs.
The following table lists the attributes that are contained in the single log-out event.
| Name | Data type | Description |
|---|---|---|
| data.action | String | The action performed by a user for the resource. |
| data.applicationid | String | The identifier of the application that was targeted by the event. |
| data.applicationname | String | The name of the application that was targeted by the event. |
| data.applicationtype | String | The type of the application that was targeted by the event. |
| data.cause | String | The result message of the single logout flow, either success or fail. |
| data.devicetype | String | The browser user agent. |
| data.host | String | Hostname of microservice instance that generated the event. |
| data.identity_provider_type | String | The type of identity provider that is being single-logged out of. |
| data.logoutresultdetail | String | The logout result of the applications and the identity provider. |
| data.origin | String | The IP address of system that caused event to be generated. |
| data.principalName | String | The user or identifier that is being single logged out. |
| data.realm | String |
The identity source of the user. For example, Cloud Directory - CloudIdentityRealm, IBMid - www.ibm.com SAML Enterprise - AzureRealm LDAP pass-through - www.cloudsecurity.com OIDC - www.yahoo.com |
| data.result | String | Success or failure. |
| data.sourcetype | String | The identity source type used for authentication - cloud directory, certificate, Kerberos, OIDC, pass-through, SAML - not needed for MFA events. |
| data.subject | String | The Verify user ID that caused event to be generated. |
| data.subtype | String |
|
| data.target | String | The secondary resource that might be applicable. |
| data.userid | String | The Verify user ID that caused event to be generated. |
| data.username | String | The unique identifier for logging in to Verify. It can be the same as the email address of the user. |
| data.usersessionid | String | The unique identifier for the user’s current authenticated session in Verify. |
| geoip.city_name geoio.continent_name geoip.country_iso_code geoip.country_name geoip.location geoip.region_name |
String | Augmented by Event service by using data.origin. |
Example
The following code is a sample payload. Use the Events APIs to get the actual attributes. See https://docs.verify.ibm.com/verify/reference/getallevents and https://docs.verify.ibm.com/verify/docs/pulling-event-data.
{
"data": {
"subject": "12AB3CD4E",
"origin": "111.11.111.111",
"cause": "Unexpected error - null",
"messageId": "ABCDE0000E",
"principalName": "username@in.ibm.com",
"devicetype": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36",
"target": "https://tenantname.ite1.idng.ibmcloudsecurity.com/usc/logout",
"result": "failure",
"identity_provider_type": "ibmldap",
"subtype": "user_password",
"host": "ab12cde34fgguj56",
"action": "authentication_logout",
"sourcetype": "clouddirectory",
"realm": "cloudIdentityRealm",
"messageDescription": "An unexpected error occurred while attempting to logout from \"Cloud Directory\".",
"usersessionid": "22222222-2222-2222-2222-222222222222",
"external_service_failure": "true",
"username": "username@in.ibm.com"
},
"year": 2023,
"tags": [
"_geoip_lookup_failed-unresolvable_origin"
],
"event_type": "slo",
"month": 1,
"indexed_at": 1674823782008,
"tenantid": "44444444-4444-4444-4444-444444444444",
"tenantname": "tenant name.ite1.idng.ibmcloudsecurity.com",
"correlationid": "CORR_ID-5555555555-5555-5555-5555-555555555555",
"id": "6666666666-6666-6666-6666-666666666666",
"time": 1674823764357,
"day": 27
}