IBM_SECURITY_AUTHN_events

This event type is generated by the authentication service when it authenticates a user accessing a protected resource.

The following table lists the elements that can be shown in the output of an IBM_SECURITY_AUTHN event. All elements are included in the output, unless indicated otherwise.

Table 1. Elements for an IBM_SECURITY_AUTHN event
Element	Description
action	Optionally specifies the HTTP method on the requested resource or the operation that is performed by the provider of the authentication service. The XPath is: `CommonBaseEvent/extendedDataElements [@name='action']/values`
authnProvider	The provider of the authentication service. Sample data: com.tivoli.am.fim.authsvc.protocol.delegate.AuthSvcDelegate com.tivoli.am.fim.authsvc.action.authenticator.hotp.HOTPAuthnticator The XPath is: `CommonBaseEvent/extendedDataElements [@name='authnProvider']/values`
authnScope	Optionally specifies the transaction identifier of the authentication policy. Sample data: `94434b2a-748e-42fe-af3d-67db04aa4ba0` The XPath is: `CommonBaseEvent/extendedDataElements [@name='authnScope']/values`
authnType	The URI identifier of the authentication policy. Sample data: urn:ibm:security:authentication:asf:password_hotp The XPath is: `CommonBaseEvent/extendedDataElements [@name='authnType']/values`
partner	The authentication service does not utilize this element and will appear in the IBM_SECURITY_AUTHN event as `‘Not Available’`. The XPath is: `CommonBaseEvent/extendedDataElements [@name='partner']/values`
progName	Optionally specifies the URL of the requested resource. Sample data: http://www.example.com The XPath is: `CommonBaseEvent/extendedDataElements [@name='progName']/values`
tokenType	The authentication service does not utilize this element and will appear in the IBM_SECURITY_AUTHN event as `‘Not Available’`. The XPath is: `CommonBaseEvent/extendedDataElements [@name='tokenType']/values`
trustRelationship	The authentication service does not utilize this element and will appear in the IBM_SECURITY_AUTHN event as `'Not Available’`. The XPath is: `CommonBaseEvent/extendedDataElements [@name='trustRelationship']/values`
userInfo.appUserName	Optionally specifies information about the user who is authenticating. The XPath is: `CommonBaseEvent/extendedDataElements [@name='userInfoList']/children[1]/children [@name='appUserName']/values`
userInfo.attributes	Optionally specifies the following types of additional information about user data that are audited during authentication: `licenseFileMetadata` Metadata that is defined in the license agreement. `licenseFileName` The license file name. `userAction` The action that the user takes when the End-User License Agreement authentication mechanism presents the license agreement. The user can accept the license agreement or decline the license agreement. The XPath is: `CommonBaseEvent/extendedDataElements [@name='userInfoList']/children [@name='userInfo']/children [@name='attributes']/children`
xmlTokenType	The authentication service does not utilize this element and will appear in the IBM_SECURITY_AUTHN event as `‘Not Available’`. The XPath is: `CommonBaseEvent/extendedDataElements [@name='xmlTokenType']/values`

Sample of an IBM_SECURITY_AUTHN event

The following example shows one event generated by the runtime for a two-factor authentication policy requiring both username password and one-time password authentications:


<CommonBaseEvent
  creationTime="2014-02-15T18:50:05.026Z"
  extensionName="IBM_SECURITY_AUTHN"
  globalInstanceId="FIM36e24f6301441708947ceef443526"
  sequenceNumber="2"
  version="1.1">
  <contextDataElements
    name="Security Event Factory"
    type="eventTrailId">
        <contextId>FIM_36e24f62014415f59913eef443526e68+1246005647</contextId>
  </contextDataElements>
  <extendedDataElements name="userInfoList" type="noValue">
   <children name="userInfo" type="noValue">
     <children name="registryUserName" type="string">
       <values>Not Available</values>
     </children>
     <children name="appUserName" type="string">
       <values>test_user</values>
     </children>
   </children>
 </extendedDataElements>
 <extendedDataElements name="tokenType" type="string">
   <values>Not Available</values>
 </extendedDataElements>
 <extendedDataElements name="authnProvider" type="string">
   <values>com.tivoli.am.fim.authsvc.action.authenticator.hotp.HOTPAuthenticator</values>
 </extendedDataElements>
 <extendedDataElements name="action" type="string">
      <values>verify</values>
 </extendedDataElements>
 <extendedDataElements name="authnType" type="string">
      <values>urn:ibm:security:authentication:asf:password_hotp</values>
 </extendedDataElements>
 <extendedDataElements name="outcome" type="noValue">
      <children name="result" type="string">
        <values>SUCCESSFUL</values>
      </children>
      <children name="majorStatus" type="int">
        <values>0</values>
      </children>
 </extendedDataElements>
 <extendedDataElements name="trustRelationship" type="string">
      <values>Not Available</values>
 </extendedDataElements>
 <extendedDataElements name="progName" type="string">
      <values>Not Available</values>
 </extendedDataElements>
 <extendedDataElements name="authnScope" type="string">
      <values>Not Available</values>
 </extendedDataElements>
 <sourceComponentId
      application="IBM® Verify Identity Access"
      component="Authentication and Federated Identity"
      componentIdType="ProductName"
      executionEnvironment="Linux[amd64]#2.6.32-279.14.1.30.iss7_3.x86_64"
      location="example"
      locationType="FQHostname"
      subComponent="com.tivoli.am.fim.authsvc.action.authenticator.hotp.HOTPAuthenticator"
      threadId="Default Executor-thread-60"
      componentType="http://www.ibm.com/namespaces/autonomic/Tivoli_componentTypes"/>
  <situation categoryName="ReportSituation"> 
     <situationType
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:type="ReportSituation"
       reasoningScope="INTERNAL"
       reportCategory="SECURITY"/>
  </situation>
</CommonBaseEvent>