IBM_SECURITY_TRUST events
This event type is generated by the trust server when it validates a token, issues a token, maps an identity, or authorizes a Web service call.
The following table lists the elements that can be shown in the output of an IBM_SECURITY_TRUST event.
| Element | Description |
|---|---|
| accessDecision | For the authorization module, it is the result
of the authorization decision. This element is filled out only when
the action is authorized. The XPath is: |
| action | The action being performed. Possible actions
are:
The XPath is: |
| appliesTo | The destination or resource that the request
or token applies to. The XPath is: |
| issuer | The party responsible for issuing the token. The
XPath is: |
| moduleName | The module in the STS module chain that the
action is taken on. The XPath is: |
| ruleName | The rule name used for the mapping module. This
element is filled out only when specified action is set to map. The
XPath is: |
| token | The incoming token that the action is being
taken on. Only the first 1024 characters of the token are set. When
the action is set to map, this element represents the incoming
principal. The XPath is: |
| tokenInfo | The internal representation of the user information after changes
are made by the module. Only the first 1024 characters of the token
are set. When action is set to map, this element represents
the outgoing principal. When the action is set to authorize,
this element represents the principal for whom the access decision
was made. The XPath is: |
| tokenType | The type of token the module is using. The
XPath is: |
Samples of IBM_SECURITY_TRUST events
The following example shows an event generated by a Trust request.<CommonBaseEvent creationTime="2013-07-19T06:21:05.256Z"
extensionName="IBM_SECURITY_TRUST"
globalInstanceId="FIMf596c16e013f12d38eb0b66d4d925"
sequenceNumber="1" version="1.1">
<contextDataElements name="Security Event Factory"
type="eventTrailId">
<contextId>FIM_f596bda0013f188f9983b66d4d92542a+971185751</contextId>
</contextDataElements>
<extendedDataElements name="tokenType" type="string">
<values>Not Available</values>
</extendedDataElements>
<extendedDataElements name="issuer" type="string">
<values>/otpfed/otp/get/delivery/options/issuer</values>
</extendedDataElements>
<extendedDataElements name="token" type="string">
<values>user1 [ Attribute 1 name [ value 1 user1 ] ]</values>
</extendedDataElements>
<extendedDataElements name="ruleName" type="string">
<values>otp_get_methods.js </values>
</extendedDataElements>
<extendedDataElements name="moduleName" type="string">
<values>com.tivoli.am.fim.trustserver.sts.modules.STSMapDefault</values>
</extendedDataElements>
<extendedDataElements name="appliesTo" type="string">
<values>/otpfed/otp/get/delivery/options/appliesto</values>
</extendedDataElements>
<extendedDataElements name="action" type="string">
<values>Map</values>
</extendedDataElements>
<extendedDataElements name="tokenInfo" type="string">
<values>user1 [ Attribute 1 name [ value 1 user1 ] ]</values>
</extendedDataElements>
<extendedDataElements name="outcome" type="noValue">
<children name="result" type="string">
<values>SUCCESSFUL</values>
</children>
<children name="majorStatus" type="int">
<values>0</values>
</children>
</extendedDataElements>
<sourceComponentId application="IBM® Verify Identity Access"
component="Authentication and Federated Identity"
componentIdType="ProductName"
executionEnvironment="Linux[amd64]#2.6.32-279.14.1.30.iss7_3.x86_64"
location="localhost" locationType="FQHostname"
subComponent="com.tivoli.am.fim.trustserver.sts.modules.STSMapDefault"
threadId="Default Executor-thread-6"
componentType="http://www.ibm.com/namespaces/autonomic/Tivoli_componentTypes"/>
<situation categoryName="ReportSituation">
<situationType xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="ReportSituation" reasoningScope="INTERNAL" reportCategory="SECURITY"/>
</situation>
</CommonBaseEvent>