Create report to audit authentications per service and authentication method
This document is written for PhenixID Server.
The reader should have some basic knowledge about PhenixID Server.
This document describes how to create a report to view authentications per service (application) and/or authentication method.
The solution contains two steps:
1. Add custom event logging to configured authenticators
2. Create custom report.
Add custom event logging to configured authenticators
- Login to Configuration Manager
- Locate the authenticator
- Get the pipeID value for the authenticator
- Locate the pipe
- Add an event valve to the pipe. Place the event valve last in the pipe.
Configuration example
This pipe is connected to a SAML authenticator (username, password, otp).
{
"id":"otpValidator",
"valves":[
{
"name":"SessionLoadValve",
"config":{
"id":"{{request.session_id}}"
}
},
{
"name":"OTPValidationValve",
"config":{
"provided_otp_param_name":"{{request.otp}}",
"generated_otp_param_name":"generated_otp"
}
},
{
"name":"LDAPSearchValve",
"config":{
"connection_ref":"MyAD",
"base_dn":"ou=demo,DC=demo,DC=phenixid,DC=net",
"scope":"SUB",
"size_limit":"0",
"filter_template":"(&(objectClass=user)(samaccountname={{request.username}}))",
"attributes":"mail"
}
},
{
"name":"AssertionProvider",
"config":{
"targetEntityID":"MyIDP",
"nameIDAttribute":"mail",
"misc":{
"excludeSubjectNotBefore":"true"
}
}
},
{
"name":"AuthnRequestDecoder",
"config":{
}
},
{
"name":"EventValve",
"config":{
"event_key":"EVT_000052",
"parameters":[
{
"parameter":"requestMethod",
"value":"Username-Password-OTP"
},
{
"parameter":"duser",
"value":"{{request.username}}"
},
{
"parameter":"destinationServiceName",
"value":"{{item.issuer}}"
},
{
"parameter":"proto",
"value":"SAML"
}
]
}
}
]
}
Create custom report
Follow this guide to create a custom report. Use these values for the report.
{
"displayName": "View all authentications",
"category":"Authentication",
"description": "Shows every authentication",
"query": "select from event where eventID ='EVT_000052'"
}
Display report
Login to Configuration Manager
Click Reports
Navigate to Authentication->View all authentications
All authentications are now displayed
Export data to Excel for advanced filtering and categorizing.