SSO Access Log rule set

If the Access Log rule set's criteria are met, the rule in this rule set writes a log entry to the SSO access log file. Each SSO log entry corresponds to one SSO request. To meet the criteria, the SSO component making the request must be the proxy and the log level in the request must be less than or equal to four.

Nested library rule set – Access Log
Criteria – JSON.AsString (JSON.GetByName (SSO.LogAttributes, "origin")) matches SSO.Proxy* AND JSON.AsNumber (JSON.GetByName (SSO.LogAttributes, "level")) less than or equals 4
Cycles – Requests (and IM), Responses, Embedded Objects

This rule set contains the following rule.

Write sso_access.log

Rule element Definition
Criteria Always
Action Continue
Events

Set User-Defined.logLine = DateTime.ToWebReporterString

 + " ""

 + Authentication.UserName

 + "" "

 + String.ReplaceIfEquals (IP.ToString (Client.IP), "", "-")

 + " "

 + String.ReplaceIfEquals (Number.ToString (Response.StatusCode), "", "-")

 + " ""

 + Request.Header.FirstLine

 + "" "

 + """

 + JSON.AsString (JSON.GetByName (SSO.LogAttributes, "action"))

 + "" ""

 + JSON.AsString (JSON.GetByName (SSO.LogAttributes, "service"))

 + "" ""

 + JSON.AsString (JSON.GetByName (SSO.LogAttributes, "message"))

 + """

FileSystemLogging.WriteLogEntry (User-Defined.logLine)<SSO Access Log>

This rule creates the SSO access log entry, then writes the entry to the SSO access log file. The rule creates the log entry by retrieving the following information in string format and concatenating the strings:

  • Date and time stamp in Web Reporter format
  • User name
  • Client IP address (if it exists)
  • Status code in the response (if it exists)
  • First line of the SSO request header
  • Type of SSO request (action)
  • Name of the cloud service in the SSO request (service)
  • Description of the SSO request (message)

Note: To open and configure the file system log settings, click <SSO Access Log>.