Layer7 Access Management

Expand all | Collapse all

auth scheme usage

Jump to Best Answer
  • 1.  auth scheme usage

    Posted 07-27-2016 04:36 PM

    So I'm pretty sure I know the answer to this but just checking in case I'm not thinking clearly.  Is smtrace the only way for me to be able to generate reports on the amount of usage that auth schemes in my environment get?  We have approx 180 schemes.  Would be nice to know who the heavy hitters are and who is never used.  I'm thinking the smtrace log is the only place where this data might exist.  This info might help when triaging memory growth of the policy server.  But just looking for a confirmation here.

     

    Thanks



  • 2.  Re: auth scheme usage
    Best Answer

    Posted 07-27-2016 10:11 PM

    Hi Sam Dikeman,

     

    That is one option, but better option is to track this via audit logs.

    If you are using text based audit logs , ensure that the registry key :

    HKEY_LOCAL_MACHINE\Wow6432Node\Netegrity\SiteMinder\CurrentVersion\Reports\Enable Enhance Tracing

    has value >=3.

     

    In this case, Policy server logs an additional field call "AuthenticaitonMethod" which stores the name of the auth scheme as below :

     

    [Category][Event][Reason][Hostname][Time][AgentName][SessionId][UserName][DomainOid][RealmName][RealmOid][ClientIp][Resource][Action][AuthDirName][AuthDirServer][AuthDirNamespace][TransactionId][StatusMsg][DomainName][ImpersonatorName][ImpersonatorDirName][ObjName][ObjOid][FieldDesc][AssertionId][AssertionIssuerId][AssertionDestinationURL][AssertionStatusCode][AssertionNotOnBefore][AssertionNotOnOrAfter][AssertionSessionStartTime][AssertionSessionNotOnOrAfter][AssertionAuthContext][AssertionVersionId][AssertionClaims][ApplicationName][TenantName][AuthenticationMethod][DeviceHash][DeviceID][UserRefID]

     

    [Az][AzAccept][][LODBL509VM016][27/Jul/2016:21:57:42 -0500][agent][mNP8ccEGWXxxu70qmPtSlgP5RK0=][Guest][03-04be6e5d-178e-4d9e-a335-4f4e805ddfb9][root][06-fb369daf-3947-4f02-b2c3-83f12f1fd8bb][fe80::45d1:dd8d:5f4d:d8b7][/][GET][][][][000080fe000000008dddd145b7d84d5f-1308-5799684a-0a3c-02ed18be][][wells][][][][][][][][][][][][][][][][][][][x509-authscheme][][][]

     

    In case of ODBC auditing, this is tracked automatically.

     

    Regards,

    Ujwol



  • 3.  Re: auth scheme usage

    Posted 07-28-2016 07:55 AM

    Thanks Ujwol.  That was exactly what I was looking for. 



  • 4.  Re: auth scheme usage

    Posted 07-28-2016 09:37 PM

    No worries. I have also created a KB article for the same :

    TEC3351380