Symantec IGA

 View Only

Null exception when auditing login/logout events

  • 1.  Null exception when auditing login/logout events

    Broadcom Employee
    Posted Jan 29, 2015 10:34 AM

    Usually customers aren't using the Identity Manager's audit in order to capture authentication events such as login or logout. Usually Site Minder is the authentication gateway and if at all then it would perform that auditing. Nevertheless, this is possible via Identity Manager's auditing configuration. To do that you export the auditing xml file (enviroments -> IME -> advanced settings -> audit -> export), then edit accordingly and import back (and start the IME again).

     

    However, these events, as it turns out, will cause NULL problems in the app server log and will not audit correctly. Here is what you may get:

    2015-01-13 15:28:09,455 ERROR [ims.audit] (http-0.0.0.0-8080-26) Exception inserting into imsAuditEvent12: Event: Login message: Cannot insert the value NULL into column 'admin_dn', table 'IMPRODAUDIT.dbo.imsAuditEvent12'; column  does not allow nulls. INSERT fails.

    2015-01-13 15:28:09,455 ERROR [ims.audit] (http-0.0.0.0-8080-26) Auditing  failed with exception [ Cannot insert the value NULL into column 'admin_dn', table  IMPRODAUDIT.dbo.imsAuditEvent12'; column does not allow nulls. INSERT fails. ]

    2015-01-13 15:28:09,456 ERROR [ims.audit] (http-0.0.0.0-8080-26) Audited records are ROLLEDBACK

     

     

    This is happening due to that the 'admin_dn' column is defined not to accept NULL characters. However, the Login/Logout events have no administrator associated with them since only the authenticating user is involved and so the admin_dn is actually Null and therefore the audit db table throws the above exception.

     

    In order to fix that you will need to change the definition of the 'admin_dn' column in the 'imsAuditEvent12' table and allow it to accept NULL characters. The easiest way to get this done would be to use the two provided scripts under: \CA\Identity Manager\IAM Suite\Identity Manager\tools\db\auditing\<YOUR DB TYPE>

     

    - ims_mssql_audit_delete.sql should be run first and will delete the entire database.

    - ims_mssql_audit.sql should run afterwards and will recreate the DB.

    However, before running this second one, please make a copy of it, look for: CREATE TABLE [imsAuditEvent12] this will take you to the place where the table definition is. Then, one of

    the columns is admin_dn. You should edit that line of this admin_dn to be:

    [admin_dn] [nvarchar] (512) NULL ,

     

    Instead of:

    [admin_dn] [nvarchar] (512) NOT NULL ,

     

    This change is what will allow this column to accept nulls, then save your file and run it.

     

     

    Yours,

     

    Sagi Gabay,

    CA Technologies.