Does Advanced Authentication require any configuration for Splunk Integration (MFA) ?
search cancel

Does Advanced Authentication require any configuration for Splunk Integration (MFA) ?

book

Article ID: 135038

calendar_today

Updated On: 05-08-2024

Products

CA Advanced Authentication - Strong Authentication (AuthMinder / WebFort) CA Strong Authentication CA Rapid App Security CA Risk Authentication CA Advanced Authentication

Issue/Introduction

Using Splunk, customers want to set up monitoring of the CA Strong/Risk Authentication logs for failure/exception events.  The question is two part 


1. Customer wants to know if there are known slew of exceptions they can configure Splunk to monitor failures ?

2. Customer wants to know if any specific configuration from Product point of view to use Splunk for monitoring ? 

Environment

Release :

Component : AuthMinder(Arcot WebFort)

Cause

None. This is a RFI (Request for Information) 

Resolution

For both the questions the answer is "No"  

1. AA does not require any specific configuration to use Splunk. 

2. Exceptions to monitor are not called out as every customers authentication flow and architecture (say Distributed or not, using Load Ba-lancers or not etc) can be different. 

Spunk requires no product related set up. Just point Splunk to product logs and set up monitoring. So at a high level identify the Authentication flows and  CA Strong/Risk Authentication components that are used in your authentication flow. For example 

1. Adaptershim (arcotadaptershim.log) -- if siteminder integrated

2. SMPS (smps.log) ---  if siteminder integrated

2. UDS (arcotuds.log)

3. AFM (arcotafm.log)

4. SM (arcotsm.log)

5. RiskMinder (arotriskfort.log)

6. Authminder (arcotwebfort.log) 

Format of Strong Authentication Log Files - https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/advanced-authentication/9-1/building/ca-strong-authentication-java-developers-information/ca-strong-authentication-logging-and-your-application/format-of-ca-strong-authentication-log-files.html

Format of UDS and Administration Console Log Files - https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/advanced-authentication/9-1/building/ca-risk-authentication-web-services-developers-information/risk-authentication-logging/format-of-uds-and-administration-console-log-files.html

Format of Risk Authentication Server and Case Management Server Log Files - https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/advanced-authentication/9-1/administrating/administrating-ca-risk-authentication/logs/about-the-log-files/format-of-ca-risk-authentication-server-and-case-management-server-log-og-files.html

Adapter Log File - https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/advanced-authentication/9-1/installing/ca-adapter-installation/ca-adapter-configuration-files-and-options/ca-adapter-log-file.html

State Manager Log File - https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/advanced-authentication/9-1/installing/ca-adapter-installation/ca-adapter-configuration-files-and-options/state-manager-log-file.html

Additional Information

None.