Does Advanced Authentication require any configuration for Splunk Integration (MFA) ?
search cancel

Does Advanced Authentication require any configuration for Splunk Integration (MFA) ?

book

Article ID: 135038

calendar_today

Updated On:

Products

CA Advanced Authentication - Strong Authentication (AuthMinder / WebFort) CA Strong Authentication CA Rapid App Security CA Risk Authentication CA Advanced Authentication

Issue/Introduction

Using Splunk, customers want to set up monitoring of the CA Strong/Risk Authentication logs for failure/exception events.  The question is two part 


1. Customer wants to know if there are known slew of exceptions they can configure Splunk to monitor failures ?

2. Customer wants to know if any specific configuration from Product point of view to use Splunk for monitoring ? 

Environment

Release :

Component : AuthMinder(Arcot WebFort)

Cause

None. This is a RFI (Request for Information) 

Resolution

For both the questions the answer is "No"  


1. AA does not require any specific configuration to use Splunk. 

2. Exceptions to monitor are not called out as every customers authentication flow and architecture (say Distributed or not, using Load Ba-lancers or not etc) can be different. 

Spunk requires no product related set up. Just point Splunk to product logs and set up monitoring. So at a high level identify the Authentication flows and  CA Strong/Risk Authentication components that are used in your authentication flow. For example 


1. Adaptershim (arcotadaptershim.log) -- if siteminder integrated

2. SMPS (smps.log) ---  if siteminder integrated

2. UDS (arcotuds.log)

3. AFM (arcotafm.log)

4. SM (arcotsm.log)

5. RiskMinder (arotriskfort.log)

6. Authminder (arcotwebfort.log) 


Use the docops.ca.com links to review the error codes for various components and configure Splunk to point to these logs for any error code as called called out in this documentation or your current logs. 

Additional Information

None.