Does Advanced Authentication require any configuration for Splunk Integration (MFA) ?
Article ID: 135038
Updated On:
Products
CA Advanced Authentication - Strong Authentication (AuthMinder / WebFort)
CA Strong Authentication
CA Rapid App Security
CA Risk Authentication
CA Advanced Authentication
Issue/Introduction
Using Splunk, You want to set up monitoring of the CA Strong/Risk Authentication logs for failure/exception events.
Below are the use case requirements:
- You want to know if there are known slew of exceptions you can configure Splunk to monitor failures ?
- You want to know if any specific configuration from Product point of view to use Splunk for monitoring ?
Environment
Release : 9.1.xx (Applicable to all the supported releases)
Component : AuthMinder(Arcot WebFort)
Resolution
For both the questions the answer is "No"
- Advanced Authentication does not require any specific configuration to use Splunk.
- Exceptions to monitor are not called out as every authentication flow and architecture (say Distributed or not, using Load Balancers or not etc) can be different.
Spunk requires no product related set up. Just point Splunk to product logs and set up monitoring. So at a high level identify the Authentication flows and CA Strong/Risk Authentication components that are used in your authentication flow. For example
- Adaptershim (arcotadaptershim.log) -- if SiteMinder integrated
- SMPS (smps.log) --- if SiteMinder integrated
- UDS (arcotuds.log)
- AFM (arcotafm.log)
- State Manager (arcotsm.log)
- RiskMinder (arotriskfort.log)
- Authminder (arcotwebfort.log)
Format of Strong Authentication Log Files
Format of UDS and Administration Console Log Files
Format of Risk Authentication Server and Case Management Server Log Files
Adapter Log File
State Manager Log File
Additional Information
None.
Feedback
Yes
No
Powered by
