search cancel

SAML login - UNKOWN/NONE in logging

book

Article ID: 257852

calendar_today

Updated On:

Products

CA Automic Workload Automation - Automation Engine

Issue/Introduction

The SAML log is very confusing because some log display the LOGIN and DEPARTMENT but other logs show UNKNOWN and NONE.

Can the log messages be improved?

Environment

Release : 21.0.4

Resolution

When you put the log message in the right order it makes more sense:

JCP  - 20230116/063112.213 - 49     U00003406 Client connection 'CP003#00000007'  from '10.253.129.24' has logged on to the Server.
JCP  - 20230116/063112.974 - 54     U00003459 Dialog '0100,UNKNOWN,UC4' logged on (Client connection='*CP003#00000007').
JCP  - 20230116/063125.890 - 55     U00003406 Client connection 'CP003#00000008'  from '10.253.129.24' has logged on to the Server.
JCP  - 20230116/063125.928 - 54     U00003459 Dialog '0100,NONE,UC4' logged on (Client connection='*CP003#00000008').
JCP  - 20230116/063240.653 - 51     U00003407 Client connection '*CP003#00000007' from '10.253.129.24:51297' has logged off from the Server.
JWP  - 20230116/063126.020 - 44     U00045271 Checking SAML token for Single sign-on.
JWP  - 20230116/063126.058 - 44     U00045325 Received SAML token as '<samlp:Response>'
JWP  - 20230116/063126.108 - 44     U00045322 Assertion validation was successful. Starting with signature validation now.
JWP  - 20230116/063126.114 - 44     U00045323 Validation of the SAML response for the MICHIELSAML / UC4 was successful!
REST - 20230116/063128.124 - 53     U00045098 Method 'GET', URL: 'http://atren-awa-ws-01:8088/ae/api/v1/100/system/features', received from IP: '10.253.129.24'
REST - 20230116/063128.201 - 53     U00045105 Log on of 'MICHIELSAML/UC4' ('1311045') successful, client: '100' (Connection='*CP002#00000001').
REST - 20230116/063128.278 - 53     U00045099 The server replied with following status: '200'
REST - 20230116/063131.687 - 47     U00045098 Method 'GET', URL: 'http://atren-awa-ws-01:8088/ae/api/v1/100/system/certificates', received from IP: '10.253.129.24'
REST - 20230116/063131.734 - 47     U00045099 The server replied with following status: '200'
REST - 20230116/063338.076 - 37     U00011852 Logoff 'MICHIELSAML/UC4' ('1311045'), client: '100' (Connection='*CP002#00000001').
JWP  - 20230116/063258.620 - 41     U00003406 Client connection '7'  from '10.253.129.24:51604' has logged on to the Server.
JWP  - 20230116/063258.623 - 41     U00003406 Client connection '8'  from '10.253.129.24:51607' has logged on to the Server.
JWP  - 20230116/063258.628 - 41     U00003406 Client connection '9'  from '10.253.129.24:51610' has logged on to the Server.

Here is the explanation:

IDP = Identity provider

The SAML login works as follows:
The AWI sends a login request where the user is unknown at the moment since SSO is used.
As only client/department is known, the user is unknown at the moment (the name will be received from the SSO provider after successful login).
The backend verifies that there is a SAML configuration for this client, prepares the SAML token and sends a redirect to the AWI for the SSO with a SAML authentication token. This is prepared by the JWP and the browser gets redirected to the SSO IDP to get/authorize the user details.
That is why the CP logs show username 'UNKNOWN' as the user is not known at the moment, this info is received from the SSO IDP at a later point after the Login is performed, and the user is authorized.

Therefore, it is not possible to change these log messages.


Now, the browser redirects to the SSO IDP login page, where the login is performed (username/password, 2-factor authentication)
When the login is validated, the SSO IDP sends a redirect to the browser with the signed SAML token which also contains the username information.

Only now the user is known.

The browser once again does a local login request to the AWI with the username field now filled and a saml token which is received from the SSO IDP.
The SAML Token is verified by the JWP and the login is confirmed.