Access Event Type
Contents
sm1252sp1
Contents
Access events result from user-related activities. They are called in the context of authentication, authorization, administration, and affiliate activity.
There are four categories of access events. Each of these event categories responds with its own set of events. The following table lists the access event categories and their associated response events.
Event Category | CA Single Sign-On Activity | CA Single Sign-On Event |
Authentication | User authentication accepted User authentication rejected User authentication attempted User authentication challenged User session validated | SmLogAccessEvent_AuthAccept SmLogAccessEvent_AuthReject SmLogAccessEvent_AuthAttempt SmLogAccessEvent_AuthChallenge SmLogAccessEvent_ValidateAccept SmLogAccessEvent_ValidateReject SmLogAccessEvent_AuthLogout |
Authorization | User authorization accepted User authorization rejected | SmLogAccessEvent_AzAccept SmLogAccessEvent_AzReject SmLogAccessEvent_AzUnresolved |
Administration | Administrator login Administrator rejected Administrator logout | SmLogAccessEvent_AdminLogin SmLogAccessEvent_AdminReject SmLogAccessEvent_AdminLogout |
Affiliate | — | SmLogAccessEvent_Visit |
Filter Access Events
Beginning with
CA Single Sign-On
v5.x, you can filter the kinds of access events you want to audit and log using the Auditing tab on the Policy Server Management Console. For example, for each of the four event categories you can select Log All Events or Log No Events.In addition, for the Authentication, Authorization, and Administration categories, you can select Log Rejection Events Only. For example, if this option is selected for the Authentication category, SmLogAccessEvent_AuthReject events would be logged, but SmLogAccessEvent_AuthAccept events would not be. Also, note the following behavior when Log Rejection Events Only is selected:
- SmLogAccessEvent_AuthAttempt events are not logged.A login attempt that does not result in an accepted authentication is considered a failure. However, because the authentication was not actually rejected, events are not logged if Log Rejection Events Only is selected.You can use SmLogAccessEvent_AuthAttempt events for intrusion detection.
- SmLogAccessEvent_AuthChallenge events are logged.A challenge is not considered a failure. It simply indicates a need for additional authentication information. However, because a challenge involves a rejected authentication, events are logged if Log Rejection Events Only is selected.