Package org.forgerock.openam.saml2.audit

Class SAML2Auditor

  • All Implemented Interfaces:
    SAML2EventLogger
    public class SAML2Auditor
extends Object
implements SAML2EventLogger
    Responsible for publishing audit access events for individual SAML2 requests. A SAML2Auditor is not thread safe and a new SAML2Auditor should be used for each request.

    • Constructor Detail

      • SAML2Auditor

        public SAML2Auditor​(AuditEventPublisher auditEventPublisher,
                    AuditEventFactory auditEventFactory,
                    jakarta.servlet.http.HttpServletRequest request)
        Constructor for SAML2Auditor
        Parameters:
        auditEventPublisher - The AuditEventPublisher
        auditEventFactory - The AuditEventFactory
        request - The HttpServletReqeust associated with the SAML2 request

    • Method Detail

      • auditAccessAttempt

        public void auditAccessAttempt()
        Description copied from interface: SAML2EventLogger
        Publishes an audit event with details of the attempted SAML2 operation, if the 'access' topic is audited.
        Specified by:
        auditAccessAttempt in interface SAML2EventLogger

      • auditAccessSuccess

        public void auditAccessSuccess()
        Description copied from interface: SAML2EventLogger
        Publishes an event with details of the successfully completed SAML2 operation, if the 'access' topic is audited.

        Any exception that occurs while trying to publish the audit event will be captured in the debug logs but otherwise ignored.

        Specified by:
        auditAccessSuccess in interface SAML2EventLogger

      • auditAccessFailure

        public void auditAccessFailure​(String errorCode,
                               String message)
        Description copied from interface: SAML2EventLogger
        Publishes an event with details of the failed CREST operation, if the 'access' topic is audited.

        Any exception that occurs while trying to publish the audit event will be captured in the debug logs but otherwise ignored.

        Specified by:
        auditAccessFailure in interface SAML2EventLogger
        Parameters:
        errorCode - A unique code that identifies the error condition.
        message - A human-readable description of the error that occurred.

      • setUserId

        public void setUserId​(String userId)
        Specified by:
        setUserId in interface SAML2EventLogger
        Parameters:
        userId - Identifies Subject of authentication.

      • setRealm

        public void setRealm​(String realm)
        Specified by:
        setRealm in interface SAML2EventLogger
        Parameters:
        realm - The realm for which the event is being logged.

      • setMethod

        public void setMethod​(String method)
        Specified by:
        setMethod in interface SAML2EventLogger
        Parameters:
        method - Identifies the operation invoked.

      • setRequestId

        public void setRequestId​(String authnRequestId)
        Description copied from interface: SAML2EventLogger
        /**
        Specified by:
        setRequestId in interface SAML2EventLogger
        Parameters:
        authnRequestId - the request id to log for this saml2 auth request

      • setAuthTokenId

        public void setAuthTokenId​(Object session)
        Specified by:
        setAuthTokenId in interface SAML2EventLogger
        Parameters:
        session - the auth token id for the preceding authentication request