File name: rsec_sa_context_object_fields.htmlContext object fields
Each auditable event has an associated set of information
that is available for logging. This information is grouped into specific
context objects. The context objects that are available for logging
a specific event are specified by the event type. This topic details
the information that exists for each context object and specifies
whether the information is logged by default or is only logged when
the verbose logging option is enabled.
The SessionContextObj object
Table 1. SessionContextObj fields. This table
lists the SessionContextObj fields.
Field |
Type |
Description |
Default or Verbose logging |
sessionId |
String |
An identifier for the user session |
Default |
remoteAddr |
String |
The IP address for the remote host |
Default |
remotePort |
String |
The port of the remote host |
Default |
remoteHost |
String |
The host name of the remote host |
Default |
The PropagationContextObj object
Table 2. PropagationContextObj fields. This
table lists the PropagationContextObj fields.
Field |
Type |
Description |
Default or Verbose logging |
firstCaller |
String |
The identity of the first user in the caller
list |
Default |
callerList |
String array |
A list of names representing the identities
of the users |
Verbose |
The RegistryContextObj object
Table 3. RegistryContextObj fields. This table
lists the RegistryContextObj fields.
Field |
Type |
Description |
Default or Verbose logging |
type |
String |
The type of user registry being used, such as
LDAP or AIX® |
Default |
The ProcessContextObj object
Table 4. ProcessContextObj fields. This table
lists the ProcessContextObj fields.
Field |
Type |
Description |
Default or Verbose logging |
domain |
String |
The domain to which the user belongs |
Verbose |
realm |
String |
The registry partition to which the user belongs |
Default |
The EventContextObj object
Table 5. EventContextObj fields. This table lists
the EventContextObj fields.
Field |
Type |
Description |
Default or Verbose logging |
lastEventTrailId |
String |
The last ID associated with a given transaction |
Verbose |
eventTrailId |
String array |
An array of IDs that allow events that belong
to a given transaction to be correlated |
Default |
creationTime |
Date |
The date an event was created |
Default |
globalInstanceId |
Long |
The unique identifier of this event |
Default |
The DelegationContextObj object
Table 6. DelegationContextObj fields. This
table lists the DelegationContextObj fields.
Field |
Type |
Description |
Default or Verbose logging |
delegationType |
String |
no delegation, simple delegation, method delegation
or switch user delegation |
Default |
roleName |
String |
The Run as role being used: runAsClient, runAsSpecified,
runAsSystem, own ID |
Default |
identityName |
String |
Information about the mapped user |
Default |
The AuthnContextObj object
Table 7. AuthnContextObj fields. This table lists
the AuthnContextObj fields.
Field |
Type |
Description |
Default or Verbose logging |
authnType |
String |
The type of authentication used |
Default |
The ProviderContextObj object
Table 8. ProviderContextObj fields. This table
lists the ProviderContextObj fields.
Field |
Type |
Description |
Default or Verbose logging |
provider |
String |
The provider of the authentication or authorization
service |
Default |
providerStatus |
String |
Status of whether the authentication or authorization
event processed successfully by the provider |
Default |
The AuthnMappingContextObj object
Table 9. AuthnMappingContextObj fields. This
table lists the AuthnMappingContextObj fields.
Field |
Type |
Description |
Default or Verbose logging |
mappedSecurityDomain |
String |
The security domain after mapping has occurred |
Default |
mappedRealm |
String |
The realm after mapping has occurred |
Default |
mappedUserName |
String |
The user name after mapping has occurred |
Default |
The AuthnTermContextObj object
Table 10. AuthnTermContextObj fields. This
table lists the AuthnTermContextObj fields.
Field |
Type |
Description |
Default or Verbose logging |
terminateReason |
String |
The reason authentication ended |
Default |
The AccessContextObj object
Table 11. AccessContextObj fields. This table
lists the AccessContextObj fields.
Field |
Type |
Description |
Default or Verbose logging |
progName |
String |
The name of the program that was involved in
the event |
Default |
action |
String |
The action being performed. |
Default |
registryUserName |
String |
The name of the user in the registry |
Default |
appUserName |
String |
The name of the user within an application |
Default |
accessDecision |
String |
The decision of the authorization call |
Default |
resourceName |
String |
The name of the resource in the context of the
application |
Default |
resourceType |
String |
The type of resource |
Default |
resourceUniqueId |
Long |
The unique identifier of the resource |
Default |
permissionsChecked |
String array |
The permissions that were checked during the
authorization call |
Default |
permissionsGranted |
String array |
The permissions that were granted during the
authorization call |
Default |
rolesChecked |
String array |
The roles that were checked during the authorization
call |
Default |
rolesGranted |
String array |
The roles that were granted during the authorization
call |
Default |
The PolicyContextObj object
Table 12. PolicyContextObj fields. This table
lists the PolicyContextObj fields.
Field |
Type |
Description |
Default or Verbose logging |
policyName |
String |
The name of the policy |
Default |
policyType |
String |
The type of policy |
Default |
The KeyContextObj object
Table 13. KeyContextObj fields. This table lists
the KeyContextObj fields.
Field |
Type |
Description |
Default or Verbose logging |
keyLabel |
String |
The key or certificate label |
Default |
keyLocation |
String |
The physical location of the key database |
Default |
certLifetime |
Date |
The date when a certificate expires |
Default |
The CipherContextObj object
Table 14. CipherContextObj fields. This table
lists the CipherContextObj fields.
Field |
Type |
Description |
Default or Verbose logging |
cipherData |
Byte array |
The cipher data that is captured |
Verbose |
The MgmtContextObj object
Table 15. MgmtContextObj fields. This table lists
the MgmtContextObj fields.
Field |
Type |
Description |
Default or Verbose logging |
mgmtType |
String |
The type of management operation |
Default |
mgmtCommand |
String |
The application-specific command that was performed |
Default |
targetInfoAttributes |
Target Atrribute array |
Information about one or more secondary objects
involved in this operation |
Verbose |
The ResponseContextObj object
Table 16. ResponseContextObj fields. This table
lists the ResponseContextObj fields.
Field |
Type |
Description |
Default or Verbose logging |
url |
String |
The URL of the HTTP request |
Default |
httpRequestHeaders |
Attributes array |
The HTTP request headers provided by the client |
Verbose |
httpResponseHeaders |
Attributes array |
The HTTP response headers returned by the server |
Verbose |
The CustomPropertyContextObj object
Table 17. CustomPropertyContextObj fields. This table lists the CustomPropertyContextObj fields.
Field |
Type |
Description |
Default or Verbose logging |
key |
String |
The label representing the custom property key
name |
Verbose |
value |
Object |
The object value of the custom property |
Verbose |
Supporting Objects: Attributes
Table 18. Attribute fields. This
table describes the Attribute fields.
Field |
Type |
Description |
Default or Verbose logging |
name |
String |
Name of the attribute |
Default |
value |
String |
Value of the attribute |
Default |
Source |
String |
Source of the attribute (user, application,
or an input for authz rules) |
Default |
Supporting Objects: TargetAttributes
Table 19. TargetAttribute fields. This
table describes the TargetAttribute fields.
Field |
Type |
Description |
Default or Verbose logging |
name |
String |
What object is the operation targeted against? |
Default |
uniqueId |
Long |
Target's unique identifier |
Default |
Runtime Event: Context Object mapping
All
runtime events need sessionContext, eventContext, accessContext, propagationContext,
processContext, and registryContext objects. In addition to these
required context objects, each event needs the context objects listed
for that event in the following table:
Table 20. Context objects needed for event types. This table describes the context objects needed
for event types
Event Type |
Context Objects |
SECURITY_AUTHN |
authnContext, providerContext |
SECURITY_AUTHN_CREDS_MODIFY |
|
SECURITY_AUTHN_DELEGATION |
delegationContext |
SECURITY_AUTHN_MAPPING |
authnMapping, providerContext |
SECURITY_AUTHN_TERMINATE |
authnContext, providerContext, authnTermContext |
SECURITY_AUTHZ |
providerContext, policyContext |
SECURITY_ENCRYPTION |
keyContext |
SECURITY_MGMT_AUDIT |
mgmtContext |
SECURITY_MGMT_CONFIG |
mgmtContext |
SECURITY_MGMT_KEY |
mgmtContext, keyContext |
SECURITY_MGMT_POLICY |
mgmtContext, policyContext |
SECURITY_MGMT_PROVISIONING |
mgmtContext, regObjContext |
SECURITY_MGMT_REGISTRY |
mgmtContext, regObjContext |
SECURITY_MGMT_RESOURCE |
mgmtContext |
SECURITY_RESOURCE_ACCESS |
responseContext |
SECURITY_RUNTIME |
|
SECURITY_RUNTIME_KEY |
keyContext |
SECURITY_SIGNING |
keyContext |
|
