Administrator

Configuring the PasswordValidationAudit.sql File for Agentry Applications

After configuring the SqlBe.ini file, you may need to make modifications to the passwordValidationAudit.sql file, which enables you to handle password validation audit records. The developer must enable password validation in the application definition.

The passwordValidationAudit.sql file is used for all applications. The file should be in the same directories as other SQL script files, as described in Configuring the SqlBe.ini Query Initialization File for Agentry Applications.

Make changes to configuration files in the development environment, not on SAP Mobile Platform Server, and publish a new ZIP file in Management Cockpit.

Password Validation Audit Template File

Following is the passwordValidationAudit.sql template file format:
<!--passwordValidationAudit.sql
 
    <<id>> is the user ID
    <<reason>> is the reason password was required
    <<success>> is true if password validation attempt was successful
    <<lockout>> is true if lockout level reached
    <<transactionName>> is the name of the transaction (only for transaction-related attempts), empty otherwise
    <<transactionID>> is the ID of transaction (only for transaction-related attempts), 0 otherwise
    <<attemptTime>> is the password validation attempt time stamp
 
    See Agentry documentation for additional information.
-->

Password Validation Audit File Values

Script file values.
Value Type

Description

ID

String

The user ID for which the password was requested.

Reason

Enum
The reason the password is requested. Values include:
  • Login(0) ‒ initial login screen password entry.

  • IdleTimeout(1) ‒ idle timeout screen requested the password entry.

  • PasswordChange(2) ‒ password change screen requested password entry.

  • TransactionValidation(3) ‒

    password was requested to validate a transaction.

Success

Boolean

Whether the password validation attempt was successful.

Lockout

Boolean

Whether a failed password attempt caused the client to be locked out.

Transaction Name

String

For transaction-related attempts, the transaction by name if the reason for the password was a transaction validation. Otherwise the value is empty.

Transaction ID

ID

For transaction-related attempts, the transaction by ID if the reason for the password was a transaction validation. Otherwise the value is 0.

Attempt Time

TimeandDate

The date-time stamp when the password was requested for the validation attempt. Attempt time is always in UTC format.

Password Validation Processing

When a user performs a password-related action (login, idle timeout, password change, and transaction validation), an encrypted password validation audit record is created on the client device.

The encrypted audit record is sent to the server. Records are typically sent on a first-in, first-out basis, which means the oldest record is processed first, but that is not guaranteed. Once the server receives the record, the server sends confirmation to the client, and the client deletes the encrypted audit record.