The audit filter component configures the resource classes for which the audit records should be routed to the associated destination.
DefaultAuditFilter Configuration Properties
The property name default value description is:
(1)caseSensitiveFiltering false set to true to use case sensitivity when matching resource classes and actions (2)filter default value="(ResourceClass=core.subject,Action=authorization.role)(ResourceClass=core.subject,Action=authorization.resource) (ResourceClass=core.subject,Action=authentication)(ResourceClass=core.subject,Action=logout)(ResourceClass=core.profile) (ResourceClass=providers.*)(ResourceClass=clients.*)" description = the filter string that determines whether an audit record should be written out to the audit destination.
Filter resource classes consist of one or more filter expressions that are delimited by parenthesis ( () ). Square brackets () denote optional values. The syntax is:
The allowed keys are: ResourceClass, Action, or Decision.
|provider||activate||Called when a provider is activated by CSI. The resource ID is the provider class name.||Generated unique provider identifier.|
|subject||authentication.provider||The result of a provider's
specific authentication request. Depending on the other
providers active, the actual CSI request for authentication may
not reflect this same decision.
This resource class is not a provider-generated audit record. CSI core generates this audit record automatically after receiving the provider's decision. The resource ID is not used.
|subject||authentication||The aggregate decision after considering each of the appropriate provider's authentication decisions. This record shares the same request identifier as the corresponding authentication provider records. The resource ID is the subject identifier if authentication is successful.||
|subject||authorization.role.provider||The result of a provider's specific role authorization request. The resource ID is the subject ID.||
|subject||authorization.role||The result of a resource-based authorization request. The resource ID is the subject ID.||
|subject||logout||Generated when an authenticated context is destroyed. The resource ID is the subject ID.||
|subject||create.provider||Provider-level record issued for anonymous self-registration requests. The resource ID is the subject identifier.||
|subject||create||Aggregate, generated when an anonymous self-registration request is made. The resource ID is the subject identifier.||
|subject||authorization.resource||The aggregate authorization decision, which is made after considering each of the appropriate provider's result. The resource ID is the subject ID.||
enables auditing of all the CSI core resource classes that involve a deny decision:
enables auditing for all core resource classes where the action is the subject modification action: