Preamble: [OSP]
Priority Level: FINEST
Java: internal.osp.framework.OSPContext.startLoggingDrivers() [905] thread=localhost-startStop-1
Time: 2019-01-31T16:31:46.921+0100
Log Data: Registered logger: internal.atlaslite.jcce.logging.driver.javautil.impl.JavaUtilLoggingDriver
Preamble: [OSP]
Priority Level: FINEST
Java: internal.osp.framework.OSPContext.startLoggingDrivers() [898] thread=localhost-startStop-1
Time: 2019-01-31T16:31:46.970+0100
Log Data: De-registering all drivers.
Preamble: [OSP]
Priority Level: FINEST
Java: internal.osp.framework.OSPContext.startLoggingDrivers() [905] thread=localhost-startStop-1
Time: 2019-01-31T16:31:46.976+0100
Log Data: Registered logger: internal.atlaslite.jcce.logging.driver.javautil.impl.JavaUtilLoggingDriver
Preamble: [osp-conf]
Priority Level: FINER
Java: thread=localhost-startStop-1
Time: 2019-01-31T16:31:47.098+0100
Log Data:
OAuth configuration properties:
com.netiq.idm.osp.as.admins-container-dn: ou=sa,o=system
com.netiq.idm.osp.as.duplicate-resolution-naming-attr: mail
com.netiq.idm.osp.as.naming-attr: cn
com.netiq.idm.osp.as.scope: 2
com.netiq.idm.osp.as.users-container-dn: ou=Users,o=data
com.netiq.idm.osp.auth.pwd.expire.show: true
com.netiq.idm.osp.auth.pwd.expire.url:
com.netiq.idm.osp.cef.enabled: false
com.netiq.idm.osp.clients: [XML Node]
com.netiq.idm.osp.fileauthsrc.filename: adminusers.txt
com.netiq.idm.osp.fileauthsrc.path: /opt/netiq/idm/apps/osp
com.netiq.idm.osp.forgotten-pwd-url:
com.netiq.idm.osp.krb.enabled: false
com.netiq.idm.osp.krb.sspr.enabled: false
com.netiq.idm.osp.ldap.admin-dn: cn=admin,ou=sa,o=system
com.netiq.idm.osp.ldap.admin-pwd: ********
com.netiq.idm.osp.ldap.host: idmapps1.server.domain.com
com.netiq.idm.osp.ldap.port: 636
com.netiq.idm.osp.ldap.use-ssl: true
com.netiq.idm.osp.localhost-auto-add: false
com.netiq.idm.osp.login.captcha.type: none
com.netiq.idm.osp.login.forgotten-password-target: ********
com.netiq.idm.osp.login.method: np
com.netiq.idm.osp.login.sign-in-help-url: https://idmapps.domain.com:8443/sspr/public?forwardURL=%24{Request.Url}&logoutURL=%24{Request.Url}
com.netiq.idm.osp.logout-urls:
<ospcfg:RedirectUrl compareAppOnly="true" final="false" returnParamName="logoutURL" xmlns:ospcfg="uri.osp.xml.config.05.2015">https://idmapps.domain.com:8443/sspr/public/Logout</ospcfg:RedirectUrl><ospcfg:RedirectUrl compareAppOnly="true" final="false" returnParamName="target" xmlns:ospcfg="uri.osp.xml.config.05.2015">https://idmapps.domain.com:8443/IDMProv/logout.do</ospcfg:RedirectUrl>
com.netiq.idm.osp.naaf.enabled: false
com.netiq.idm.osp.oauth-encrypting-key-alias: osp
com.netiq.idm.osp.oauth-encrypting-key.pwd: ********
com.netiq.idm.osp.oauth-encrypting-keystore.file: /opt/netiq/idm/apps/osp/osp.jks
com.netiq.idm.osp.oauth-encrypting-keystore.pwd: ********
com.netiq.idm.osp.oauth-encrypting-keystore.type: JKS
com.netiq.idm.osp.oauth-signing-key-alias: osp
com.netiq.idm.osp.oauth-signing-key.pwd: ********
com.netiq.idm.osp.oauth-signing-keystore.file: /opt/netiq/idm/apps/osp/osp.jks
com.netiq.idm.osp.oauth-signing-keystore.pwd: ********
com.netiq.idm.osp.oauth-signing-keystore.type: JKS
com.netiq.idm.osp.oauth-tls-key-alias: osp
com.netiq.idm.osp.oauth-tls-key.pwd: ********
com.netiq.idm.osp.oauth-tls-keystore.file: /opt/netiq/idm/apps/osp/osp.jks
com.netiq.idm.osp.oauth-tls-keystore.pwd: ********
com.netiq.idm.osp.oauth-tls-keystore.type: JKS
com.netiq.idm.osp.oauth-truststore.file: /opt/netiq/idm/apps/tomcat/conf/idm.jks
com.netiq.idm.osp.oauth-truststore.pwd: ********
com.netiq.idm.osp.oauth.accessTokenTTL: 120
com.netiq.idm.osp.oauth.refreshTokenTTL: 2592000
com.netiq.idm.osp.oauth.sessionTokenRevocationTTL: 172800
com.netiq.idm.osp.sessionTTL: 1200
com.netiq.idm.osp.ssl-keystore.file: ********
com.netiq.idm.osp.ssl-keystore.pwd: ********
com.netiq.idm.osp.sspr.check.url: https://idmapps.domain.com:8443/sspr/private/CommandServlet?processAction=checkAll
com.netiq.idm.osp.sspr.enabled: true
com.netiq.idm.osp.sspr.status.url: https://idmapps.domain.com:8443/sspr/public/rest/status
com.netiq.idm.osp.tenant.http-interfaces:
<ospcfg:HTTPInterface cookieDomain="idmapps.domain.com" displayName="idmapps.domain.com" domainName="idmapps.domain.com" enabled="true" id="idmapps.domain.com" path="osp" port="8443" resolvable="true" tls="true" xmlns:ospcfg="uri.osp.xml.config.05.2015"/><ospcfg:HTTPInterface cookieDomain="192.168.0.158" displayName="192.168.0.158" enabled="true" id="192.168.0.158" ipAddress="192.168.0.158" path="osp" port="8443" resolvable="true" tls="true" xmlns:ospcfg="uri.osp.xml.config.05.2015"/>
com.netiq.idm.osp.url.host: https://idmapps.domain.com:8443
com.netiq.idm.pwdmgt.provider: sspr
com.novell.idm.osp.fileauthsrc.enabled: true
Preamble: [OSP]
Priority Level: FINER
Java: internal.osp.framework.config.OSPConfigurationCache.get() [509] thread=localhost-startStop-1
Time: 2019-01-31T16:31:46.926+0100
Elapsed time: 587.32 milliseconds
Log Data: Get configuration: CURRENT
Location: /opt/netiq/idm/apps/tomcat/work/Catalina/localhost/osp/exp/osp-conf-edir/WEB-INF/conf/current
Validation resulting in the following:
Information: OSP
OSP system LDAP bind timeout is 15 seconds.
Information: OSP
No OSP system LDAP read timeout.
Validation result for tenant: idm
Information: Tenant[For IDM and IG (id=idm)]/ContainerTlsProbe
No explicitly-specified log level. Using default value: "WARNING"
Preamble: [OSP]
Priority Level: FINEST
Java: internal.osp.framework.TrustImpl.getCertsPath() [190] thread=localhost-startStop-1
Time: 2019-01-31T16:31:47.526+0100
Elapsed time: 641.362 microseconds
Log Data: Get certificates directories:
No directories found.
Preamble: [OSP]
Priority Level: FINER
Java: internal.osp.framework.StandardTrustImpl.loadKeyStore() [305] thread=localhost-startStop-1
Time: 2019-01-31T16:31:47.527+0100
Elapsed time: 1.964 milliseconds
Log Data: Load keystore file: /opt/netiq/idm/apps/tomcat/conf/idm.jks
Attempt: 0
Opened: true
Keystore instance of type: jks
Loaded: true
Preamble: [OSP]
Priority Level: FINER
Java: internal.osp.framework.StandardTrustImpl.loadKeyStore() [305] thread=localhost-startStop-1
Time: 2019-01-31T16:31:47.531+0100
Elapsed time: 244.755 microseconds
Log Data: Load keystore file: /opt/netiq/idm/apps/osp/osp.jks
Attempt: 0
Opened: true
Keystore instance of type: JKS
Loaded: true
Preamble: [OSP]
Priority Level: FINEST
Java: internal.osp.framework.util.net.client.OSP_SSLSocketFactory.<init>() [76] thread=localhost-startStop-1
Time: 2019-01-31T16:31:47.533+0100
Log Data: Using SUN JSSE for JVM Vendor Version : Oracle Corporation1.8.0_172
Preamble: [OSP]
Priority Level: INFO
Java: internal.osp.framework.OSPContext.start() [819] thread=localhost-startStop-1
Time: 2019-01-31T16:31:47.554+0100
Log Data: Loading configuration document:
<OSP>:
Markup (count 1):
Unique Id: dbf6d7ee-64d4-434b-b250-6549f5f097e4
Markup: Name: CFGOMkpDirty
<ConsoleLogger>:
Id: osp-console-logger
DisplayName: OSP Console Logger
Enabled: false
Type: file
Allow sharing: true
Level: ALL
Time Format: yyyy-MM-dd'T'HH:mm:ss.SSSZ
Output Format: readable
Field Name Format: readable
<JavaUtilLogger>:
Id: osp-file-logger
DisplayName: OSP File Logger
Enabled: true
Type: file
Allow sharing: true
Level: ALL
Time Format: yyyy-MM-dd'T'HH:mm:ss.SSSZ
Output Format: readable
Field Name Format: readable
Application name: osp-
Instance name: idm
Log file path: /opt/netiq/idm/apps/tomcat/logs
Zip on archive: true
Maximum number of archive files: 10
Maximum archive file byte size: unlimited
File wrap time period: day
Maximum file size (wrap after): 9.537 MB (10000000)
Maximum file size check period: 5m 0.000s (300000)
Logger name: osp-idm
<NSureAuditAuditor>:
Id: osp-naudit-logger
DisplayName: OSP NAudit Logger
Enabled: false
Type: audit
Allow sharing: true
Level: ALL
<InternalPlatformAgent>:
Enabled: false
Reconnect interval: 30.000s (30000)
Internal log level: WARNING
Send internal log to stdout: true
Send internal log to file: false
<SysLogAuditor>:
Id: syslog-logger
DisplayName: OSP Syslog Logger
Enabled: false
Type: audit
Allow sharing: true
Level: ALL
<Delivery>:
Strategy: persistent
<Queue>:
Maximum capacity: unlimited
Limit action: drop
Execution interval: 1.000s (1000)
<Persistence>:
Initial capacity: 128
Maximum storage size: 1073741824
Delete on exit: false
<CacheFile>:
Identifier: syslog.osp
Hostname: localhost
Port: 514
Protocol: tcp
Message framing: octetcounting
Control character LF replacement: empty
Control character action: hex
Control character action hex format: 0x{0}
Maximum log entry size: 2 KB (2048)
Use legacy structured data format: false
<CEFAuditor>:
Id: cef-logger
DisplayName: OSP CEF Logger
Enabled: false
Type: audit
Allow sharing: true
Level: ALL
<Delivery>:
Strategy: persistent
<Queue>:
Maximum capacity: unlimited
Limit action: drop
Execution interval: 1.000s (1000)
<Persistence>:
Initial capacity: 128
Maximum storage size: 1073741824
Delete on exit: false
<CacheFile>:
Identifier: cef.osp
Hostname: localhost
Port: 514
Protocol: tcp
Message framing: terminatelf
Control character LF replacement: empty
Control character action: hex
Control character action hex format: 0x{0}
Maximum log entry size: 2 KB (2048)
Use fully-qualified DNS names for CEF hostnames: true
Use numeric CEF timestamp values: true
Use numeric CEF severity values: true
Set "CEF" as the syslog APP-NAME value: true
<NamedValues>:
Auto created: true
<KeyStore>:
Uses:
TLS_TRUST
Keystore: /opt/netiq/idm/apps/tomcat/conf/idm.jks
Type: jks
Keystore password: ********
Key pair password: <not provided>
<KeyStore>:
Uses:
TLS
Keystore: /opt/netiq/idm/apps/osp/osp.jks
Type: JKS
Keystore password: ********
Key pair alias: osp
Key pair password: ********
Debug: undefined
Device File: null
LDAP bind timeout: 15 seconds
TCP Timeout Proxy: 60 seconds
TCP Timeout Request: 30 seconds
<ThreadPool>:
Core pool size: 10
Max pool size: default
Keepalive time: default
Continue existing periodic tasks after shutdown: default
Execute existing delayed tasks after shutdown: default
Remove on cancel: default
Max shutdown wait time: default
<KeyStore>:
Uses:
TLS_TRUST
Keystore: /opt/netiq/idm/apps/tomcat/conf/idm.jks
Type: jks
Keystore password: ********
Key pair password: <not provided>
<KeyStore>:
Uses:
TLS
Keystore: /opt/netiq/idm/apps/osp/osp.jks
Type: JKS
Keystore password: ********
Key pair alias: osp
Key pair password: ********
<EntryPoint>:
Name: Main
Access: controlled
<EntryPoint>:
Name: System
Access: controlled
<EntryPoint>:
Name: Monitor
Access: controlled
<EntryPoint>:
Name: Heartbeat
Access: controlled
Class: TenantConfig
Admin scope: OSP
Context dir: /opt/netiq/idm/apps/tomcat/work/Catalina/localhost/osp/exp/osp-conf-edir
<Tenant>:
Markup (count 1):
Unique Id: 01c59870-f07f-49a1-81e6-e11921a62e95
Markup: Name: CFGOMkpDirty
<ConsoleLogger>:
Id: osp-console-logger
DisplayName: OSP Console Logger
Enabled: false
Type: file
Allow sharing: true
Level: ALL
Time Format: yyyy-MM-dd'T'HH:mm:ss.SSSZ
Output Format: readable
Field Name Format: readable
<JavaUtilLogger>:
Id: osp-file-logger
DisplayName: OSP File Logger
Enabled: true
Type: file
Allow sharing: true
Level: ALL
Time Format: yyyy-MM-dd'T'HH:mm:ss.SSSZ
Output Format: readable
Field Name Format: readable
Application name: osp-
Instance name: idm
Log file path: /opt/netiq/idm/apps/tomcat/logs
Zip on archive: true
Maximum number of archive files: 10
Maximum archive file byte size: unlimited
File wrap time period: day
Maximum file size (wrap after): 9.537 MB (10000000)
Maximum file size check period: 5m 0.000s (300000)
Logger name: osp-idm
<NSureAuditAuditor>:
Id: idm-naudit-logger
DisplayName: IDM NAudit Logger
Enabled: false
Type: audit
Allow sharing: true
Level: ALL
<InternalPlatformAgent>:
Enabled: false
Reconnect interval: 30.000s (30000)
Internal log level: WARNING
Send internal log to stdout: true
Send internal log to file: false
<SysLogAuditor>:
Id: syslog-logger
DisplayName: IDM Syslog Logger
Enabled: false
Type: audit
Allow sharing: true
Level: ALL
<Delivery>:
Strategy: persistent
<Queue>:
Maximum capacity: unlimited
Limit action: drop
Execution interval: 1.000s (1000)
<Persistence>:
Initial capacity: 128
Maximum storage size: 1073741824
Delete on exit: false
<CacheFile>:
Identifier: syslog.osp
Hostname: localhost
Port: 514
Protocol: tcp
Message framing: octetcounting
Control character LF replacement: empty
Control character action: hex
Control character action hex format: 0x{0}
Maximum log entry size: 2 KB (2048)
Use legacy structured data format: false
<CEFAuditor>:
Id: cef-logger
DisplayName: OSP CEF Logger
Enabled: false
Type: audit
Allow sharing: true
Level: ALL
<Delivery>:
Strategy: persistent
<Queue>:
Maximum capacity: unlimited
Limit action: drop
Execution interval: 1.000s (1000)
<Persistence>:
Initial capacity: 128
Maximum storage size: 1073741824
Delete on exit: false
<CacheFile>:
Identifier: cef.osp
Hostname: localhost
Port: 514
Protocol: tcp
Message framing: terminatelf
Control character LF replacement: empty
Control character action: hex
Control character action hex format: 0x{0}
Maximum log entry size: 2 KB (2048)
Use fully-qualified DNS names for CEF hostnames: true
Use numeric CEF timestamp values: true
Use numeric CEF severity values: true
Set "CEF" as the syslog APP-NAME value: true
<GoogleAnalyticsAuditor>:
Comments:
level="${com.netiq.idm.osp.googleanalytics.level:ALL}"
<Event>XDAS_AE_AUTHENTICATE_ACCOUNT</Event>
<Event>XDAS_AE_CREATE_SESSION</Event>
<Event>XDAS_AE_TERMINATE_SESSION</Event>
<Event>XDAS_AE_CREATE_ACCOUNT</Event>
<Event>0.0.2.4</Event>
<Event>0.0.2.0</Event>
<Event>0.0.2.1</Event>
<Event>0.0.0.0</Event>
Id: osp-googleanalytics-auditor
DisplayName: OSP Google Analytics Auditor
Enabled: false
Type: audit
Allow sharing: true
Level: ALL
<Delivery>:
Strategy: persistent
<Queue>:
Maximum capacity: unlimited
Limit action: drop
Execution interval: 1.000s (1000)
<Persistence>:
Initial capacity: 128
Maximum storage size: 1073741824
Delete on exit: false
<CacheFile>:
Identifier: googleanalytics.osp
Endpoint: googleanalytics
Endpoint transfer protocol: https
Auditable event identifiers:
0.0.2.4
0.0.2.0
0.0.2.1
0.0.0.0
<NamedValues>:
Auto created: true
<KeyStore>:
Uses:
SIGNING
Keystore: /opt/netiq/idm/apps/osp/osp.jks
Type: JKS
Keystore password: ********
Key pair alias: osp
Key pair password: ********
<KeyStore>:
Uses:
ENCRYPTING
Keystore: /opt/netiq/idm/apps/osp/osp.jks
Type: JKS
Keystore password: ********
Key pair alias: osp
Key pair password: ********
<KeyStore>:
Uses:
TLS
Keystore: /opt/netiq/idm/apps/osp/osp.jks
Type: JKS
Keystore password: ********
Key pair alias: osp
Key pair password: ********
<KeyStore>:
Uses:
TLS_TRUST
Keystore: /opt/netiq/idm/apps/tomcat/conf/idm.jks
Type: jks
Keystore password: ********
Key pair password: <not provided>
Inject branding: false
Debug: undefined
Validate XML: false
Class loader?: true
<HTTPInterface>:
Id: idmapps.domain.com
DisplayName: idmapps.domain.com
Enabled: true
Resolvable: true
Domain name: idmapps.domain.com
Port: 8443
TLS: true
Path: osp
Cookie domain: idmapps.domain.com
<HTTPInterface>:
Id: 192.168.0.158
DisplayName: 192.168.0.158
Enabled: true
Resolvable: true
IP address: 192.168.0.158
Port: 8443
TLS: true
Path: osp
Cookie domain: 192.168.0.158
<ContainerTlsProbe>:
Enabled: true
Level: WARNING
Connect timeout (milliseconds): 250
Task delay (in milliseconds): 0
Minimum protocol: TLSv1.1
Normalize host: true
<AuthenticationService>:
Markup (count 1):
Unique Id: 0abf91a9-9b48-40f7-bc38-2507f546b42b
Markup: Name: CFGOMkpDirty
Id: auth
DisplayName: OSP Configuration
Enabled: true
Debug: undefined
Location: /opt/netiq/idm/apps/tomcat/work/Catalina/localhost/osp/exp/osp-conf-edir/WEB-INF/conf/current/idm/services
<Security>:
Phishing check: off
Client IP spoofing check: reauth
Minimum delay: 250 milliseconds
Maximum delay: 3000 milliseconds
<Cluster>:
<ClusterForwarding>:
Enabled: false
HMAC Algorithm: HmacSHA256
<ClusterCookie>:
Enabled: true
HMAC Algorithm: HmacSHA256
<Reference>:
Reference identifier: 127
Type: SymmetricKey
Decorator: hmac
<UserInterface>:
X-Frame-Options: NONE
<PublicPage>:
Value: errorCodes.jsp
<PublicPage>:
Value: err.jsp
<PublicPage>:
Value: err2.jsp
<PublicPage>:
Value: login.jsp
<PublicPage>:
Value: nmaslogin.jsp
<PublicPage>:
Value: logoutSuccess.jsp
<PublicPage>:
Value: banner.jsp
<PublicPage>:
Value: nav.jsp
<PublicPage>:
Value: menus.jsp
<PublicPage>:
Value: footer.jsp
<PublicPage>:
Value: content.jsp
<PublicPage>:
Value: cards.jsp
<PublicPage>:
Value: select.jsp
<PublicPage>:
Value: nocard.jsp
<PublicPage>:
Value: title.jsp
<PublicPage>:
Value: error.jsp
<PublicPage>:
Value: curcard.jsp
<PublicPage>:
Value: main.jsp
<PublicPage>:
Value: createacct.jsp
<PublicPage>:
Value: no_kerberos.jsp
<LDAPDataSource>:
Id: idm_idv
DisplayName: LDAP Directory Data Source
Enabled: true
Implementation class: internal.osp.oidp.service.source.ldap.LDAPSource
Admin Username: cn=admin,ou=sa,o=system
Admin password: ********
Password encoding: None
Directory type: eDir
Idle timeout: 10000 milliseconds
Rebind allowed: true
<Server>:
Host: idmapps1.server.domain.com
Secure connection: true
Maximum connections: : 31
Port: 636
<FileDataSource>:
Id: firstFile
DisplayName: CSV File Data Source
Enabled: true
Implementation class: internal.osp.oidp.service.source.file.FileSource
Path: /opt/netiq/idm/apps/osp
Filename: adminusers.txt
Field separator: ,
<Field>:
Index: 0
Type: string
Use: naming
Unique: true
Unique part: false
Sensitive: false
Search index: equality
<Field>:
Index: 1
Type: string
Use: password
Hash algorithm: SHA-512
Unique: false
Unique part: false
Sensitive: true
Search index: none
<Field>:
Index: 2
Type: string
Use: normal
Unique: false
Unique part: false
Sensitive: false
Search index: none
Identity: IdentityData[name.given-name[1]]
<Field>:
Index: 3
Type: string
Use: normal
Unique: false
Unique part: false
Sensitive: false
Search index: none
Identity: IdentityData[name.family-name[1]]
Encoding: UTF-8
<KerberosDataSource>:
Id: ds-krb
DisplayName: Kerberos Data Source
Enabled: false
Implementation class: internal.osp.oidp.spnego.authclass.KerberosDataSource
<OAuth2SAML2DataSource>:
Id: ds-saml2
DisplayName: SAML2 Data Source
Enabled: false
Implementation class: internal.osp.oidp.service.oauth2.OAuth2Saml2DataSource
<Reference>:
Reference identifier: saml2
Type: Protocol
Allow replay: false
<NaafDataSource>:
Id: ds-naaf
DisplayName: Advanced Authentication Data Source
Enabled: false
Implementation class: internal.osp.oidp.aa.NaafSource
Endpoint identifier: 41414141414141414141414141414141
Endpoint secret: ********
Salt bit length: ********
Cleanup interval: 15 minutes
Heartbeat interval: 300000 milliseconds
<SearchRepository>:
<LDAPAuthenticationSource>:
Id: bisadus
DisplayName: LDAP Directory User Authentication
Enabled: true
<Reference>:
Reference identifier: idm_idv
Type: DataSource
<AttributeMapping>:
1:1 default: undefined
1:1: false
Use source/target: false
<AttributeMapEntry>:
Local name: last_name
Native name: sn
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: fullName
Native name: fullName
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: mail
Native name: mail
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: saml2-mapping-attr
Native name: mail
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: initials
Native name: initials
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: first_name
Native name: givenName
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: mobile
Native name: mobile
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: roles
Native name: nrfMemberOf
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: language
Native name: srvprvPreferredLocale
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: userDN
Native name: {$dn}
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: dn
Native name: {$dn}
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: userCN
Native name: cn
Cachable default: false
Cachable: false
Private: false
Restrict to contexts: false
<NamingAttr>:
Name: cn
<NamingAttr>:
Name: mail
<Context>:
Context: ou=Users,o=data
Order: 0
Scope: subtree
<Context>:
Context: ou=sa,o=system
Order: 0
Scope: subtree
<FileAuthenticationSource>:
Id: asf1
DisplayName: CSV File User Authentication
Enabled: true
<Reference>:
Reference identifier: firstFile
Type: DataSource
<AttributeMapping>:
1:1 default: undefined
1:1: false
Use source/target: false
<AttributeMapEntry>:
Local name: last_name
Native name: 3
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: first_name
Native name: 2
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: userDN
Native name: 0
Cachable default: false
Cachable: false
Private: false
Plugin auto configure: true
<KerberosAuthenticationSource>:
Id: as-krb
DisplayName: Kerberos User Authentication
Enabled: false
<Reference>:
Reference identifier: ds-krb
Type: DataSource
<AttributeMapping>:
1:1 default: undefined
1:1: false
Use source/target: false
<AttributeMapEntry>:
Local name: krbPrincipalName
Native name: {$principalName}
Cachable default: false
Cachable: false
Private: false
<IDPAuthenticationSource>:
Id: as-saml2
DisplayName: SAML 2.0 User Authentication
Enabled: false
<Reference>:
Reference identifier: ds-saml2
Type: DataSource
<AttributeMapping>:
1:1 default: undefined
1:1: false
Use source/target: false
<AttributeMapEntry>:
Local name: saml2-mapping-attr
Native name: mail
Cachable default: false
Cachable: false
Private: false
<NaafAuthenticationSource>:
Id: as-naaf
DisplayName: Advanced Authentication
Enabled: false
<Reference>:
Reference identifier: ds-naaf
Type: DataSource
<AttributeMapping>:
1:1 default: undefined
1:1: false
Use source/target: false
<AttributeMapEntry>:
Local name: naafUsername
Native name: naafUsername
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: naafAuthMethods
Native name: naafAuthMethods
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: naafUserRepository
Native name: naafUserRepository
Cachable default: false
Cachable: false
Private: false
<AssertionAttributeMap>:
Id: saml2-attr-map
DisplayName: SAML2 Attribute Map
<AssertionAttributeMapEntry>:
Friendly name: SAML IDP to Identity Vault mapping attribute
Local name: saml2-mapping-attr
SAML name: mail
Remote name format: urn:oasis:names:tc:SAML:2.0:attrname-format:basic
<Authentication>:
Allow disabled contracts: true
<Reference>:
Reference identifier: np-contract
Type: AuthContractOrGroup
Decorator: defaultContract
<Reference>:
Reference identifier: np-contract
Type: AuthContractOrGroup
Decorator: Password
<AuthContract>:
Id: np-contract
DisplayName: User Name/Password Login
Enabled: true
Password Expire URL: true
Base URL: idm:login:user:np
Show Password Expired UI: true
Check Trust Levels: false
Remote Contracts: false
<Reference>:
Reference identifier: np-auth
Type: ContractExecutable
<Reference>:
Reference identifier: naaf-2nd-factor
Type: ContractExecutable
<Reference>:
Reference identifier: naaf-bootstrap-admin-factor
Type: ContractExecutable
<Reference>:
Reference identifier: sspr-checks
Type: ContractExecutable
<Reference>:
Reference identifier: admin-role-mapping
Type: ContractExecutable
<Reference>:
Reference identifier: iac-bootstrap-role-assignment
Type: ContractExecutable
<AuthContract>:
Id: ro-np-contract
DisplayName: OAuth2 Resource Owner Credentials Login
Enabled: true
Password Expire URL: true
Base URL: idm:login:user:ro-np
Show Password Expired UI: false
Check Trust Levels: false
Remote Contracts: false
<Reference>:
Reference identifier: np-bg-auth
Type: ContractExecutable
<Reference>:
Reference identifier: admin-role-mapping
Type: ContractExecutable
<Reference>:
Reference identifier: iac-bootstrap-role-assignment
Type: ContractExecutable
<AuthContract>:
Id: krb-contract
DisplayName: User Kerberos Login
Enabled: false
Password Expire URL: false
Base URL: idm:login:user:kerberos
Show Password Expired UI: true
Check Trust Levels: false
Remote Contracts: false
<Reference>:
Reference identifier: krb-auth
Type: ContractExecutable
<Reference>:
Reference identifier: krb-mapping
Type: ContractExecutable
<Reference>:
Reference identifier: krb-sspr-checks
Type: ContractExecutable
<Reference>:
Reference identifier: admin-role-mapping
Type: ContractExecutable
<Reference>:
Reference identifier: iac-bootstrap-role-assignment
Type: ContractExecutable
<AuthContract>:
Id: krb-token-contract
DisplayName: Token Kerberos Login
Enabled: false
Password Expire URL: false
Base URL: vnd-netiq:osp:oauth2:kerberos
Show Password Expired UI: false
Check Trust Levels: false
Remote Contracts: false
<Reference>:
Reference identifier: krb-token-auth
Type: ContractExecutable
<Reference>:
Reference identifier: krb-mapping
Type: ContractExecutable
<Reference>:
Reference identifier: admin-role-mapping
Type: ContractExecutable
<Reference>:
Reference identifier: iac-bootstrap-role-assignment
Type: ContractExecutable
<AuthContract>:
Id: saml2-contract
DisplayName: SAML2 User Login
Enabled: false
Password Expire URL: false
Base URL: idm:login:user:saml2
Show Password Expired UI: false
Check Trust Levels: false
Remote Contracts: false
<Reference>:
Reference identifier: saml2-auth
Type: ContractExecutable
<Reference>:
Reference identifier: saml2-mapping
Type: ContractExecutable
<Reference>:
Reference identifier: admin-role-mapping
Type: ContractExecutable
<Reference>:
Reference identifier: iac-bootstrap-role-assignment
Type: ContractExecutable
<AuthContract>:
Id: saml2-bearer-contract
DisplayName: SAML2 Bearer Authentication
Enabled: false
Password Expire URL: false
Base URL: urn:ietf:params:oauth:grant-type:saml2-bearer
Show Password Expired UI: false
Check Trust Levels: false
Remote Contracts: false
<Reference>:
Reference identifier: saml2-bearer-auth
Type: ContractExecutable
<Reference>:
Reference identifier: saml2-mapping
Type: ContractExecutable
<Reference>:
Reference identifier: admin-role-mapping
Type: ContractExecutable
<Reference>:
Reference identifier: iac-bootstrap-role-assignment
Type: ContractExecutable
<Protocols>:
<OAuth2Protocol>:
Type: oauth2
Display name: oauth2 oauth2
Enabled: true
<OAuth2ApplicationTemplate>:
Id: idm
DisplayName: IDM OAuth Application
Identifier: idm
Enabled: true
Display name: IDM OAuth Application
HMAC algorithm: HmacSHA256
Access token TTL: 120 seconds
Auth code TTL: 120 seconds
Refresh token TTL: 2592000 seconds
Use token revocation: false
Use session-based token revocation: true
Session-based token revocation entry TTL: 172800 seconds
Supports refresh tokens: true
Supports authorization code: true
Supports implicit: true
Supports resource owner credentials: true
Resource owner grant contract identifier: ro-np-contract
Supports client credentials: true
Secondary naming attribute: mail
RFC-6750-compliant responses: false
<Reference>:
Reference identifier: ro-np-contract
Type: AuthContract
Decorator: resource-owner-credentials
<Reference>:
Reference identifier: krb-token-contract
Type: AuthContract
Decorator: ext-grant
<Reference>:
Reference identifier: saml2-bearer-contract
Type: AuthContract
Decorator: ext-grant
<Reference>:
Reference identifier: 127
Type: SymmetricKey
Decorator: hmac
<Reference>:
Reference identifier: bisadus
Type: AuthenticationSource
<Reference>:
Reference identifier: asf1
Type: AuthenticationSource
<RedirectUrlList>:
<Reference>:
Reference identifier: ro-np-contract
Type: AuthContract
Decorator: resource-owner-credentials
<Reference>:
Reference identifier: krb-token-contract
Type: AuthContract
Decorator: ext-grant
<Reference>:
Reference identifier: saml2-bearer-contract
Type: AuthContract
Decorator: ext-grant
<Reference>:
Reference identifier: 127
Type: SymmetricKey
Decorator: hmac
<Reference>:
Reference identifier: bisadus
Type: AuthenticationSource
<Reference>:
Reference identifier: asf1
Type: AuthenticationSource
<AttributeMapping>:
1:1 default: true
1:1: true
Use source/target: false
<AttributeMapEntry>:
Local name: {$oauth-valid-to}
Native name: expiration
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: userDN
Native name: name
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: first_name
Native name: first_name
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: language
Native name: language
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: last_name
Native name: last_name
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: {$oauth-app-id}
Native name: client
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: initials
Native name: initials
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: cacheable
Native name: cacheable
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: roles
Native name: roles
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: mail
Native name: email
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: {$oauth-auth-src-id}
Native name: auth_src_id
Cachable default: false
Cachable: false
Private: false
<NamedValues>:
Auto created: true
<OpenIdConnect>:
Enabled: true
Signature Algorithm: default
<UserInterface>:
Continue button: true
<OAuth2Clients>:
<Reference>:
Reference identifier: idm
Type: OAuth2ApplicationTemplate
<Client>:
Client identifier: sspr
Client secret: ********
Type: confidential
<RedirectUrlList>:
<Url>:
Id: bee9e303-9dee-4e4b-a2e6-ea40940cae79
DisplayName: https://idmapps.domain.com:8443/sspr/public/oauth
URL: https://idmapps.domain.com:8443/sspr/public/oauth
Case-sensitive: true
<Url>:
Id: 27cc2187-b033-4bf5-a6ee-ba3519af0ee7
DisplayName: https://192.168.0.158:8443/sspr/public/oauth
URL: https://192.168.0.158:8443/sspr/public/oauth
Case-sensitive: true
<TemplateOverride>:
Supports Authorization Code Grant: true
Supports Implicit Grant: true
<Client>:
Client identifier: cx
Client secret: ********
Type: confidential
<RedirectUrlList>:
<Url>:
Id: 6115fc96-8cee-401a-b515-088949c26881
DisplayName: https://idgov.domain.com:8443/cx/oauth.html
URL: https://idgov.domain.com:8443/cx/oauth.html
Case-sensitive: true
<Url>:
Id: 2d0f19f3-986c-4f35-9932-52ef49ba2968
DisplayName: https://192.168.0.98:8443/cx/oauth.html
URL: https://192.168.0.98:8443/cx/oauth.html
Case-sensitive: true
<Url>:
Id: e3b84b34-a035-4494-939f-1cb76b453824
DisplayName: https://idgovsrv1.server.domain.com:8443/cx/oauth.html
URL: https://idgovsrv1.server.domain.com:8443/cx/oauth.html
Case-sensitive: true
<Client>:
Client identifier: idmdash
Client secret: ********
Type: confidential
<RedirectUrlList>:
<Url>:
Id: 7a408d7b-cd5e-4c87-b2c7-dbff4ea06f3f
DisplayName: https://idmapps.domain.com:8443/idmdash/oauth.html
URL: https://idmapps.domain.com:8443/idmdash/oauth.html
Case-sensitive: true
<Url>:
Id: 9e4982e6-e543-41d0-81f5-177e3fbb3324
DisplayName: https://192.168.0.158:8443/idmdash/oauth.html
URL: https://192.168.0.158:8443/idmdash/oauth.html
Case-sensitive: true
<TemplateOverride>:
Supports Implicit Grant: true
<Client>:
Client identifier: dcsdrv
Client secret: ********
Type: confidential
<RedirectUrlList>:
<TemplateOverride>:
Supports Resource Owner Password Credentials Grant: true
<Client>:
Client identifier: idmadmin
Client secret: ********
Type: confidential
<RedirectUrlList>:
<Url>:
Id: d23b17db-07a2-475e-8127-4c827205e62c
DisplayName: https://idmapps.domain.com:8443/idmadmin/oauth.html
URL: https://idmapps.domain.com:8443/idmadmin/oauth.html
Case-sensitive: true
<Url>:
Id: bbe05337-151b-4f3d-9e22-9f200264e9e6
DisplayName: https://192.168.0.158:8443/idmadmin/oauth.html
URL: https://192.168.0.158:8443/idmadmin/oauth.html
Case-sensitive: true
<TemplateOverride>:
Supports Implicit Grant: true
<Client>:
Client identifier: wf
Client secret: ********
Type: confidential
<RedirectUrlList>:
<TemplateOverride>:
Supports Client Credentials grant: true
<Client>:
Client identifier: iac-dtp
Client secret: ********
Type: confidential
<RedirectUrlList>:
<TemplateOverride>:
Supports Client Credentials grant: true
<Client>:
Client identifier: idmdcs
Client secret: ********
Type: confidential
<RedirectUrlList>:
<Url>:
Id: 4371478b-ab64-4c3f-889c-45ba1d376a46
DisplayName: http://localhost:8180/idmdcs/oauth.html
URL: http://localhost:8180/idmdcs/oauth.html
Case-sensitive: true
<Url>:
Id: 8ead2039-69a9-4d6e-abc5-41a35e4609ff
DisplayName: http://127.0.0.1:8180/idmdcs/oauth.html
URL: http://127.0.0.1:8180/idmdcs/oauth.html
Case-sensitive: true
<Url>:
Id: ac7ca52a-bab1-435d-8523-8debda93e3cd
DisplayName: http://idmapps1.server.domain.com:8180/idmdcs/oauth.html
URL: http://idmapps1.server.domain.com:8180/idmdcs/oauth.html
Case-sensitive: true
<Url>:
Id: d3fc4bbd-414a-4578-be52-47e43217ebde
DisplayName: http://10.192.67.150:8180/idmdcs/oauth.html
URL: http://10.192.67.150:8180/idmdcs/oauth.html
Case-sensitive: true
<TemplateOverride>:
Supports Implicit Grant: true
<Client>:
Client identifier: rbpm
Client secret: ********
Type: confidential
<RedirectUrlList>:
<Url>:
Id: 2c781423-344f-4b2b-9c8a-d4efe35860f7
DisplayName: https://idmapps.domain.com:8443/IDMProv/oauth
URL: https://idmapps.domain.com:8443/IDMProv/oauth
Case-sensitive: true
<Url>:
Id: 70aeb07d-ebdb-4ad7-bb15-0ddca05c1d2f
DisplayName: https://192.168.0.158:8443/IDMProv/oauth
URL: https://192.168.0.158:8443/IDMProv/oauth
Case-sensitive: true
<TemplateOverride>:
Supports Authorization Code Grant: true
Supports Implicit Grant: true
<Client>:
Client identifier: iac-daas
Client secret: ********
Type: confidential
<RedirectUrlList>:
<TemplateOverride>:
Supports Client Credentials grant: true
<Client>:
Client identifier: iac-service
Client secret: ********
Type: confidential
<RedirectUrlList>:
<TemplateOverride>:
Supports Client Credentials grant: true
<Client>:
Client identifier: iac
Client secret: ********
Type: confidential
<RedirectUrlList>:
<Url>:
Id: 1b2e8259-1a0b-48ff-80a6-43dbf2b250c9
DisplayName: https://idgov.domain.com:8443/oauth.html
URL: https://idgov.domain.com:8443/oauth.html
Case-sensitive: true
<Url>:
Id: f84c54af-bf11-4548-b53f-fae16a2f4d45
DisplayName: https://192.168.0.98:8443/oauth.html
URL: https://192.168.0.98:8443/oauth.html
Case-sensitive: true
<Url>:
Id: 22541054-6770-4ff6-b152-5fa2f1a021ce
DisplayName: https://idgovsrv1.server.domain.com:8443/oauth.html
URL: https://idgovsrv1.server.domain.com:8443/oauth.html
Case-sensitive: true
<Client>:
Client identifier: rpt
Client secret: ********
Type: confidential
<RedirectUrlList>:
<Url>:
Id: fb9b8654-97bf-4201-a7c4-5aaac078c762
DisplayName: https://idmapps.domain.com:8443/IDMRPT/oauth.html
URL: https://idmapps.domain.com:8443/IDMRPT/oauth.html
Case-sensitive: true
<Url>:
Id: 5cb6f72c-b5af-4a4f-8a8a-74bc47f8c057
DisplayName: https://192.168.0.158:8443/IDMRPT/oauth.html
URL: https://192.168.0.158:8443/IDMRPT/oauth.html
Case-sensitive: true
<TemplateOverride>:
Supports Implicit Grant: true
Supports Resource Owner Password Credentials Grant: true
<SAML2Protocol>:
Type: saml2
Display name: saml2 saml2
Enabled: false
Sign metadata: false
<SAML2SP>:
SAML2 SSO All Prof Artifact: false
SAML2 SSO Prof Post: true
SAML2 SSO Prof Redirect: true
SAML2 Logout Prof Redirect: true
SAML2 Logout Prof SOAP: true
SAML2 Name Mgmt Prof Redirect: false
SAML2 Name Mgmt Prof Post: false
SAML2 Name Mgmt Prof Soap: false
Report rolled keys in metadata: false
<TrustedIDP>:
Id: saml2-idp
DisplayName: SAML2 Identity Provider
Enabled: true
Expiration date: <not set>
Validate metadata cert: false
<Metadata>:
Fail on error: true
Base64: false
<AccessSettings>:
Auto Intro: <not set>
Force Auth At IDP: <not set>
Create Federation At Login: <not set>
Proxy Count: <not set>
Identifier Format: <not set>
Requested Context Type: none
SOAP Security Method: none
Encrypt Name Ids: <not set>
Encrypt Assertions: <not set>
Authentication response Proto Binding: HTTP-POST
Proxy Requests from SPs: <not set>
Attribute Map Ref Id: saml2-attr-map
Security Token Modifier Attribute: <not set>
Name Extraction pattern: <not set>
Signature digest algorithm: <not set>
<Reference>:
Reference identifier: saml2-attr-map
Type: AssertionAttributeMap
<Binding>:
Binding: HTTP-POST
SSO: true
SLO: true
Name management: <not set>
Signature digest algorithm: <not set>
<Binding>:
Binding: HTTP-Redirect
SSO: true
SLO: true
Name management: <not set>
Signature digest algorithm: <not set>
<LoginParameters>:
Require Signed Authn Requests: false
Require Signed Assertions: false
Sign Authn Requests: false
Use IDP Publishing: false
Use IDP Discovery: false
Single Logout Method: false
<PasswordAuthentication>:
Id: np-auth
DisplayName: Name/Password (Form)
Enabled: true
Java classname: internal.osp.oidp.service.authentication.classes.system.PasswordClass
<Reference>:
Reference identifier: captcha-config
Type: Captcha
<Reference>:
Reference identifier: bisadus
Type: AuthenticationSource
<Reference>:
Reference identifier: asf1
Type: AuthenticationSource
Max principal name length: 512
Continue button: true
Use hints: false
<DuplicateResolution>:
Attr name: mail
Form identifier: secAttr
Display name resource identifier: OIDPENDUSER.idm.username.secondary
Max password length: 512
Allow show/hide: undefined
Show/hide initial state: undefined
Cache password: false
<SignInHelp>:
Url: https://idmapps.domain.com:8443/sspr/public?forwardURL=%24{Request.Url}&logoutURL=%24{Request.Url}
Target: _self
Display name resource identifier: OIDPENDUSER.50077
Title resource identifier: OIDPENDUSER.50078
<DisplayLink>:
Target: _self
Display name resource identifier: OIDPENDUSER.idm.forgot-username
Title resource identifier: OIDPENDUSER.idm.forgot-username-title
<DisplayLink>:
Target: _self
Display name resource identifier: OIDPENDUSER.idm.activate-account
Title resource identifier: OIDPENDUSER.idm.activate-account-title
<PasswordAuthentication>:
Id: np-bg-auth
DisplayName: Name/Password Background
Enabled: true
Java classname: internal.osp.oidp.service.authentication.classes.system.PasswordClass
<Reference>:
Reference identifier: bisadus
Type: AuthenticationSource
<Reference>:
Reference identifier: asf1
Type: AuthenticationSource
Max principal name length: 512
Continue button: true
Use hints: false
<DuplicateResolution>:
Attr name: mail
Form identifier: secAttr
Display name resource identifier: OIDPENDUSER.idm.username.secondary
Max password length: 512
Allow show/hide: undefined
Show/hide initial state: undefined
Cache password: false
<SSPRChecks>:
Id: sspr-checks
DisplayName: SSPR Checks
Enabled: true
Java classname: internal.osp.oidp.service.authentication.classes.sspr.SSPRChecksClass
<Reference>:
Reference identifier: bisadus
Type: AuthenticationSource
Status URL: https://idmapps.domain.com:8443/sspr/public/rest/status
Check URL: https://idmapps.domain.com:8443/sspr/private/CommandServlet?processAction=checkAll
Forward URL param name: forwardURL
Logout URL param name: logoutURL
Ignore certificate subject: false
<SSPRChecks>:
Id: krb-sspr-checks
DisplayName: SSPR Checks
Enabled: false
Java classname: internal.osp.oidp.service.authentication.classes.sspr.SSPRChecksClass
<Reference>:
Reference identifier: bisadus
Type: AuthenticationSource
Status URL: https://idmapps.domain.com:8443/sspr/public/rest/status
Check URL: https://idmapps.domain.com:8443/sspr/private/CommandServlet?processAction=checkAll
Forward URL param name: forwardURL
Logout URL param name: logoutURL
Ignore certificate subject: false
<SpnegoAuthentication>:
Id: krb-auth
DisplayName: Kerberos Authentication
Enabled: false
Java classname: internal.osp.oidp.spnego.authclass.SpnegoClass
<Reference>:
Reference identifier: np-contract
Type: AuthContract
<Reference>:
Reference identifier: as-krb
Type: AuthenticationSource
Enforce HTTPS: false
Redirect page: no_kerberos
Redirect delay (seconds): 5
<KerberosTokenAuthentication>:
Id: krb-token-auth
DisplayName: Kerberos Token Authentication
Enabled: false
Java classname: internal.osp.oidp.spnego.authclass.KerberosTokenClass
<Reference>:
Reference identifier: as-krb
Type: AuthenticationSource
<PrincipalMapping>:
Id: krb-mapping
DisplayName: Kerberos Principal Mapping
Enabled: false
Java classname: internal.osp.oidp.service.authentication.classes.PrincipalMapping
<Reference>:
Reference identifier: as-krb
Type: AuthenticationSource
Decorator: srcId
<Reference>:
Reference identifier: bisadus
Type: AuthenticationSource
Decorator: destId
Expression: &(=(s[krbPrincipalName],t[cn]),=(t[objectClass],"inetOrgPerson"))
Check login policy: false
Fail authentication if principal doesn't result in mapping: true
Show error page on failure: true
<AttributeMapping>:
1:1 default: undefined
1:1: false
Use source/target: false
<IDPAuthentication>:
Id: saml2-auth
DisplayName: SAML2 Authentication
Enabled: false
Java classname: internal.osp.oidp.service.protocol.authentication.classes.IDPAuthenticationClass
<Reference>:
Reference identifier: as-saml2
Type: AuthenticationSource
Bearer only: false
<IDPAuthentication>:
Id: saml2-bearer-auth
DisplayName: SAML2 Bearer Authentication
Enabled: false
Java classname: internal.osp.oidp.service.protocol.authentication.classes.IDPAuthenticationClass
<Reference>:
Reference identifier: as-saml2
Type: AuthenticationSource
Bearer only: true
<PrincipalMapping>:
Id: saml2-mapping
DisplayName: SAML2 Principal Mapping
Enabled: false
Java classname: internal.osp.oidp.service.authentication.classes.PrincipalMapping
<Reference>:
Reference identifier: as-saml2
Type: AuthenticationSource
Decorator: srcId
<Reference>:
Reference identifier: bisadus
Type: AuthenticationSource
Decorator: destId
Expression: =(s[saml2-mapping-attr],t[mail])
Check login policy: false
Fail authentication if principal doesn't result in mapping: true
Show error page on failure: true
<AttributeMapping>:
1:1 default: undefined
1:1: false
Use source/target: false
<RoleMapping>:
Id: admin-role-mapping
DisplayName: IDM Admin Role Mapping
Enabled: true
Expression: |(*=(t[roles],"cn=rbpmAdmin,*,cn=RoleDefs,cn=RoleConfig,cn=AppConfig,*"),*=(t[roles],"cn=secAdmin,*,cn=RoleDefs,cn=RoleConfig,cn=AppConfig,*"))
<RoleMapping>:
Id: oauth2-client-role-mapping
DisplayName: OAuth2 Client Role Mapping
Enabled: true
Expression: =(t[grant-types],"client_credentials")
<RoleAssignment>:
Id: iac-bootstrap-role-assignment
DisplayName: Access Review Bootstrap Admin Role Assignment
Enabled: true
Java classname: internal.osp.oidp.service.authentication.classes.RoleAssignment
<Reference>:
Reference identifier: asf1
Type: AuthenticationSource
Principal: iacadmin
<NaafFactor>:
Id: naaf-2nd-factor
DisplayName: AAF Second Factor Authentication
Enabled: false
Java classname: internal.osp.oidp.aa.auth.NaafFactor
<Reference>:
Reference identifier: as-naaf
Type: AuthenticationSource
Max password length: 512
Continue button: true
Allow show/hide: true
Show/hide initial state: undefined
Use hints: false
<Repository>:
<Reference>:
Reference identifier: bisadus
Type: AuthenticationSource
<LookupAttribute>:
Name: mail
<LookupAttribute>:
Name: userCN
<Method>:
Method: SMARTPHONE:1
Enabled: true
Priority: 1
<NamedValues>:
Auto created: false
pollingInterval=3
<Method>:
Method: TOTP:1
Enabled: true
Priority: 2
<NamedValues>:
Auto created: false
<Method>:
Method: VOICE:1
Enabled: true
Priority: 3
<NamedValues>:
Auto created: false
pollingInterval=3
<Method>:
Method: SMS_OTP:1
Enabled: true
Priority: 4
<AutoEnroll>:
Selection expression: !null(t[mobile])
<NamedValues>:
Auto created: false
Selection expression: !null(t[mobile])
<Method>:
Method: HOTP:1
Enabled: true
Priority: 5
<NamedValues>:
Auto created: false
<Method>:
Method: EMAIL_OTP:1
Enabled: true
Priority: 6
<AutoEnroll>:
Selection expression: !null(t[mail])
<NamedValues>:
Auto created: false
Selection expression: !null(t[mail])
<Method>:
Method: SECQUEST:1
Enabled: false
Priority: 7
<NamedValues>:
Auto created: false
<Method>:
Method: PASSWORD:1
Enabled: false
Priority: 8
<NamedValues>:
Auto created: false
<Method>:
Method: LDAP_PASSWORD:1
Enabled: false
Priority: 9
<NamedValues>:
Auto created: false
<NaafFactor>:
Id: naaf-bootstrap-admin-factor
DisplayName: AR Bootstrap Admin Second Factor Authentication
Enabled: false
Java classname: internal.osp.oidp.aa.auth.NaafFactor
<Reference>:
Reference identifier: as-naaf
Type: AuthenticationSource
Max password length: 512
Continue button: true
Allow show/hide: true
Show/hide initial state: undefined
Use hints: false
<Repository>:
<Reference>:
Reference identifier: asf1
Type: AuthenticationSource
<LookupAttribute>:
Name: userDN
Name: LOCAL
<Method>:
Method: SMARTPHONE:1
Enabled: true
Priority: 1
<NamedValues>:
Auto created: false
pollingInterval=3
<Method>:
Method: TOTP:1
Enabled: true
Priority: 2
<NamedValues>:
Auto created: false
<Method>:
Method: HOTP:1
Enabled: true
Priority: 3
<NamedValues>:
Auto created: false
<Method>:
Method: SECQUEST:1
Enabled: false
Priority: 4
<NamedValues>:
Auto created: false
<Method>:
Method: PASSWORD:1
Enabled: false
Priority: 5
<NamedValues>:
Auto created: false
<Captcha>:
Id: captcha-config
DisplayName: CAPTCHA Configuration
Type: none
Attempts before required: 0
<ReCaptcha>:
Theme: white
<ReCaptcha2>:
Theme: light
Data type: default
Data size: default
<Organization>:
DisplayName: Micro Focus
Name: Micro Focus
URL: https://www.microfocus.com
<ContactPerson>:
Contact type: technical
Company name: Micro Focus
Given name: Micro
Surname: Focus
Email address: support@netiq.com
Telephone number: 1-801-861-4000
<Policy>:
<Logout>:
showLogoutConfirmation: false
hasFinal: false
<RedirectUrl>:
URL: https://idmapps.domain.com:8443/sspr/public/Logout
Return parameter name: logoutURL
Final: false
Case-sensitive: false
Compare app only: true
<RedirectUrl>:
URL: https://idmapps.domain.com:8443/IDMProv/logout.do
Return parameter name: target
Final: false
Case-sensitive: false
Compare app only: true
<LandingPage>:
Selection expression: |(&(&(=(s[Java.Property.com.netiq.idm.osp.logout.landing-page],"true"),=(s[SessionData.Transient.AuthnUris],"idm:login:user:kerberos")),!(=(s[Session.Markup.no-nego],"true"))),&(=(s[Java.Property.com.netiq.idm.osp.logout.saml2.landing-page],"internal"),=(s[SessionData.Transient.AuthnUris],"idm:login:user:saml2")))
<DisplayLink>:
Url: ${logout-return-target}
Target: _self
Display name resource identifier: OIDPENDUSER.50056
Title resource identifier: OIDPENDUSER.50080
<ForgotPassword>:
Target: _self
Display name resource identifier: OIDPENDUSER.50061
Title resource identifier: OIDPENDUSER.50079
<SignInHelp>:
Url: https://idmapps.domain.com:8443/sspr/public?forwardURL=%24{Request.Url}&logoutURL=%24{Request.Url}
Target: _blank
Display name resource identifier: OIDPENDUSER.50077
Title resource identifier: OIDPENDUSER.50078
<TargetWhitelist>:
Enabled: true
Configuration mode: auto
<RedirectUrlList>:
<ThrottleBySystemMemory>:
Threshold: 5
Reject new requests: false
Throttle: 7
Preamble: [OSP]
Priority Level: INFO
Java: internal.osp.framework.OSPContext.start() [846] thread=localhost-startStop-1
Time: 2019-01-31T16:31:47.563+0100
Log Data: Starting tenant: Tenant[For IDM and IG (id=idm)]
Preamble: [OSP]
Priority Level: FINEST
Java: internal.osp.framework.OSPContext.start() [1004] thread=localhost-startStop-1
Time: 2019-01-31T16:31:47.568+0100
Log Data: Tenant Validation messages (1):
1) Information: Tenant[For IDM and IG (id=idm)]/ContainerTlsProbe
No explicitly-specified log level. Using default value: "WARNING"
Preamble: [OSP]
Priority Level: FINEST
Java: internal.osp.framework.OSPTenant.startTenant() [456] thread=localhost-startStop-1
Time: 2019-01-31T16:31:47.584+0100
Log Data: Tenant Configuration:
Class: TenantConfig
Admin scope: OSP
Context dir: /opt/netiq/idm/apps/tomcat/work/Catalina/localhost/osp/exp/osp-conf-edir
<Tenant>:
Markup (count 1):
Unique Id: 01c59870-f07f-49a1-81e6-e11921a62e95
Markup: Name: CFGOMkpDirty
<ConsoleLogger>:
Id: osp-console-logger
DisplayName: OSP Console Logger
Enabled: false
Type: file
Allow sharing: true
Level: ALL
Time Format: yyyy-MM-dd'T'HH:mm:ss.SSSZ
Output Format: readable
Field Name Format: readable
<JavaUtilLogger>:
Id: osp-file-logger
DisplayName: OSP File Logger
Enabled: true
Type: file
Allow sharing: true
Level: ALL
Time Format: yyyy-MM-dd'T'HH:mm:ss.SSSZ
Output Format: readable
Field Name Format: readable
Application name: osp-
Instance name: idm
Log file path: /opt/netiq/idm/apps/tomcat/logs
Zip on archive: true
Maximum number of archive files: 10
Maximum archive file byte size: unlimited
File wrap time period: day
Maximum file size (wrap after): 9.537 MB (10000000)
Maximum file size check period: 5m 0.000s (300000)
Logger name: osp-idm
<NSureAuditAuditor>:
Id: idm-naudit-logger
DisplayName: IDM NAudit Logger
Enabled: false
Type: audit
Allow sharing: true
Level: ALL
<InternalPlatformAgent>:
Enabled: false
Reconnect interval: 30.000s (30000)
Internal log level: WARNING
Send internal log to stdout: true
Send internal log to file: false
<SysLogAuditor>:
Id: syslog-logger
DisplayName: IDM Syslog Logger
Enabled: false
Type: audit
Allow sharing: true
Level: ALL
<Delivery>:
Strategy: persistent
<Queue>:
Maximum capacity: unlimited
Limit action: drop
Execution interval: 1.000s (1000)
<Persistence>:
Initial capacity: 128
Maximum storage size: 1073741824
Delete on exit: false
<CacheFile>:
Identifier: syslog.osp
Hostname: localhost
Port: 514
Protocol: tcp
Message framing: octetcounting
Control character LF replacement: empty
Control character action: hex
Control character action hex format: 0x{0}
Maximum log entry size: 2 KB (2048)
Use legacy structured data format: false
<CEFAuditor>:
Id: cef-logger
DisplayName: OSP CEF Logger
Enabled: false
Type: audit
Allow sharing: true
Level: ALL
<Delivery>:
Strategy: persistent
<Queue>:
Maximum capacity: unlimited
Limit action: drop
Execution interval: 1.000s (1000)
<Persistence>:
Initial capacity: 128
Maximum storage size: 1073741824
Delete on exit: false
<CacheFile>:
Identifier: cef.osp
Hostname: localhost
Port: 514
Protocol: tcp
Message framing: terminatelf
Control character LF replacement: empty
Control character action: hex
Control character action hex format: 0x{0}
Maximum log entry size: 2 KB (2048)
Use fully-qualified DNS names for CEF hostnames: true
Use numeric CEF timestamp values: true
Use numeric CEF severity values: true
Set "CEF" as the syslog APP-NAME value: true
<GoogleAnalyticsAuditor>:
Comments:
level="${com.netiq.idm.osp.googleanalytics.level:ALL}"
<Event>XDAS_AE_AUTHENTICATE_ACCOUNT</Event>
<Event>XDAS_AE_CREATE_SESSION</Event>
<Event>XDAS_AE_TERMINATE_SESSION</Event>
<Event>XDAS_AE_CREATE_ACCOUNT</Event>
<Event>0.0.2.4</Event>
<Event>0.0.2.0</Event>
<Event>0.0.2.1</Event>
<Event>0.0.0.0</Event>
Id: osp-googleanalytics-auditor
DisplayName: OSP Google Analytics Auditor
Enabled: false
Type: audit
Allow sharing: true
Level: ALL
<Delivery>:
Strategy: persistent
<Queue>:
Maximum capacity: unlimited
Limit action: drop
Execution interval: 1.000s (1000)
<Persistence>:
Initial capacity: 128
Maximum storage size: 1073741824
Delete on exit: false
<CacheFile>:
Identifier: googleanalytics.osp
Endpoint: googleanalytics
Endpoint transfer protocol: https
Auditable event identifiers:
0.0.2.4
0.0.2.0
0.0.2.1
0.0.0.0
<NamedValues>:
Auto created: true
<KeyStore>:
Uses:
SIGNING
Keystore: /opt/netiq/idm/apps/osp/osp.jks
Type: JKS
Keystore password: ********
Key pair alias: osp
Key pair password: ********
<KeyStore>:
Uses:
ENCRYPTING
Keystore: /opt/netiq/idm/apps/osp/osp.jks
Type: JKS
Keystore password: ********
Key pair alias: osp
Key pair password: ********
<KeyStore>:
Uses:
TLS
Keystore: /opt/netiq/idm/apps/osp/osp.jks
Type: JKS
Keystore password: ********
Key pair alias: osp
Key pair password: ********
<KeyStore>:
Uses:
TLS_TRUST
Keystore: /opt/netiq/idm/apps/tomcat/conf/idm.jks
Type: jks
Keystore password: ********
Key pair password: <not provided>
Inject branding: false
Debug: undefined
Validate XML: false
Class loader?: true
<HTTPInterface>:
Id: idmapps.domain.com
DisplayName: idmapps.domain.com
Enabled: true
Resolvable: true
Domain name: idmapps.domain.com
Port: 8443
TLS: true
Path: osp
Cookie domain: idmapps.domain.com
<HTTPInterface>:
Id: 192.168.0.158
DisplayName: 192.168.0.158
Enabled: true
Resolvable: true
IP address: 192.168.0.158
Port: 8443
TLS: true
Path: osp
Cookie domain: 192.168.0.158
<ContainerTlsProbe>:
Enabled: true
Level: WARNING
Connect timeout (milliseconds): 250
Task delay (in milliseconds): 0
Minimum protocol: TLSv1.1
Normalize host: true
<AuthenticationService>:
Markup (count 1):
Unique Id: 0abf91a9-9b48-40f7-bc38-2507f546b42b
Markup: Name: CFGOMkpDirty
Id: auth
DisplayName: OSP Configuration
Enabled: true
Debug: undefined
Location: /opt/netiq/idm/apps/tomcat/work/Catalina/localhost/osp/exp/osp-conf-edir/WEB-INF/conf/current/idm/services
<Security>:
Phishing check: off
Client IP spoofing check: reauth
Minimum delay: 250 milliseconds
Maximum delay: 3000 milliseconds
<Cluster>:
<ClusterForwarding>:
Enabled: false
HMAC Algorithm: HmacSHA256
<ClusterCookie>:
Enabled: true
HMAC Algorithm: HmacSHA256
<Reference>:
Reference identifier: 127
Type: SymmetricKey
Decorator: hmac
<UserInterface>:
X-Frame-Options: NONE
<PublicPage>:
Value: errorCodes.jsp
<PublicPage>:
Value: err.jsp
<PublicPage>:
Value: err2.jsp
<PublicPage>:
Value: login.jsp
<PublicPage>:
Value: nmaslogin.jsp
<PublicPage>:
Value: logoutSuccess.jsp
<PublicPage>:
Value: banner.jsp
<PublicPage>:
Value: nav.jsp
<PublicPage>:
Value: menus.jsp
<PublicPage>:
Value: footer.jsp
<PublicPage>:
Value: content.jsp
<PublicPage>:
Value: cards.jsp
<PublicPage>:
Value: select.jsp
<PublicPage>:
Value: nocard.jsp
<PublicPage>:
Value: title.jsp
<PublicPage>:
Value: error.jsp
<PublicPage>:
Value: curcard.jsp
<PublicPage>:
Value: main.jsp
<PublicPage>:
Value: createacct.jsp
<PublicPage>:
Value: no_kerberos.jsp
<LDAPDataSource>:
Id: idm_idv
DisplayName: LDAP Directory Data Source
Enabled: true
Implementation class: internal.osp.oidp.service.source.ldap.LDAPSource
Admin Username: cn=admin,ou=sa,o=system
Admin password: ********
Password encoding: None
Directory type: eDir
Idle timeout: 10000 milliseconds
Rebind allowed: true
<Server>:
Host: idmapps1.server.domain.com
Secure connection: true
Maximum connections: : 31
Port: 636
<FileDataSource>:
Id: firstFile
DisplayName: CSV File Data Source
Enabled: true
Implementation class: internal.osp.oidp.service.source.file.FileSource
Path: /opt/netiq/idm/apps/osp
Filename: adminusers.txt
Field separator: ,
<Field>:
Index: 0
Type: string
Use: naming
Unique: true
Unique part: false
Sensitive: false
Search index: equality
<Field>:
Index: 1
Type: string
Use: password
Hash algorithm: SHA-512
Unique: false
Unique part: false
Sensitive: true
Search index: none
<Field>:
Index: 2
Type: string
Use: normal
Unique: false
Unique part: false
Sensitive: false
Search index: none
Identity: IdentityData[name.given-name[1]]
<Field>:
Index: 3
Type: string
Use: normal
Unique: false
Unique part: false
Sensitive: false
Search index: none
Identity: IdentityData[name.family-name[1]]
Encoding: UTF-8
<KerberosDataSource>:
Id: ds-krb
DisplayName: Kerberos Data Source
Enabled: false
Implementation class: internal.osp.oidp.spnego.authclass.KerberosDataSource
<OAuth2SAML2DataSource>:
Id: ds-saml2
DisplayName: SAML2 Data Source
Enabled: false
Implementation class: internal.osp.oidp.service.oauth2.OAuth2Saml2DataSource
<Reference>:
Reference identifier: saml2
Type: Protocol
Allow replay: false
<NaafDataSource>:
Id: ds-naaf
DisplayName: Advanced Authentication Data Source
Enabled: false
Implementation class: internal.osp.oidp.aa.NaafSource
Endpoint identifier: 41414141414141414141414141414141
Endpoint secret: ********
Salt bit length: ********
Cleanup interval: 15 minutes
Heartbeat interval: 300000 milliseconds
<SearchRepository>:
<LDAPAuthenticationSource>:
Id: bisadus
DisplayName: LDAP Directory User Authentication
Enabled: true
<Reference>:
Reference identifier: idm_idv
Type: DataSource
<AttributeMapping>:
1:1 default: undefined
1:1: false
Use source/target: false
<AttributeMapEntry>:
Local name: last_name
Native name: sn
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: fullName
Native name: fullName
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: mail
Native name: mail
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: saml2-mapping-attr
Native name: mail
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: initials
Native name: initials
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: first_name
Native name: givenName
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: mobile
Native name: mobile
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: roles
Native name: nrfMemberOf
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: language
Native name: srvprvPreferredLocale
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: userDN
Native name: {$dn}
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: dn
Native name: {$dn}
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: userCN
Native name: cn
Cachable default: false
Cachable: false
Private: false
Restrict to contexts: false
<NamingAttr>:
Name: cn
<NamingAttr>:
Name: mail
<Context>:
Context: ou=Users,o=data
Order: 0
Scope: subtree
<Context>:
Context: ou=sa,o=system
Order: 0
Scope: subtree
<FileAuthenticationSource>:
Id: asf1
DisplayName: CSV File User Authentication
Enabled: true
<Reference>:
Reference identifier: firstFile
Type: DataSource
<AttributeMapping>:
1:1 default: undefined
1:1: false
Use source/target: false
<AttributeMapEntry>:
Local name: last_name
Native name: 3
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: first_name
Native name: 2
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: userDN
Native name: 0
Cachable default: false
Cachable: false
Private: false
Plugin auto configure: true
<KerberosAuthenticationSource>:
Id: as-krb
DisplayName: Kerberos User Authentication
Enabled: false
<Reference>:
Reference identifier: ds-krb
Type: DataSource
<AttributeMapping>:
1:1 default: undefined
1:1: false
Use source/target: false
<AttributeMapEntry>:
Local name: krbPrincipalName
Native name: {$principalName}
Cachable default: false
Cachable: false
Private: false
<IDPAuthenticationSource>:
Id: as-saml2
DisplayName: SAML 2.0 User Authentication
Enabled: false
<Reference>:
Reference identifier: ds-saml2
Type: DataSource
<AttributeMapping>:
1:1 default: undefined
1:1: false
Use source/target: false
<AttributeMapEntry>:
Local name: saml2-mapping-attr
Native name: mail
Cachable default: false
Cachable: false
Private: false
<NaafAuthenticationSource>:
Id: as-naaf
DisplayName: Advanced Authentication
Enabled: false
<Reference>:
Reference identifier: ds-naaf
Type: DataSource
<AttributeMapping>:
1:1 default: undefined
1:1: false
Use source/target: false
<AttributeMapEntry>:
Local name: naafUsername
Native name: naafUsername
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: naafAuthMethods
Native name: naafAuthMethods
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: naafUserRepository
Native name: naafUserRepository
Cachable default: false
Cachable: false
Private: false
<AssertionAttributeMap>:
Id: saml2-attr-map
DisplayName: SAML2 Attribute Map
<AssertionAttributeMapEntry>:
Friendly name: SAML IDP to Identity Vault mapping attribute
Local name: saml2-mapping-attr
SAML name: mail
Remote name format: urn:oasis:names:tc:SAML:2.0:attrname-format:basic
<Authentication>:
Allow disabled contracts: true
<Reference>:
Reference identifier: np-contract
Type: AuthContractOrGroup
Decorator: defaultContract
<Reference>:
Reference identifier: np-contract
Type: AuthContractOrGroup
Decorator: Password
<AuthContract>:
Id: np-contract
DisplayName: User Name/Password Login
Enabled: true
Password Expire URL: true
Base URL: idm:login:user:np
Show Password Expired UI: true
Check Trust Levels: false
Remote Contracts: false
<Reference>:
Reference identifier: np-auth
Type: ContractExecutable
<Reference>:
Reference identifier: naaf-2nd-factor
Type: ContractExecutable
<Reference>:
Reference identifier: naaf-bootstrap-admin-factor
Type: ContractExecutable
<Reference>:
Reference identifier: sspr-checks
Type: ContractExecutable
<Reference>:
Reference identifier: admin-role-mapping
Type: ContractExecutable
<Reference>:
Reference identifier: iac-bootstrap-role-assignment
Type: ContractExecutable
<AuthContract>:
Id: ro-np-contract
DisplayName: OAuth2 Resource Owner Credentials Login
Enabled: true
Password Expire URL: true
Base URL: idm:login:user:ro-np
Show Password Expired UI: false
Check Trust Levels: false
Remote Contracts: false
<Reference>:
Reference identifier: np-bg-auth
Type: ContractExecutable
<Reference>:
Reference identifier: admin-role-mapping
Type: ContractExecutable
<Reference>:
Reference identifier: iac-bootstrap-role-assignment
Type: ContractExecutable
<AuthContract>:
Id: krb-contract
DisplayName: User Kerberos Login
Enabled: false
Password Expire URL: false
Base URL: idm:login:user:kerberos
Show Password Expired UI: true
Check Trust Levels: false
Remote Contracts: false
<Reference>:
Reference identifier: krb-auth
Type: ContractExecutable
<Reference>:
Reference identifier: krb-mapping
Type: ContractExecutable
<Reference>:
Reference identifier: krb-sspr-checks
Type: ContractExecutable
<Reference>:
Reference identifier: admin-role-mapping
Type: ContractExecutable
<Reference>:
Reference identifier: iac-bootstrap-role-assignment
Type: ContractExecutable
<AuthContract>:
Id: krb-token-contract
DisplayName: Token Kerberos Login
Enabled: false
Password Expire URL: false
Base URL: vnd-netiq:osp:oauth2:kerberos
Show Password Expired UI: false
Check Trust Levels: false
Remote Contracts: false
<Reference>:
Reference identifier: krb-token-auth
Type: ContractExecutable
<Reference>:
Reference identifier: krb-mapping
Type: ContractExecutable
<Reference>:
Reference identifier: admin-role-mapping
Type: ContractExecutable
<Reference>:
Reference identifier: iac-bootstrap-role-assignment
Type: ContractExecutable
<AuthContract>:
Id: saml2-contract
DisplayName: SAML2 User Login
Enabled: false
Password Expire URL: false
Base URL: idm:login:user:saml2
Show Password Expired UI: false
Check Trust Levels: false
Remote Contracts: false
<Reference>:
Reference identifier: saml2-auth
Type: ContractExecutable
<Reference>:
Reference identifier: saml2-mapping
Type: ContractExecutable
<Reference>:
Reference identifier: admin-role-mapping
Type: ContractExecutable
<Reference>:
Reference identifier: iac-bootstrap-role-assignment
Type: ContractExecutable
<AuthContract>:
Id: saml2-bearer-contract
DisplayName: SAML2 Bearer Authentication
Enabled: false
Password Expire URL: false
Base URL: urn:ietf:params:oauth:grant-type:saml2-bearer
Show Password Expired UI: false
Check Trust Levels: false
Remote Contracts: false
<Reference>:
Reference identifier: saml2-bearer-auth
Type: ContractExecutable
<Reference>:
Reference identifier: saml2-mapping
Type: ContractExecutable
<Reference>:
Reference identifier: admin-role-mapping
Type: ContractExecutable
<Reference>:
Reference identifier: iac-bootstrap-role-assignment
Type: ContractExecutable
<Protocols>:
<OAuth2Protocol>:
Type: oauth2
Display name: oauth2 oauth2
Enabled: true
<OAuth2ApplicationTemplate>:
Id: idm
DisplayName: IDM OAuth Application
<NamedValues>:
Auto created: true
Identifier: idm
Enabled: true
Display name: IDM OAuth Application
HMAC algorithm: HmacSHA256
Access token TTL: 120 seconds
Auth code TTL: 120 seconds
Refresh token TTL: 2592000 seconds
Use token revocation: false
Use session-based token revocation: true
Session-based token revocation entry TTL: 172800 seconds
Supports refresh tokens: true
Supports authorization code: true
Supports implicit: true
Supports resource owner credentials: true
Resource owner grant contract identifier: ro-np-contract
Supports client credentials: true
Secondary naming attribute: mail
RFC-6750-compliant responses: false
<Reference>:
Reference identifier: ro-np-contract
Type: AuthContract
Decorator: resource-owner-credentials
<Reference>:
Reference identifier: krb-token-contract
Type: AuthContract
Decorator: ext-grant
<Reference>:
Reference identifier: saml2-bearer-contract
Type: AuthContract
Decorator: ext-grant
<Reference>:
Reference identifier: 127
Type: SymmetricKey
Decorator: hmac
<Reference>:
Reference identifier: bisadus
Type: AuthenticationSource
<Reference>:
Reference identifier: asf1
Type: AuthenticationSource
<RedirectUrlList>:
<Reference>:
Reference identifier: ro-np-contract
Type: AuthContract
Decorator: resource-owner-credentials
<Reference>:
Reference identifier: krb-token-contract
Type: AuthContract
Decorator: ext-grant
<Reference>:
Reference identifier: saml2-bearer-contract
Type: AuthContract
Decorator: ext-grant
<Reference>:
Reference identifier: 127
Type: SymmetricKey
Decorator: hmac
<Reference>:
Reference identifier: bisadus
Type: AuthenticationSource
<Reference>:
Reference identifier: asf1
Type: AuthenticationSource
<AttributeMapping>:
1:1 default: true
1:1: true
Use source/target: false
<AttributeMapEntry>:
Local name: {$oauth-valid-to}
Native name: expiration
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: userDN
Native name: name
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: first_name
Native name: first_name
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: language
Native name: language
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: last_name
Native name: last_name
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: {$oauth-app-id}
Native name: client
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: initials
Native name: initials
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: cacheable
Native name: cacheable
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: roles
Native name: roles
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: mail
Native name: email
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: {$oauth-auth-src-id}
Native name: auth_src_id
Cachable default: false
Cachable: false
Private: false
<NamedValues>:
Auto created: true
<OpenIdConnect>:
Enabled: true
Signature Algorithm: default
<UserInterface>:
Continue button: true
<OAuth2Clients>:
<Reference>:
Reference identifier: idm
Type: OAuth2ApplicationTemplate
<Client>:
Client identifier: sspr
Client secret: ********
Type: confidential
<RedirectUrlList>:
<Url>:
Id: bee9e303-9dee-4e4b-a2e6-ea40940cae79
DisplayName: https://idmapps.domain.com:8443/sspr/public/oauth
URL: https://idmapps.domain.com:8443/sspr/public/oauth
Case-sensitive: true
<Url>:
Id: 27cc2187-b033-4bf5-a6ee-ba3519af0ee7
DisplayName: https://192.168.0.158:8443/sspr/public/oauth
URL: https://192.168.0.158:8443/sspr/public/oauth
Case-sensitive: true
<TemplateOverride>:
Supports Authorization Code Grant: true
Supports Implicit Grant: true
<Client>:
Client identifier: cx
Client secret: ********
Type: confidential
<RedirectUrlList>:
<Url>:
Id: 6115fc96-8cee-401a-b515-088949c26881
DisplayName: https://idgov.domain.com:8443/cx/oauth.html
URL: https://idgov.domain.com:8443/cx/oauth.html
Case-sensitive: true
<Url>:
Id: 2d0f19f3-986c-4f35-9932-52ef49ba2968
DisplayName: https://192.168.0.98:8443/cx/oauth.html
URL: https://192.168.0.98:8443/cx/oauth.html
Case-sensitive: true
<Url>:
Id: e3b84b34-a035-4494-939f-1cb76b453824
DisplayName: https://idgovsrv1.server.domain.com:8443/cx/oauth.html
URL: https://idgovsrv1.server.domain.com:8443/cx/oauth.html
Case-sensitive: true
<Client>:
Client identifier: idmdash
Client secret: ********
Type: confidential
<RedirectUrlList>:
<Url>:
Id: 7a408d7b-cd5e-4c87-b2c7-dbff4ea06f3f
DisplayName: https://idmapps.domain.com:8443/idmdash/oauth.html
URL: https://idmapps.domain.com:8443/idmdash/oauth.html
Case-sensitive: true
<Url>:
Id: 9e4982e6-e543-41d0-81f5-177e3fbb3324
DisplayName: https://192.168.0.158:8443/idmdash/oauth.html
URL: https://192.168.0.158:8443/idmdash/oauth.html
Case-sensitive: true
<TemplateOverride>:
Supports Implicit Grant: true
<Client>:
Client identifier: dcsdrv
Client secret: ********
Type: confidential
<RedirectUrlList>:
<TemplateOverride>:
Supports Resource Owner Password Credentials Grant: true
<Client>:
Client identifier: idmadmin
Client secret: ********
Type: confidential
<RedirectUrlList>:
<Url>:
Id: d23b17db-07a2-475e-8127-4c827205e62c
DisplayName: https://idmapps.domain.com:8443/idmadmin/oauth.html
URL: https://idmapps.domain.com:8443/idmadmin/oauth.html
Case-sensitive: true
<Url>:
Id: bbe05337-151b-4f3d-9e22-9f200264e9e6
DisplayName: https://192.168.0.158:8443/idmadmin/oauth.html
URL: https://192.168.0.158:8443/idmadmin/oauth.html
Case-sensitive: true
<TemplateOverride>:
Supports Implicit Grant: true
<Client>:
Client identifier: wf
Client secret: ********
Type: confidential
<RedirectUrlList>:
<TemplateOverride>:
Supports Client Credentials grant: true
<Client>:
Client identifier: iac-dtp
Client secret: ********
Type: confidential
<RedirectUrlList>:
<TemplateOverride>:
Supports Client Credentials grant: true
<Client>:
Client identifier: idmdcs
Client secret: ********
Type: confidential
<RedirectUrlList>:
<Url>:
Id: 4371478b-ab64-4c3f-889c-45ba1d376a46
DisplayName: http://localhost:8180/idmdcs/oauth.html
URL: http://localhost:8180/idmdcs/oauth.html
Case-sensitive: true
<Url>:
Id: 8ead2039-69a9-4d6e-abc5-41a35e4609ff
DisplayName: http://127.0.0.1:8180/idmdcs/oauth.html
URL: http://127.0.0.1:8180/idmdcs/oauth.html
Case-sensitive: true
<Url>:
Id: ac7ca52a-bab1-435d-8523-8debda93e3cd
DisplayName: http://idmapps1.server.domain.com:8180/idmdcs/oauth.html
URL: http://idmapps1.server.domain.com:8180/idmdcs/oauth.html
Case-sensitive: true
<Url>:
Id: d3fc4bbd-414a-4578-be52-47e43217ebde
DisplayName: http://10.192.67.150:8180/idmdcs/oauth.html
URL: http://10.192.67.150:8180/idmdcs/oauth.html
Case-sensitive: true
<TemplateOverride>:
Supports Implicit Grant: true
<Client>:
Client identifier: rbpm
Client secret: ********
Type: confidential
<RedirectUrlList>:
<Url>:
Id: 2c781423-344f-4b2b-9c8a-d4efe35860f7
DisplayName: https://idmapps.domain.com:8443/IDMProv/oauth
URL: https://idmapps.domain.com:8443/IDMProv/oauth
Case-sensitive: true
<Url>:
Id: 70aeb07d-ebdb-4ad7-bb15-0ddca05c1d2f
DisplayName: https://192.168.0.158:8443/IDMProv/oauth
URL: https://192.168.0.158:8443/IDMProv/oauth
Case-sensitive: true
<TemplateOverride>:
Supports Authorization Code Grant: true
Supports Implicit Grant: true
<Client>:
Client identifier: iac-daas
Client secret: ********
Type: confidential
<RedirectUrlList>:
<TemplateOverride>:
Supports Client Credentials grant: true
<Client>:
Client identifier: iac-service
Client secret: ********
Type: confidential
<RedirectUrlList>:
<TemplateOverride>:
Supports Client Credentials grant: true
<Client>:
Client identifier: iac
Client secret: ********
Type: confidential
<RedirectUrlList>:
<Url>:
Id: 1b2e8259-1a0b-48ff-80a6-43dbf2b250c9
DisplayName: https://idgov.domain.com:8443/oauth.html
URL: https://idgov.domain.com:8443/oauth.html
Case-sensitive: true
<Url>:
Id: f84c54af-bf11-4548-b53f-fae16a2f4d45
DisplayName: https://192.168.0.98:8443/oauth.html
URL: https://192.168.0.98:8443/oauth.html
Case-sensitive: true
<Url>:
Id: 22541054-6770-4ff6-b152-5fa2f1a021ce
DisplayName: https://idgovsrv1.server.domain.com:8443/oauth.html
URL: https://idgovsrv1.server.domain.com:8443/oauth.html
Case-sensitive: true
<Client>:
Client identifier: rpt
Client secret: ********
Type: confidential
<RedirectUrlList>:
<Url>:
Id: fb9b8654-97bf-4201-a7c4-5aaac078c762
DisplayName: https://idmapps.domain.com:8443/IDMRPT/oauth.html
URL: https://idmapps.domain.com:8443/IDMRPT/oauth.html
Case-sensitive: true
<Url>:
Id: 5cb6f72c-b5af-4a4f-8a8a-74bc47f8c057
DisplayName: https://192.168.0.158:8443/IDMRPT/oauth.html
URL: https://192.168.0.158:8443/IDMRPT/oauth.html
Case-sensitive: true
<TemplateOverride>:
Supports Implicit Grant: true
Supports Resource Owner Password Credentials Grant: true
<SAML2Protocol>:
Type: saml2
Display name: saml2 saml2
Enabled: false
Sign metadata: false
<SAML2SP>:
SAML2 SSO All Prof Artifact: false
SAML2 SSO Prof Post: true
SAML2 SSO Prof Redirect: true
SAML2 Logout Prof Redirect: true
SAML2 Logout Prof SOAP: true
SAML2 Name Mgmt Prof Redirect: false
SAML2 Name Mgmt Prof Post: false
SAML2 Name Mgmt Prof Soap: false
Report rolled keys in metadata: false
<TrustedIDP>:
Id: saml2-idp
DisplayName: SAML2 Identity Provider
Enabled: true
Expiration date: <not set>
Validate metadata cert: false
<Metadata>:
Fail on error: true
Base64: false
<AccessSettings>:
Auto Intro: <not set>
Force Auth At IDP: <not set>
Create Federation At Login: <not set>
Proxy Count: <not set>
Identifier Format: <not set>
Requested Context Type: none
SOAP Security Method: none
Encrypt Name Ids: <not set>
Encrypt Assertions: <not set>
Authentication response Proto Binding: HTTP-POST
Proxy Requests from SPs: <not set>
Attribute Map Ref Id: saml2-attr-map
Security Token Modifier Attribute: <not set>
Name Extraction pattern: <not set>
Signature digest algorithm: <not set>
<Reference>:
Reference identifier: saml2-attr-map
Type: AssertionAttributeMap
<Binding>:
Binding: HTTP-POST
SSO: true
SLO: true
Name management: <not set>
Signature digest algorithm: <not set>
<Binding>:
Binding: HTTP-Redirect
SSO: true
SLO: true
Name management: <not set>
Signature digest algorithm: <not set>
<LoginParameters>:
Require Signed Authn Requests: false
Require Signed Assertions: false
Sign Authn Requests: false
Use IDP Publishing: false
Use IDP Discovery: false
Single Logout Method: false
<PasswordAuthentication>:
Id: np-auth
DisplayName: Name/Password (Form)
Enabled: true
Java classname: internal.osp.oidp.service.authentication.classes.system.PasswordClass
<Reference>:
Reference identifier: captcha-config
Type: Captcha
<Reference>:
Reference identifier: bisadus
Type: AuthenticationSource
<Reference>:
Reference identifier: asf1
Type: AuthenticationSource
Max principal name length: 512
Continue button: true
Use hints: false
<DuplicateResolution>:
Attr name: mail
Form identifier: secAttr
Display name resource identifier: OIDPENDUSER.idm.username.secondary
Max password length: 512
Allow show/hide: undefined
Show/hide initial state: undefined
Cache password: false
<SignInHelp>:
Url: https://idmapps.domain.com:8443/sspr/public?forwardURL=%24{Request.Url}&logoutURL=%24{Request.Url}
Target: _self
Display name resource identifier: OIDPENDUSER.50077
Title resource identifier: OIDPENDUSER.50078
<DisplayLink>:
Target: _self
Display name resource identifier: OIDPENDUSER.idm.forgot-username
Title resource identifier: OIDPENDUSER.idm.forgot-username-title
<DisplayLink>:
Target: _self
Display name resource identifier: OIDPENDUSER.idm.activate-account
Title resource identifier: OIDPENDUSER.idm.activate-account-title
<PasswordAuthentication>:
Id: np-bg-auth
DisplayName: Name/Password Background
Enabled: true
Java classname: internal.osp.oidp.service.authentication.classes.system.PasswordClass
<Reference>:
Reference identifier: bisadus
Type: AuthenticationSource
<Reference>:
Reference identifier: asf1
Type: AuthenticationSource
Max principal name length: 512
Continue button: true
Use hints: false
<DuplicateResolution>:
Attr name: mail
Form identifier: secAttr
Display name resource identifier: OIDPENDUSER.idm.username.secondary
Max password length: 512
Allow show/hide: undefined
Show/hide initial state: undefined
Cache password: false
<SSPRChecks>:
Id: sspr-checks
DisplayName: SSPR Checks
Enabled: true
Java classname: internal.osp.oidp.service.authentication.classes.sspr.SSPRChecksClass
<Reference>:
Reference identifier: bisadus
Type: AuthenticationSource
Status URL: https://idmapps.domain.com:8443/sspr/public/rest/status
Check URL: https://idmapps.domain.com:8443/sspr/private/CommandServlet?processAction=checkAll
Forward URL param name: forwardURL
Logout URL param name: logoutURL
Ignore certificate subject: false
<SSPRChecks>:
Id: krb-sspr-checks
DisplayName: SSPR Checks
Enabled: false
Java classname: internal.osp.oidp.service.authentication.classes.sspr.SSPRChecksClass
<Reference>:
Reference identifier: bisadus
Type: AuthenticationSource
Status URL: https://idmapps.domain.com:8443/sspr/public/rest/status
Check URL: https://idmapps.domain.com:8443/sspr/private/CommandServlet?processAction=checkAll
Forward URL param name: forwardURL
Logout URL param name: logoutURL
Ignore certificate subject: false
<SpnegoAuthentication>:
Id: krb-auth
DisplayName: Kerberos Authentication
Enabled: false
Java classname: internal.osp.oidp.spnego.authclass.SpnegoClass
<Reference>:
Reference identifier: np-contract
Type: AuthContract
<Reference>:
Reference identifier: as-krb
Type: AuthenticationSource
Enforce HTTPS: false
Redirect page: no_kerberos
Redirect delay (seconds): 5
<KerberosTokenAuthentication>:
Id: krb-token-auth
DisplayName: Kerberos Token Authentication
Enabled: false
Java classname: internal.osp.oidp.spnego.authclass.KerberosTokenClass
<Reference>:
Reference identifier: as-krb
Type: AuthenticationSource
<PrincipalMapping>:
Id: krb-mapping
DisplayName: Kerberos Principal Mapping
Enabled: false
Java classname: internal.osp.oidp.service.authentication.classes.PrincipalMapping
<Reference>:
Reference identifier: as-krb
Type: AuthenticationSource
Decorator: srcId
<Reference>:
Reference identifier: bisadus
Type: AuthenticationSource
Decorator: destId
Expression: &(=(s[krbPrincipalName],t[cn]),=(t[objectClass],"inetOrgPerson"))
Check login policy: false
Fail authentication if principal doesn't result in mapping: true
Show error page on failure: true
<AttributeMapping>:
1:1 default: undefined
1:1: false
Use source/target: false
<IDPAuthentication>:
Id: saml2-auth
DisplayName: SAML2 Authentication
Enabled: false
Java classname: internal.osp.oidp.service.protocol.authentication.classes.IDPAuthenticationClass
<Reference>:
Reference identifier: as-saml2
Type: AuthenticationSource
Bearer only: false
<IDPAuthentication>:
Id: saml2-bearer-auth
DisplayName: SAML2 Bearer Authentication
Enabled: false
Java classname: internal.osp.oidp.service.protocol.authentication.classes.IDPAuthenticationClass
<Reference>:
Reference identifier: as-saml2
Type: AuthenticationSource
Bearer only: true
<PrincipalMapping>:
Id: saml2-mapping
DisplayName: SAML2 Principal Mapping
Enabled: false
Java classname: internal.osp.oidp.service.authentication.classes.PrincipalMapping
<Reference>:
Reference identifier: as-saml2
Type: AuthenticationSource
Decorator: srcId
<Reference>:
Reference identifier: bisadus
Type: AuthenticationSource
Decorator: destId
Expression: =(s[saml2-mapping-attr],t[mail])
Check login policy: false
Fail authentication if principal doesn't result in mapping: true
Show error page on failure: true
<AttributeMapping>:
1:1 default: undefined
1:1: false
Use source/target: false
<RoleMapping>:
Id: admin-role-mapping
DisplayName: IDM Admin Role Mapping
Enabled: true
Expression: |(*=(t[roles],"cn=rbpmAdmin,*,cn=RoleDefs,cn=RoleConfig,cn=AppConfig,*"),*=(t[roles],"cn=secAdmin,*,cn=RoleDefs,cn=RoleConfig,cn=AppConfig,*"))
<RoleMapping>:
Id: oauth2-client-role-mapping
DisplayName: OAuth2 Client Role Mapping
Enabled: true
Expression: =(t[grant-types],"client_credentials")
<RoleAssignment>:
Id: iac-bootstrap-role-assignment
DisplayName: Access Review Bootstrap Admin Role Assignment
Enabled: true
Java classname: internal.osp.oidp.service.authentication.classes.RoleAssignment
<Reference>:
Reference identifier: asf1
Type: AuthenticationSource
Principal: iacadmin
<NaafFactor>:
Id: naaf-2nd-factor
DisplayName: AAF Second Factor Authentication
Enabled: false
Java classname: internal.osp.oidp.aa.auth.NaafFactor
<Reference>:
Reference identifier: as-naaf
Type: AuthenticationSource
Max password length: 512
Continue button: true
Allow show/hide: true
Show/hide initial state: undefined
Use hints: false
<Repository>:
<Reference>:
Reference identifier: bisadus
Type: AuthenticationSource
<LookupAttribute>:
Name: mail
<LookupAttribute>:
Name: userCN
<Method>:
Method: SMARTPHONE:1
Enabled: true
Priority: 1
<NamedValues>:
Auto created: false
pollingInterval=3
<Method>:
Method: TOTP:1
Enabled: true
Priority: 2
<NamedValues>:
Auto created: false
<Method>:
Method: VOICE:1
Enabled: true
Priority: 3
<NamedValues>:
Auto created: false
pollingInterval=3
<Method>:
Method: SMS_OTP:1
Enabled: true
Priority: 4
<AutoEnroll>:
Selection expression: !null(t[mobile])
<NamedValues>:
Auto created: false
Selection expression: !null(t[mobile])
<Method>:
Method: HOTP:1
Enabled: true
Priority: 5
<NamedValues>:
Auto created: false
<Method>:
Method: EMAIL_OTP:1
Enabled: true
Priority: 6
<AutoEnroll>:
Selection expression: !null(t[mail])
<NamedValues>:
Auto created: false
Selection expression: !null(t[mail])
<Method>:
Method: SECQUEST:1
Enabled: false
Priority: 7
<NamedValues>:
Auto created: false
<Method>:
Method: PASSWORD:1
Enabled: false
Priority: 8
<NamedValues>:
Auto created: false
<Method>:
Method: LDAP_PASSWORD:1
Enabled: false
Priority: 9
<NamedValues>:
Auto created: false
<NaafFactor>:
Id: naaf-bootstrap-admin-factor
DisplayName: AR Bootstrap Admin Second Factor Authentication
Enabled: false
Java classname: internal.osp.oidp.aa.auth.NaafFactor
<Reference>:
Reference identifier: as-naaf
Type: AuthenticationSource
Max password length: 512
Continue button: true
Allow show/hide: true
Show/hide initial state: undefined
Use hints: false
<Repository>:
<Reference>:
Reference identifier: asf1
Type: AuthenticationSource
<LookupAttribute>:
Name: userDN
Name: LOCAL
<Method>:
Method: SMARTPHONE:1
Enabled: true
Priority: 1
<NamedValues>:
Auto created: false
pollingInterval=3
<Method>:
Method: TOTP:1
Enabled: true
Priority: 2
<NamedValues>:
Auto created: false
<Method>:
Method: HOTP:1
Enabled: true
Priority: 3
<NamedValues>:
Auto created: false
<Method>:
Method: SECQUEST:1
Enabled: false
Priority: 4
<NamedValues>:
Auto created: false
<Method>:
Method: PASSWORD:1
Enabled: false
Priority: 5
<NamedValues>:
Auto created: false
<Captcha>:
Id: captcha-config
DisplayName: CAPTCHA Configuration
Type: none
Attempts before required: 0
<ReCaptcha>:
Theme: white
<ReCaptcha2>:
Theme: light
Data type: default
Data size: default
<Organization>:
DisplayName: Micro Focus
Name: Micro Focus
URL: https://www.microfocus.com
<ContactPerson>:
Contact type: technical
Company name: Micro Focus
Given name: Micro
Surname: Focus
Email address: support@netiq.com
Telephone number: 1-801-861-4000
<Policy>:
<Logout>:
showLogoutConfirmation: false
hasFinal: false
<RedirectUrl>:
URL: https://idmapps.domain.com:8443/sspr/public/Logout
Return parameter name: logoutURL
Final: false
Case-sensitive: false
Compare app only: true
<RedirectUrl>:
URL: https://idmapps.domain.com:8443/IDMProv/logout.do
Return parameter name: target
Final: false
Case-sensitive: false
Compare app only: true
<LandingPage>:
Selection expression: |(&(&(=(s[Java.Property.com.netiq.idm.osp.logout.landing-page],"true"),=(s[SessionData.Transient.AuthnUris],"idm:login:user:kerberos")),!(=(s[Session.Markup.no-nego],"true"))),&(=(s[Java.Property.com.netiq.idm.osp.logout.saml2.landing-page],"internal"),=(s[SessionData.Transient.AuthnUris],"idm:login:user:saml2")))
<DisplayLink>:
Url: ${logout-return-target}
Target: _self
Display name resource identifier: OIDPENDUSER.50056
Title resource identifier: OIDPENDUSER.50080
<ForgotPassword>:
Target: _self
Display name resource identifier: OIDPENDUSER.50061
Title resource identifier: OIDPENDUSER.50079
<SignInHelp>:
Url: https://idmapps.domain.com:8443/sspr/public?forwardURL=%24{Request.Url}&logoutURL=%24{Request.Url}
Target: _blank
Display name resource identifier: OIDPENDUSER.50077
Title resource identifier: OIDPENDUSER.50078
<TargetWhitelist>:
Enabled: true
Configuration mode: auto
<RedirectUrlList>:
Preamble: [Tenant]
Priority Level: FINEST
Java: internal.osp.framework.TrustImpl.getCertsPath() [190] thread=localhost-startStop-1
Time: 2019-01-31T16:31:47.592+0100
Elapsed time: 60.393 microseconds
Log Data: Get certificates directories:
No directories found.
Preamble: [Tenant]
Priority Level: FINER
Java: internal.osp.framework.StandardTrustImpl.loadKeyStore() [305] thread=localhost-startStop-1
Time: 2019-01-31T16:31:47.593+0100
Elapsed time: 1.554 milliseconds
Log Data: Load keystore file: /opt/netiq/idm/apps/tomcat/conf/idm.jks
Attempt: 0
Opened: true
Keystore instance of type: jks
Loaded: true
Preamble: [Tenant]
Priority Level: FINER
Java: internal.osp.framework.StandardTrustImpl.loadKeyStore() [305] thread=localhost-startStop-1
Time: 2019-01-31T16:31:47.595+0100
Elapsed time: 571.594 microseconds
Log Data: Load keystore file: /opt/netiq/idm/apps/osp/osp.jks
Attempt: 0
Opened: true
Keystore instance of type: JKS
Loaded: true
Preamble: [OSP]
Priority Level: FINEST
Java: internal.osp.framework.util.net.client.OSP_SSLSocketFactory.<init>() [76] thread=localhost-startStop-1
Time: 2019-01-31T16:31:47.596+0100
Log Data: Using SUN JSSE for JVM Vendor Version : Oracle Corporation1.8.0_172
Preamble: [Tenant]
Priority Level: FINEST
Java: internal.osp.framework.TrustImpl.getCertsPath() [190] thread=localhost-startStop-1
Time: 2019-01-31T16:31:47.598+0100
Elapsed time: 48.605 microseconds
Log Data: Get certificates directories:
No directories found.
Preamble: [Tenant]
Priority Level: FINER
Java: internal.osp.framework.StandardTrustImpl.loadKeyStore() [305] thread=localhost-startStop-1
Time: 2019-01-31T16:31:47.599+0100
Elapsed time: 228.81 microseconds
Log Data: Load keystore file: /opt/netiq/idm/apps/osp/osp.jks
Attempt: 0
Opened: true
Keystore instance of type: JKS
Loaded: true
Preamble: [Tenant]
Priority Level: FINER
Java: internal.osp.framework.StandardTrustImpl.loadKeyStore() [305] thread=localhost-startStop-1
Time: 2019-01-31T16:31:47.606+0100
Elapsed time: 251.45 microseconds
Log Data: Load keystore file: /opt/netiq/idm/apps/osp/osp.jks
Attempt: 0
Opened: true
Keystore instance of type: JKS
Loaded: true
Preamble: [Tenant]
Priority Level: FINER
Java: internal.osp.framework.StandardTrustImpl.loadKeyStore() [305] thread=localhost-startStop-1
Time: 2019-01-31T16:31:47.608+0100
Elapsed time: 345.955 microseconds
Log Data: Load keystore file: /opt/netiq/idm/apps/osp/osp.jks
Attempt: 0
Opened: true
Keystore instance of type: JKS
Loaded: true
Preamble: [Tenant]
Priority Level: ALL
Java: internal.osp.framework.OSPTrustUtil.logKeyStore() [71] thread=localhost-startStop-1
Time: 2019-01-31T16:31:47.610+0100
Log Data: KeyStore: Signing Key Store
Alias: issuingca02
Type: X.509
Issuer DN: CN=Customer Root CA
Subject DN: CN=Issuing CA02, DC=domain, DC=com
Serial number: 3600000006d388fbd85eb8e4ed000000000006
Alias: rootca
Type: X.509
Issuer DN: CN=Customer Root CA
Subject DN: CN=Customer Root CA
Serial number: 5a819b1a1a4c748243b8d03cb536d538
Alias: osp
Type: X.509
Issuer DN: CN=idmapps1.server.domain.com
Subject DN: CN=idmapps1.server.domain.com
Serial number: 2f01437d
Preamble: [Tenant]
Priority Level: ALL
Java: internal.osp.framework.OSPTrustUtil.logKeyStore() [71] thread=localhost-startStop-1
Time: 2019-01-31T16:31:47.611+0100
Log Data: KeyStore: Encryption Key Store
Alias: issuingca02
Type: X.509
Issuer DN: CN=Customer Root CA
Subject DN: CN=Issuing CA02, DC=domain, DC=com
Serial number: 3600000006d388fbd85eb8e4ed000000000006
Alias: rootca
Type: X.509
Issuer DN: CN=Customer Root CA
Subject DN: CN=Customer Root CA
Serial number: 5a819b1a1a4c748243b8d03cb536d538
Alias: osp
Type: X.509
Issuer DN: CN=idmapps1.server.domain.com
Subject DN: CN=idmapps1.server.domain.com
Serial number: 2f01437d
Preamble: [Tenant]
Priority Level: ALL
Java: internal.osp.framework.OSPTrustUtil.logKeyStore() [71] thread=localhost-startStop-1
Time: 2019-01-31T16:31:47.617+0100
Log Data: KeyStore: TLS Key Store
Alias: issuingca02
Type: X.509
Issuer DN: CN=Customer Root CA
Subject DN: CN=Issuing CA02, DC=domain, DC=com
Serial number: 3600000006d388fbd85eb8e4ed000000000006
Alias: rootca
Type: X.509
Issuer DN: CN=Customer Root CA
Subject DN: CN=Customer Root CA
Serial number: 5a819b1a1a4c748243b8d03cb536d538
Alias: osp
Type: X.509
Issuer DN: CN=idmapps1.server.domain.com
Subject DN: CN=idmapps1.server.domain.com
Serial number: 2f01437d
Preamble: [Tenant]
Priority Level: FINER
Java: internal.osp.framework.StandardKeysImpl.<init>() [205] thread=localhost-startStop-1
Time: 2019-01-31T16:31:47.617+0100
Log Data: Loaded keystores:
TKS Keystore: Keystore[encryption, key=osp]
Signing Keystore: Keystore[signing, key=osp]
Encryption Keystore: Keystore[encryption, key=osp]
Preamble: [Tenant]
Priority Level: INFO
Java: internal.osp.framework.OSPTenantLogger.buildConfigurationLog() [309] thread=localhost-startStop-1
Time: 2019-01-31T16:31:47.579+0100
Log Data: The OSPTrustManagerAccessor Java class file was not found. This class is only needed if mutual SSL is being used by a service on OSP. If mutual SSL is enabled, ensure the correct odip-ssl-access.jar file is located in the Tomcat shared library path (/tomcat/lib). If mutual SSL is not enabled then this message may be disregarded.
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.configuration.ConfigurationManager.initialize() [277] thread=localhost-startStop-1
Time: 2019-01-31T16:31:47.754+0100
Log Data: Service Configuration:
<AuthenticationService>:
Markup (count 1):
Unique Id: 0abf91a9-9b48-40f7-bc38-2507f546b42b
Markup: Name: CFGOMkpDirty
Id: auth
DisplayName: OSP Configuration
Enabled: true
Debug: undefined
Location: /opt/netiq/idm/apps/tomcat/work/Catalina/localhost/osp/exp/osp-conf-edir/WEB-INF/conf/current/idm/services
<Security>:
Phishing check: off
Client IP spoofing check: reauth
Minimum delay: 250 milliseconds
Maximum delay: 3000 milliseconds
<Cluster>:
<ClusterForwarding>:
Enabled: false
HMAC Algorithm: HmacSHA256
<ClusterCookie>:
Enabled: true
HMAC Algorithm: HmacSHA256
<Reference>:
Reference identifier: 127
Type: SymmetricKey
Decorator: hmac
<UserInterface>:
X-Frame-Options: NONE
<PublicPage>:
Value: errorCodes.jsp
<PublicPage>:
Value: err.jsp
<PublicPage>:
Value: err2.jsp
<PublicPage>:
Value: login.jsp
<PublicPage>:
Value: nmaslogin.jsp
<PublicPage>:
Value: logoutSuccess.jsp
<PublicPage>:
Value: banner.jsp
<PublicPage>:
Value: nav.jsp
<PublicPage>:
Value: menus.jsp
<PublicPage>:
Value: footer.jsp
<PublicPage>:
Value: content.jsp
<PublicPage>:
Value: cards.jsp
<PublicPage>:
Value: select.jsp
<PublicPage>:
Value: nocard.jsp
<PublicPage>:
Value: title.jsp
<PublicPage>:
Value: error.jsp
<PublicPage>:
Value: curcard.jsp
<PublicPage>:
Value: main.jsp
<PublicPage>:
Value: createacct.jsp
<PublicPage>:
Value: no_kerberos.jsp
<LDAPDataSource>:
Id: idm_idv
DisplayName: LDAP Directory Data Source
Enabled: true
Implementation class: internal.osp.oidp.service.source.ldap.LDAPSource
Admin Username: cn=admin,ou=sa,o=system
Admin password: ********
Password encoding: None
Directory type: eDir
Idle timeout: 10000 milliseconds
Rebind allowed: true
<Server>:
Host: idmapps1.server.domain.com
Secure connection: true
Maximum connections: : 31
Port: 636
<FileDataSource>:
Id: firstFile
DisplayName: CSV File Data Source
Enabled: true
Implementation class: internal.osp.oidp.service.source.file.FileSource
Path: /opt/netiq/idm/apps/osp
Filename: adminusers.txt
Field separator: ,
<Field>:
Index: 0
Type: string
Use: naming
Unique: true
Unique part: false
Sensitive: false
Search index: equality
<Field>:
Index: 1
Type: string
Use: password
Hash algorithm: SHA-512
Unique: false
Unique part: false
Sensitive: true
Search index: none
<Field>:
Index: 2
Type: string
Use: normal
Unique: false
Unique part: false
Sensitive: false
Search index: none
Identity: IdentityData[name.given-name[1]]
<Field>:
Index: 3
Type: string
Use: normal
Unique: false
Unique part: false
Sensitive: false
Search index: none
Identity: IdentityData[name.family-name[1]]
Encoding: UTF-8
<KerberosDataSource>:
Id: ds-krb
DisplayName: Kerberos Data Source
Enabled: false
Implementation class: internal.osp.oidp.spnego.authclass.KerberosDataSource
<OAuth2SAML2DataSource>:
Id: ds-saml2
DisplayName: SAML2 Data Source
Enabled: false
Implementation class: internal.osp.oidp.service.oauth2.OAuth2Saml2DataSource
<Reference>:
Reference identifier: saml2
Type: Protocol
Allow replay: false
<NaafDataSource>:
Id: ds-naaf
DisplayName: Advanced Authentication Data Source
Enabled: false
Implementation class: internal.osp.oidp.aa.NaafSource
Endpoint identifier: 41414141414141414141414141414141
Endpoint secret: ********
Salt bit length: ********
Cleanup interval: 15 minutes
Heartbeat interval: 300000 milliseconds
<SearchRepository>:
<LDAPAuthenticationSource>:
Id: bisadus
DisplayName: LDAP Directory User Authentication
Enabled: true
<Reference>:
Reference identifier: idm_idv
Type: DataSource
<AttributeMapping>:
1:1 default: undefined
1:1: false
Use source/target: false
<AttributeMapEntry>:
Local name: last_name
Native name: sn
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: fullName
Native name: fullName
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: mail
Native name: mail
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: saml2-mapping-attr
Native name: mail
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: initials
Native name: initials
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: first_name
Native name: givenName
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: mobile
Native name: mobile
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: roles
Native name: nrfMemberOf
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: language
Native name: srvprvPreferredLocale
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: userDN
Native name: {$dn}
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: dn
Native name: {$dn}
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: userCN
Native name: cn
Cachable default: false
Cachable: false
Private: false
Restrict to contexts: false
<NamingAttr>:
Name: cn
<NamingAttr>:
Name: mail
<Context>:
Context: ou=Users,o=data
Order: 0
Scope: subtree
<Context>:
Context: ou=sa,o=system
Order: 0
Scope: subtree
<FileAuthenticationSource>:
Id: asf1
DisplayName: CSV File User Authentication
Enabled: true
<Reference>:
Reference identifier: firstFile
Type: DataSource
<AttributeMapping>:
1:1 default: undefined
1:1: false
Use source/target: false
<AttributeMapEntry>:
Local name: last_name
Native name: 3
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: first_name
Native name: 2
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: userDN
Native name: 0
Cachable default: false
Cachable: false
Private: false
Plugin auto configure: true
<KerberosAuthenticationSource>:
Id: as-krb
DisplayName: Kerberos User Authentication
Enabled: false
<Reference>:
Reference identifier: ds-krb
Type: DataSource
<AttributeMapping>:
1:1 default: undefined
1:1: false
Use source/target: false
<AttributeMapEntry>:
Local name: krbPrincipalName
Native name: {$principalName}
Cachable default: false
Cachable: false
Private: false
<IDPAuthenticationSource>:
Id: as-saml2
DisplayName: SAML 2.0 User Authentication
Enabled: false
<Reference>:
Reference identifier: ds-saml2
Type: DataSource
<AttributeMapping>:
1:1 default: undefined
1:1: false
Use source/target: false
<AttributeMapEntry>:
Local name: saml2-mapping-attr
Native name: mail
Cachable default: false
Cachable: false
Private: false
<NaafAuthenticationSource>:
Id: as-naaf
DisplayName: Advanced Authentication
Enabled: false
<Reference>:
Reference identifier: ds-naaf
Type: DataSource
<AttributeMapping>:
1:1 default: undefined
1:1: false
Use source/target: false
<AttributeMapEntry>:
Local name: naafUsername
Native name: naafUsername
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: naafAuthMethods
Native name: naafAuthMethods
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: naafUserRepository
Native name: naafUserRepository
Cachable default: false
Cachable: false
Private: false
<AssertionAttributeMap>:
Id: saml2-attr-map
DisplayName: SAML2 Attribute Map
<AssertionAttributeMapEntry>:
Friendly name: SAML IDP to Identity Vault mapping attribute
Local name: saml2-mapping-attr
SAML name: mail
Remote name format: urn:oasis:names:tc:SAML:2.0:attrname-format:basic
<Authentication>:
Allow disabled contracts: true
<Reference>:
Reference identifier: np-contract
Type: AuthContractOrGroup
Decorator: defaultContract
<Reference>:
Reference identifier: np-contract
Type: AuthContractOrGroup
Decorator: Password
<AuthContract>:
Id: np-contract
DisplayName: User Name/Password Login
Enabled: true
Password Expire URL: true
Base URL: idm:login:user:np
Show Password Expired UI: true
Check Trust Levels: false
Remote Contracts: false
<Reference>:
Reference identifier: np-auth
Type: ContractExecutable
<Reference>:
Reference identifier: naaf-2nd-factor
Type: ContractExecutable
<Reference>:
Reference identifier: naaf-bootstrap-admin-factor
Type: ContractExecutable
<Reference>:
Reference identifier: sspr-checks
Type: ContractExecutable
<Reference>:
Reference identifier: admin-role-mapping
Type: ContractExecutable
<Reference>:
Reference identifier: iac-bootstrap-role-assignment
Type: ContractExecutable
<AuthContract>:
Id: ro-np-contract
DisplayName: OAuth2 Resource Owner Credentials Login
Enabled: true
Password Expire URL: true
Base URL: idm:login:user:ro-np
Show Password Expired UI: false
Check Trust Levels: false
Remote Contracts: false
<Reference>:
Reference identifier: np-bg-auth
Type: ContractExecutable
<Reference>:
Reference identifier: admin-role-mapping
Type: ContractExecutable
<Reference>:
Reference identifier: iac-bootstrap-role-assignment
Type: ContractExecutable
<AuthContract>:
Id: krb-contract
DisplayName: User Kerberos Login
Enabled: false
Password Expire URL: false
Base URL: idm:login:user:kerberos
Show Password Expired UI: true
Check Trust Levels: false
Remote Contracts: false
<Reference>:
Reference identifier: krb-auth
Type: ContractExecutable
<Reference>:
Reference identifier: krb-mapping
Type: ContractExecutable
<Reference>:
Reference identifier: krb-sspr-checks
Type: ContractExecutable
<Reference>:
Reference identifier: admin-role-mapping
Type: ContractExecutable
<Reference>:
Reference identifier: iac-bootstrap-role-assignment
Type: ContractExecutable
<AuthContract>:
Id: krb-token-contract
DisplayName: Token Kerberos Login
Enabled: false
Password Expire URL: false
Base URL: vnd-netiq:osp:oauth2:kerberos
Show Password Expired UI: false
Check Trust Levels: false
Remote Contracts: false
<Reference>:
Reference identifier: krb-token-auth
Type: ContractExecutable
<Reference>:
Reference identifier: krb-mapping
Type: ContractExecutable
<Reference>:
Reference identifier: admin-role-mapping
Type: ContractExecutable
<Reference>:
Reference identifier: iac-bootstrap-role-assignment
Type: ContractExecutable
<AuthContract>:
Id: saml2-contract
DisplayName: SAML2 User Login
Enabled: false
Password Expire URL: false
Base URL: idm:login:user:saml2
Show Password Expired UI: false
Check Trust Levels: false
Remote Contracts: false
<Reference>:
Reference identifier: saml2-auth
Type: ContractExecutable
<Reference>:
Reference identifier: saml2-mapping
Type: ContractExecutable
<Reference>:
Reference identifier: admin-role-mapping
Type: ContractExecutable
<Reference>:
Reference identifier: iac-bootstrap-role-assignment
Type: ContractExecutable
<AuthContract>:
Id: saml2-bearer-contract
DisplayName: SAML2 Bearer Authentication
Enabled: false
Password Expire URL: false
Base URL: urn:ietf:params:oauth:grant-type:saml2-bearer
Show Password Expired UI: false
Check Trust Levels: false
Remote Contracts: false
<Reference>:
Reference identifier: saml2-bearer-auth
Type: ContractExecutable
<Reference>:
Reference identifier: saml2-mapping
Type: ContractExecutable
<Reference>:
Reference identifier: admin-role-mapping
Type: ContractExecutable
<Reference>:
Reference identifier: iac-bootstrap-role-assignment
Type: ContractExecutable
<Protocols>:
<OAuth2Protocol>:
Type: oauth2
Display name: oauth2 oauth2
Enabled: true
<OAuth2ApplicationTemplate>:
Id: idm
DisplayName: IDM OAuth Application
<NamedValues>:
Auto created: true
Identifier: idm
Enabled: true
Display name: IDM OAuth Application
HMAC algorithm: HmacSHA256
Access token TTL: 120 seconds
Auth code TTL: 120 seconds
Refresh token TTL: 2592000 seconds
Use token revocation: false
Use session-based token revocation: true
Session-based token revocation entry TTL: 172800 seconds
Supports refresh tokens: true
Supports authorization code: true
Supports implicit: true
Supports resource owner credentials: true
Resource owner grant contract identifier: ro-np-contract
Supports client credentials: true
Secondary naming attribute: mail
RFC-6750-compliant responses: false
<Reference>:
Reference identifier: ro-np-contract
Type: AuthContract
Decorator: resource-owner-credentials
<Reference>:
Reference identifier: krb-token-contract
Type: AuthContract
Decorator: ext-grant
<Reference>:
Reference identifier: saml2-bearer-contract
Type: AuthContract
Decorator: ext-grant
<Reference>:
Reference identifier: 127
Type: SymmetricKey
Decorator: hmac
<Reference>:
Reference identifier: bisadus
Type: AuthenticationSource
<Reference>:
Reference identifier: asf1
Type: AuthenticationSource
<RedirectUrlList>:
<Reference>:
Reference identifier: ro-np-contract
Type: AuthContract
Decorator: resource-owner-credentials
<Reference>:
Reference identifier: krb-token-contract
Type: AuthContract
Decorator: ext-grant
<Reference>:
Reference identifier: saml2-bearer-contract
Type: AuthContract
Decorator: ext-grant
<Reference>:
Reference identifier: 127
Type: SymmetricKey
Decorator: hmac
<Reference>:
Reference identifier: bisadus
Type: AuthenticationSource
<Reference>:
Reference identifier: asf1
Type: AuthenticationSource
<AttributeMapping>:
1:1 default: true
1:1: true
Use source/target: false
<AttributeMapEntry>:
Local name: {$oauth-valid-to}
Native name: expiration
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: userDN
Native name: name
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: first_name
Native name: first_name
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: language
Native name: language
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: last_name
Native name: last_name
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: {$oauth-app-id}
Native name: client
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: initials
Native name: initials
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: cacheable
Native name: cacheable
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: roles
Native name: roles
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: mail
Native name: email
Cachable default: false
Cachable: false
Private: false
<AttributeMapEntry>:
Local name: {$oauth-auth-src-id}
Native name: auth_src_id
Cachable default: false
Cachable: false
Private: false
<NamedValues>:
Auto created: true
<OpenIdConnect>:
Enabled: true
Signature Algorithm: default
<UserInterface>:
Continue button: true
<OAuth2Clients>:
<Reference>:
Reference identifier: idm
Type: OAuth2ApplicationTemplate
<Client>:
Client identifier: sspr
Client secret: ********
Type: confidential
<RedirectUrlList>:
<Url>:
Id: bee9e303-9dee-4e4b-a2e6-ea40940cae79
DisplayName: https://idmapps.domain.com:8443/sspr/public/oauth
URL: https://idmapps.domain.com:8443/sspr/public/oauth
Case-sensitive: true
<Url>:
Id: 27cc2187-b033-4bf5-a6ee-ba3519af0ee7
DisplayName: https://192.168.0.158:8443/sspr/public/oauth
URL: https://192.168.0.158:8443/sspr/public/oauth
Case-sensitive: true
<TemplateOverride>:
Supports Authorization Code Grant: true
Supports Implicit Grant: true
<Client>:
Client identifier: cx
Client secret: ********
Type: confidential
<RedirectUrlList>:
<Url>:
Id: 6115fc96-8cee-401a-b515-088949c26881
DisplayName: https://idgov.domain.com:8443/cx/oauth.html
URL: https://idgov.domain.com:8443/cx/oauth.html
Case-sensitive: true
<Url>:
Id: 2d0f19f3-986c-4f35-9932-52ef49ba2968
DisplayName: https://192.168.0.98:8443/cx/oauth.html
URL: https://192.168.0.98:8443/cx/oauth.html
Case-sensitive: true
<Url>:
Id: e3b84b34-a035-4494-939f-1cb76b453824
DisplayName: https://idgovsrv1.server.domain.com:8443/cx/oauth.html
URL: https://idgovsrv1.server.domain.com:8443/cx/oauth.html
Case-sensitive: true
<Client>:
Client identifier: idmdash
Client secret: ********
Type: confidential
<RedirectUrlList>:
<Url>:
Id: 7a408d7b-cd5e-4c87-b2c7-dbff4ea06f3f
DisplayName: https://idmapps.domain.com:8443/idmdash/oauth.html
URL: https://idmapps.domain.com:8443/idmdash/oauth.html
Case-sensitive: true
<Url>:
Id: 9e4982e6-e543-41d0-81f5-177e3fbb3324
DisplayName: https://192.168.0.158:8443/idmdash/oauth.html
URL: https://192.168.0.158:8443/idmdash/oauth.html
Case-sensitive: true
<TemplateOverride>:
Supports Implicit Grant: true
<Client>:
Client identifier: dcsdrv
Client secret: ********
Type: confidential
<RedirectUrlList>:
<TemplateOverride>:
Supports Resource Owner Password Credentials Grant: true
<Client>:
Client identifier: idmadmin
Client secret: ********
Type: confidential
<RedirectUrlList>:
<Url>:
Id: d23b17db-07a2-475e-8127-4c827205e62c
DisplayName: https://idmapps.domain.com:8443/idmadmin/oauth.html
URL: https://idmapps.domain.com:8443/idmadmin/oauth.html
Case-sensitive: true
<Url>:
Id: bbe05337-151b-4f3d-9e22-9f200264e9e6
DisplayName: https://192.168.0.158:8443/idmadmin/oauth.html
URL: https://192.168.0.158:8443/idmadmin/oauth.html
Case-sensitive: true
<TemplateOverride>:
Supports Implicit Grant: true
<Client>:
Client identifier: wf
Client secret: ********
Type: confidential
<RedirectUrlList>:
<TemplateOverride>:
Supports Client Credentials grant: true
<Client>:
Client identifier: iac-dtp
Client secret: ********
Type: confidential
<RedirectUrlList>:
<TemplateOverride>:
Supports Client Credentials grant: true
<Client>:
Client identifier: idmdcs
Client secret: ********
Type: confidential
<RedirectUrlList>:
<Url>:
Id: 4371478b-ab64-4c3f-889c-45ba1d376a46
DisplayName: http://localhost:8180/idmdcs/oauth.html
URL: http://localhost:8180/idmdcs/oauth.html
Case-sensitive: true
<Url>:
Id: 8ead2039-69a9-4d6e-abc5-41a35e4609ff
DisplayName: http://127.0.0.1:8180/idmdcs/oauth.html
URL: http://127.0.0.1:8180/idmdcs/oauth.html
Case-sensitive: true
<Url>:
Id: ac7ca52a-bab1-435d-8523-8debda93e3cd
DisplayName: http://idmapps1.server.domain.com:8180/idmdcs/oauth.html
URL: http://idmapps1.server.domain.com:8180/idmdcs/oauth.html
Case-sensitive: true
<Url>:
Id: d3fc4bbd-414a-4578-be52-47e43217ebde
DisplayName: http://10.192.67.150:8180/idmdcs/oauth.html
URL: http://10.192.67.150:8180/idmdcs/oauth.html
Case-sensitive: true
<TemplateOverride>:
Supports Implicit Grant: true
<Client>:
Client identifier: rbpm
Client secret: ********
Type: confidential
<RedirectUrlList>:
<Url>:
Id: 2c781423-344f-4b2b-9c8a-d4efe35860f7
DisplayName: https://idmapps.domain.com:8443/IDMProv/oauth
URL: https://idmapps.domain.com:8443/IDMProv/oauth
Case-sensitive: true
<Url>:
Id: 70aeb07d-ebdb-4ad7-bb15-0ddca05c1d2f
DisplayName: https://192.168.0.158:8443/IDMProv/oauth
URL: https://192.168.0.158:8443/IDMProv/oauth
Case-sensitive: true
<TemplateOverride>:
Supports Authorization Code Grant: true
Supports Implicit Grant: true
<Client>:
Client identifier: iac-daas
Client secret: ********
Type: confidential
<RedirectUrlList>:
<TemplateOverride>:
Supports Client Credentials grant: true
<Client>:
Client identifier: iac-service
Client secret: ********
Type: confidential
<RedirectUrlList>:
<TemplateOverride>:
Supports Client Credentials grant: true
<Client>:
Client identifier: iac
Client secret: ********
Type: confidential
<RedirectUrlList>:
<Url>:
Id: 1b2e8259-1a0b-48ff-80a6-43dbf2b250c9
DisplayName: https://idgov.domain.com:8443/oauth.html
URL: https://idgov.domain.com:8443/oauth.html
Case-sensitive: true
<Url>:
Id: f84c54af-bf11-4548-b53f-fae16a2f4d45
DisplayName: https://192.168.0.98:8443/oauth.html
URL: https://192.168.0.98:8443/oauth.html
Case-sensitive: true
<Url>:
Id: 22541054-6770-4ff6-b152-5fa2f1a021ce
DisplayName: https://idgovsrv1.server.domain.com:8443/oauth.html
URL: https://idgovsrv1.server.domain.com:8443/oauth.html
Case-sensitive: true
<Client>:
Client identifier: rpt
Client secret: ********
Type: confidential
<RedirectUrlList>:
<Url>:
Id: fb9b8654-97bf-4201-a7c4-5aaac078c762
DisplayName: https://idmapps.domain.com:8443/IDMRPT/oauth.html
URL: https://idmapps.domain.com:8443/IDMRPT/oauth.html
Case-sensitive: true
<Url>:
Id: 5cb6f72c-b5af-4a4f-8a8a-74bc47f8c057
DisplayName: https://192.168.0.158:8443/IDMRPT/oauth.html
URL: https://192.168.0.158:8443/IDMRPT/oauth.html
Case-sensitive: true
<TemplateOverride>:
Supports Implicit Grant: true
Supports Resource Owner Password Credentials Grant: true
<SAML2Protocol>:
Type: saml2
Display name: saml2 saml2
Enabled: false
Sign metadata: false
<SAML2SP>:
SAML2 SSO All Prof Artifact: false
SAML2 SSO Prof Post: true
SAML2 SSO Prof Redirect: true
SAML2 Logout Prof Redirect: true
SAML2 Logout Prof SOAP: true
SAML2 Name Mgmt Prof Redirect: false
SAML2 Name Mgmt Prof Post: false
SAML2 Name Mgmt Prof Soap: false
Report rolled keys in metadata: false
<TrustedIDP>:
Id: saml2-idp
DisplayName: SAML2 Identity Provider
Enabled: true
Expiration date: <not set>
Validate metadata cert: false
<Metadata>:
Fail on error: true
Base64: false
<AccessSettings>:
Auto Intro: <not set>
Force Auth At IDP: <not set>
Create Federation At Login: <not set>
Proxy Count: <not set>
Identifier Format: <not set>
Requested Context Type: none
SOAP Security Method: none
Encrypt Name Ids: <not set>
Encrypt Assertions: <not set>
Authentication response Proto Binding: HTTP-POST
Proxy Requests from SPs: <not set>
Attribute Map Ref Id: saml2-attr-map
Security Token Modifier Attribute: <not set>
Name Extraction pattern: <not set>
Signature digest algorithm: <not set>
<Reference>:
Reference identifier: saml2-attr-map
Type: AssertionAttributeMap
<Binding>:
Binding: HTTP-POST
SSO: true
SLO: true
Name management: <not set>
Signature digest algorithm: <not set>
<Binding>:
Binding: HTTP-Redirect
SSO: true
SLO: true
Name management: <not set>
Signature digest algorithm: <not set>
<LoginParameters>:
Require Signed Authn Requests: false
Require Signed Assertions: false
Sign Authn Requests: false
Use IDP Publishing: false
Use IDP Discovery: false
Single Logout Method: false
<PasswordAuthentication>:
Id: np-auth
DisplayName: Name/Password (Form)
Enabled: true
Java classname: internal.osp.oidp.service.authentication.classes.system.PasswordClass
<Reference>:
Reference identifier: captcha-config
Type: Captcha
<Reference>:
Reference identifier: bisadus
Type: AuthenticationSource
<Reference>:
Reference identifier: asf1
Type: AuthenticationSource
Max principal name length: 512
Continue button: true
Use hints: false
<DuplicateResolution>:
Attr name: mail
Form identifier: secAttr
Display name resource identifier: OIDPENDUSER.idm.username.secondary
Max password length: 512
Allow show/hide: undefined
Show/hide initial state: undefined
Cache password: false
<SignInHelp>:
Url: https://idmapps.domain.com:8443/sspr/public?forwardURL=%24{Request.Url}&logoutURL=%24{Request.Url}
Target: _self
Display name resource identifier: OIDPENDUSER.50077
Title resource identifier: OIDPENDUSER.50078
<DisplayLink>:
Target: _self
Display name resource identifier: OIDPENDUSER.idm.forgot-username
Title resource identifier: OIDPENDUSER.idm.forgot-username-title
<DisplayLink>:
Target: _self
Display name resource identifier: OIDPENDUSER.idm.activate-account
Title resource identifier: OIDPENDUSER.idm.activate-account-title
<PasswordAuthentication>:
Id: np-bg-auth
DisplayName: Name/Password Background
Enabled: true
Java classname: internal.osp.oidp.service.authentication.classes.system.PasswordClass
<Reference>:
Reference identifier: bisadus
Type: AuthenticationSource
<Reference>:
Reference identifier: asf1
Type: AuthenticationSource
Max principal name length: 512
Continue button: true
Use hints: false
<DuplicateResolution>:
Attr name: mail
Form identifier: secAttr
Display name resource identifier: OIDPENDUSER.idm.username.secondary
Max password length: 512
Allow show/hide: undefined
Show/hide initial state: undefined
Cache password: false
<SSPRChecks>:
Id: sspr-checks
DisplayName: SSPR Checks
Enabled: true
Java classname: internal.osp.oidp.service.authentication.classes.sspr.SSPRChecksClass
<Reference>:
Reference identifier: bisadus
Type: AuthenticationSource
Status URL: https://idmapps.domain.com:8443/sspr/public/rest/status
Check URL: https://idmapps.domain.com:8443/sspr/private/CommandServlet?processAction=checkAll
Forward URL param name: forwardURL
Logout URL param name: logoutURL
Ignore certificate subject: false
<SSPRChecks>:
Id: krb-sspr-checks
DisplayName: SSPR Checks
Enabled: false
Java classname: internal.osp.oidp.service.authentication.classes.sspr.SSPRChecksClass
<Reference>:
Reference identifier: bisadus
Type: AuthenticationSource
Status URL: https://idmapps.domain.com:8443/sspr/public/rest/status
Check URL: https://idmapps.domain.com:8443/sspr/private/CommandServlet?processAction=checkAll
Forward URL param name: forwardURL
Logout URL param name: logoutURL
Ignore certificate subject: false
<SpnegoAuthentication>:
Id: krb-auth
DisplayName: Kerberos Authentication
Enabled: false
Java classname: internal.osp.oidp.spnego.authclass.SpnegoClass
<Reference>:
Reference identifier: np-contract
Type: AuthContract
<Reference>:
Reference identifier: as-krb
Type: AuthenticationSource
Enforce HTTPS: false
Redirect page: no_kerberos
Redirect delay (seconds): 5
<KerberosTokenAuthentication>:
Id: krb-token-auth
DisplayName: Kerberos Token Authentication
Enabled: false
Java classname: internal.osp.oidp.spnego.authclass.KerberosTokenClass
<Reference>:
Reference identifier: as-krb
Type: AuthenticationSource
<PrincipalMapping>:
Id: krb-mapping
DisplayName: Kerberos Principal Mapping
Enabled: false
Java classname: internal.osp.oidp.service.authentication.classes.PrincipalMapping
<Reference>:
Reference identifier: as-krb
Type: AuthenticationSource
Decorator: srcId
<Reference>:
Reference identifier: bisadus
Type: AuthenticationSource
Decorator: destId
Expression: &(=(s[krbPrincipalName],t[cn]),=(t[objectClass],"inetOrgPerson"))
Check login policy: false
Fail authentication if principal doesn't result in mapping: true
Show error page on failure: true
<AttributeMapping>:
1:1 default: undefined
1:1: false
Use source/target: false
<IDPAuthentication>:
Id: saml2-auth
DisplayName: SAML2 Authentication
Enabled: false
Java classname: internal.osp.oidp.service.protocol.authentication.classes.IDPAuthenticationClass
<Reference>:
Reference identifier: as-saml2
Type: AuthenticationSource
Bearer only: false
<IDPAuthentication>:
Id: saml2-bearer-auth
DisplayName: SAML2 Bearer Authentication
Enabled: false
Java classname: internal.osp.oidp.service.protocol.authentication.classes.IDPAuthenticationClass
<Reference>:
Reference identifier: as-saml2
Type: AuthenticationSource
Bearer only: true
<PrincipalMapping>:
Id: saml2-mapping
DisplayName: SAML2 Principal Mapping
Enabled: false
Java classname: internal.osp.oidp.service.authentication.classes.PrincipalMapping
<Reference>:
Reference identifier: as-saml2
Type: AuthenticationSource
Decorator: srcId
<Reference>:
Reference identifier: bisadus
Type: AuthenticationSource
Decorator: destId
Expression: =(s[saml2-mapping-attr],t[mail])
Check login policy: false
Fail authentication if principal doesn't result in mapping: true
Show error page on failure: true
<AttributeMapping>:
1:1 default: undefined
1:1: false
Use source/target: false
<RoleMapping>:
Id: admin-role-mapping
DisplayName: IDM Admin Role Mapping
Enabled: true
Expression: |(*=(t[roles],"cn=rbpmAdmin,*,cn=RoleDefs,cn=RoleConfig,cn=AppConfig,*"),*=(t[roles],"cn=secAdmin,*,cn=RoleDefs,cn=RoleConfig,cn=AppConfig,*"))
<RoleMapping>:
Id: oauth2-client-role-mapping
DisplayName: OAuth2 Client Role Mapping
Enabled: true
Expression: =(t[grant-types],"client_credentials")
<RoleAssignment>:
Id: iac-bootstrap-role-assignment
DisplayName: Access Review Bootstrap Admin Role Assignment
Enabled: true
Java classname: internal.osp.oidp.service.authentication.classes.RoleAssignment
<Reference>:
Reference identifier: asf1
Type: AuthenticationSource
Principal: iacadmin
<NaafFactor>:
Id: naaf-2nd-factor
DisplayName: AAF Second Factor Authentication
Enabled: false
Java classname: internal.osp.oidp.aa.auth.NaafFactor
<Reference>:
Reference identifier: as-naaf
Type: AuthenticationSource
Max password length: 512
Continue button: true
Allow show/hide: true
Show/hide initial state: undefined
Use hints: false
<Repository>:
<Reference>:
Reference identifier: bisadus
Type: AuthenticationSource
<LookupAttribute>:
Name: mail
<LookupAttribute>:
Name: userCN
<Method>:
Method: SMARTPHONE:1
Enabled: true
Priority: 1
<NamedValues>:
Auto created: false
pollingInterval=3
<Method>:
Method: TOTP:1
Enabled: true
Priority: 2
<NamedValues>:
Auto created: false
<Method>:
Method: VOICE:1
Enabled: true
Priority: 3
<NamedValues>:
Auto created: false
pollingInterval=3
<Method>:
Method: SMS_OTP:1
Enabled: true
Priority: 4
<AutoEnroll>:
Selection expression: !null(t[mobile])
<NamedValues>:
Auto created: false
Selection expression: !null(t[mobile])
<Method>:
Method: HOTP:1
Enabled: true
Priority: 5
<NamedValues>:
Auto created: false
<Method>:
Method: EMAIL_OTP:1
Enabled: true
Priority: 6
<AutoEnroll>:
Selection expression: !null(t[mail])
<NamedValues>:
Auto created: false
Selection expression: !null(t[mail])
<Method>:
Method: SECQUEST:1
Enabled: false
Priority: 7
<NamedValues>:
Auto created: false
<Method>:
Method: PASSWORD:1
Enabled: false
Priority: 8
<NamedValues>:
Auto created: false
<Method>:
Method: LDAP_PASSWORD:1
Enabled: false
Priority: 9
<NamedValues>:
Auto created: false
<NaafFactor>:
Id: naaf-bootstrap-admin-factor
DisplayName: AR Bootstrap Admin Second Factor Authentication
Enabled: false
Java classname: internal.osp.oidp.aa.auth.NaafFactor
<Reference>:
Reference identifier: as-naaf
Type: AuthenticationSource
Max password length: 512
Continue button: true
Allow show/hide: true
Show/hide initial state: undefined
Use hints: false
<Repository>:
<Reference>:
Reference identifier: asf1
Type: AuthenticationSource
<LookupAttribute>:
Name: userDN
Name: LOCAL
<Method>:
Method: SMARTPHONE:1
Enabled: true
Priority: 1
<NamedValues>:
Auto created: false
pollingInterval=3
<Method>:
Method: TOTP:1
Enabled: true
Priority: 2
<NamedValues>:
Auto created: false
<Method>:
Method: HOTP:1
Enabled: true
Priority: 3
<NamedValues>:
Auto created: false
<Method>:
Method: SECQUEST:1
Enabled: false
Priority: 4
<NamedValues>:
Auto created: false
<Method>:
Method: PASSWORD:1
Enabled: false
Priority: 5
<NamedValues>:
Auto created: false
<Captcha>:
Id: captcha-config
DisplayName: CAPTCHA Configuration
Type: none
Attempts before required: 0
<ReCaptcha>:
Theme: white
<ReCaptcha2>:
Theme: light
Data type: default
Data size: default
<Organization>:
DisplayName: Micro Focus
Name: Micro Focus
URL: https://www.microfocus.com
<ContactPerson>:
Contact type: technical
Company name: Micro Focus
Given name: Micro
Surname: Focus
Email address: support@netiq.com
Telephone number: 1-801-861-4000
<Policy>:
<Logout>:
showLogoutConfirmation: false
hasFinal: false
<RedirectUrl>:
URL: https://idmapps.domain.com:8443/sspr/public/Logout
Return parameter name: logoutURL
Final: false
Case-sensitive: false
Compare app only: true
<RedirectUrl>:
URL: https://idmapps.domain.com:8443/IDMProv/logout.do
Return parameter name: target
Final: false
Case-sensitive: false
Compare app only: true
<LandingPage>:
Selection expression: |(&(&(=(s[Java.Property.com.netiq.idm.osp.logout.landing-page],"true"),=(s[SessionData.Transient.AuthnUris],"idm:login:user:kerberos")),!(=(s[Session.Markup.no-nego],"true"))),&(=(s[Java.Property.com.netiq.idm.osp.logout.saml2.landing-page],"internal"),=(s[SessionData.Transient.AuthnUris],"idm:login:user:saml2")))
<DisplayLink>:
Url: ${logout-return-target}
Target: _self
Display name resource identifier: OIDPENDUSER.50056
Title resource identifier: OIDPENDUSER.50080
<ForgotPassword>:
Target: _self
Display name resource identifier: OIDPENDUSER.50061
Title resource identifier: OIDPENDUSER.50079
<SignInHelp>:
Url: https://idmapps.domain.com:8443/sspr/public?forwardURL=%24{Request.Url}&logoutURL=%24{Request.Url}
Target: _blank
Display name resource identifier: OIDPENDUSER.50077
Title resource identifier: OIDPENDUSER.50078
<TargetWhitelist>:
Enabled: true
Configuration mode: auto
<RedirectUrlList>:
Preamble: [OIDP]
Priority Level: WARNING
Java: internal.osp.framework.OSPTenantLogger.buildConfigurationLog() [309] thread=localhost-startStop-1
Time: 2019-01-31T16:31:47.704+0100
Log Data: AuthenticationService[OSP Configuration (id=auth)] configuration validation resulted in warnings:
Validation messages (5):
1) Warning: AuthenticationService[OSP Configuration (id=auth)]/FileDataSource[CSV File Data Source (id=firstFile)]
Specified file does not exist: /opt/netiq/idm/apps/osp/adminusers.txt
2) Information: AuthenticationService[OSP Configuration (id=auth)]/LDAPDataSource[LDAP Directory Data Source (id=idm_idv)]/Server[idmapps1.server.domain.com:636]
The LDAP data store configured LDAP bind timeout value will be used.
3) Information: AuthenticationService[OSP Configuration (id=auth)]/LDAPDataSource[LDAP Directory Data Source (id=idm_idv)]/Server[idmapps1.server.domain.com:636]
The LDAP data store configured read timeout value will be used.
4) Information: AuthenticationService[OSP Configuration (id=auth)]/LDAPDataSource[LDAP Directory Data Source (id=idm_idv)]
The OSP system LDAP bind timeout value will be used.
5) Information: AuthenticationService[OSP Configuration (id=auth)]/LDAPDataSource[LDAP Directory Data Source (id=idm_idv)]
The OSP system LDAP read timeout value will be used.
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.configuration.ConfigurationManager.loadCluster() [1582] thread=localhost-startStop-1
Time: 2019-01-31T16:31:47.912+0100
Elapsed time: 316.31 microseconds
Log Data: Loading cluster configuration:
Cluster forwarding enabled: false
Cluster cookie enabled: true
Preamble: [OSP]
Priority Level: FINEST
Java: internal.osp.framework.image.OSPImagePool.add() [226] thread=localhost-startStop-1
Time: 2019-01-31T16:31:47.913+0100
Log Data: Added 1 image set(s) to the image pool
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.configuration.ConfigurationManager.persistExternalFiles() [1847] thread=localhost-startStop-1
Time: 2019-01-31T16:31:47.914+0100
Log Data: Examined 0 external file(s).
Priority Level: FINEST
Java: internal.atlaslite.jcce.ldap.jndi.JNDIConnectionPool.<init>() [125] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.052+0100
Log Data: Class: JNDIConnectionPool
Id: PL9f9a218d-5c53-4ebe-af4d-f973fcbdfc4c:807b0936-10ed-42bd-aeb8-e1be3e7a038c
Name: LDAP Directory Data Source/idmapps1.server.domain.com:636
Admin: cn=admin,ou=sa,o=system
Admin password: ********
Open: false
Max connections: 31
Socket factory: internal.osp.framework.util.net.client.OSP_SocketFactory
TLS socket factory: internal.osp.framework.util.net.client.OSP_SSLSocketFactory
Skip count: 10
Wait reservation timeout: 60000
Priority Level: INFO
Java: internal.atlaslite.jcce.ldap.jndi.JNDIStoreReplica.<init>() [170] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.053+0100
Log Data:
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.source.ldap.LDAPSource.<init>() [345] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.030+0100
Elapsed time: 23.844 milliseconds
Log Data: LDAP server:
Opening connection pool:
Identifier: PL9f9a218d-5c53-4ebe-af4d-f973fcbdfc4c:807b0936-10ed-42bd-aeb8-e1be3e7a038c
Host: idmapps1.server.domain.com
Preamble: [OIDP]
Priority Level: WARNING
Java: internal.osp.oidp.service.source.file.FileSource.<init>() [156] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.059+0100
Log Data: File specified by '/opt/netiq/idm/apps/osp/adminusers.txt' does not exist.
Preamble: [OIDP]
Priority Level: WARNING
Java: internal.osp.framework.OSPTenantLogger.buildAuthenticationLog() [229] thread=localhost-startStop-1
Time: 2019-01-31T16:31:47.704+0100
Log Data: The file /opt/netiq/idm/apps/osp/adminusers.txt does not exist. File source: firstFile
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.configuration.ConfigurationManager$CollectionLoader.load() [3290] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.017+0100
Elapsed time: 46.586 milliseconds
Log Data: Examined 6 Data Source(s):
Loaded LDAPDataSource[LDAP Directory Data Source (id=idm_idv)]: internal.osp.oidp.service.source.ldap.LDAPSource:
Loaded FileDataSource[CSV File Data Source (id=firstFile)]: internal.osp.oidp.service.source.file.FileSource:
Ignored disabled KerberosDataSource[Kerberos Data Source (id=ds-krb)].
Ignored disabled OAuth2SAML2DataSource[saml2].
Ignored disabled NaafDataSource[Advanced Authentication Data Source (id=ds-naaf)].
Loaded OAuth2ClientDataSource[Automatically-generated OAuth2 Client Data Source (id=oauth2)]: internal.osp.oidp.service.source.oauth2.OAuth2ClientDataSource:
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.configuration.ConfigurationManager$CollectionLoader.load() [3290] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.065+0100
Elapsed time: 3.713 microseconds
Log Data: Examined 0 Attribute Source(s).
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.configuration.ConfigurationManager$CollectionLoader.load() [3290] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.066+0100
Elapsed time: 3.242 microseconds
Log Data: Examined 0 Attribute Sink(s).
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.configuration.ConfigurationManager$CollectionLoader.load() [3290] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.066+0100
Elapsed time: 3.92 microseconds
Log Data: Examined 0 Attribute Stores(s).
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.configuration.ConfigurationManager$CollectionLoader.load() [3290] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.067+0100
Elapsed time: 3.61 microseconds
Log Data: Examined 0 Principal Instance Data Store(s).
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.source.ldap.LDAPAuthenticationSource.<init>() [351] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.103+0100
Log Data: Class: LDAPAuthenticationSource
Id: bisadus
Name: LDAP Directory User Authentication
Restrict to contexts: false
Principal by name filter: (&(objectClass=User)(|(cn=src.{$authsource.NamingAttr})(mail=src.{$authsource.NamingAttr})))
Principal by guid filter: (&(objectClass=User)(GUID={$ldap.authsource.user_guid}))
Class: SingleAttrStore
Id: auto-0-idm_idv
Name: (Auto 1) LDAP Directory Data Source
Order: 0
Scope: subtree
Context: ou=Users,o=data
Order: 1
Scope: subtree
Context: ou=sa,o=system
Class: UserStoreAttributeMap
Id: LDAP Directory User Authentication
Name: bisadus
Local to native mapping:
Local name: dn
Class: UserStoreMapEntry
Native name: {$dn}
Cachable: false
Private: false
Search read: true
Local name: first_name
Class: UserStoreMapEntry
Native name: givenName
Cachable: false
Private: false
Search read: true
Local name: fullName
Class: UserStoreMapEntry
Native name: fullName
Cachable: false
Private: false
Search read: true
Local name: initials
Class: UserStoreMapEntry
Native name: initials
Cachable: false
Private: false
Search read: true
Local name: language
Class: UserStoreMapEntry
Native name: srvprvPreferredLocale
Cachable: false
Private: false
Search read: true
Local name: last_name
Class: UserStoreMapEntry
Native name: sn
Cachable: false
Private: false
Search read: true
Local name: mail
Class: UserStoreMapEntry
Native name: mail
Cachable: false
Private: false
Search read: true
Local name: mobile
Class: UserStoreMapEntry
Native name: mobile
Cachable: false
Private: false
Search read: true
Local name: roles
Class: UserStoreMapEntry
Native name: nrfMemberOf
Cachable: false
Private: false
Search read: true
Local name: saml2-mapping-attr
Class: UserStoreMapEntry
Native name: mail
Cachable: false
Private: false
Search read: true
Local name: userCN
Class: UserStoreMapEntry
Native name: cn
Cachable: false
Private: false
Search read: true
Local name: userDN
Class: UserStoreMapEntry
Native name: {$dn}
Cachable: false
Private: false
Search read: true
Local name: {$authsource.ObjectNameAttr}
Class: UserStoreMapEntry
Native name: objectClass
Cachable: false
Private: false
Search read: true
Preamble: [OIDP]
Priority Level: INFO
Java: internal.osp.framework.OSPTenantLogger.buildConfigurationLog() [309] thread=localhost-startStop-1
Time: 2019-01-31T16:31:47.704+0100
Log Data: CSV File User Authentication(id=asf1): No instance data store configured or available.
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.source.file.FileAuthenticationSource.<init>() [164] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.387+0100
Log Data: Class: FileAuthenticationSource
Id: asf1
Name: CSV File User Authentication
Data source: CSV File Data Source(id=firstFile)
Class: UserStoreAttributeMap
Id: CSV File User Authentication
Name: asf1
Local to native mapping:
Local name: first_name
Class: UserStoreMapEntry
Native name: 2
Cachable: false
Private: false
Search read: true
Local name: internal.osp.oidp.service.source.authplugin.PasswordAuthPlugin.password-attr
Class: UserStoreMapEntry
Native name: 1
Cachable: false
Private: false
Search read: true
Local name: last_name
Class: UserStoreMapEntry
Native name: 3
Cachable: false
Private: false
Search read: true
Local name: userDN
Class: UserStoreMapEntry
Native name: 0
Cachable: false
Private: false
Search read: true
Preamble: [OIDP]
Priority Level: INFO
Java: internal.osp.framework.OSPTenantLogger.buildConfigurationLog() [309] thread=localhost-startStop-1
Time: 2019-01-31T16:31:47.704+0100
Log Data: Automatically-generated OAuth2 Client Authentication Source(id=oauth2): No instance data store configured or available.
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.configuration.ConfigurationManager$CollectionLoader.load() [3290] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.068+0100
Elapsed time: 321.141 milliseconds
Log Data: Examined 6 Authentication Source(s):
Loaded LDAPAuthenticationSource[LDAP Directory User Authentication (id=bisadus)]: internal.osp.oidp.service.source.ldap.LDAPAuthenticationSource:
Loaded FileAuthenticationSource[CSV File User Authentication (id=asf1)]: internal.osp.oidp.service.source.file.FileAuthenticationSource:
Ignored disabled KerberosAuthenticationSource[Kerberos User Authentication (id=as-krb)].
Ignored disabled IDPAuthenticationSource[SAML 2.0 User Authentication (id=as-saml2)].
Ignored disabled NaafAuthenticationSource[Advanced Authentication (id=as-naaf)].
Loaded OAuth2ClientAuthenticationSource[Automatically-generated OAuth2 Client Authentication Source (id=oauth2)]: internal.osp.oidp.service.source.oauth2.OAuth2ClientAuthenticationSource:
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.configuration.ConfigurationManager.loadAuthClasses() [1868] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.395+0100
Log Data: Examined 1 Authentication Class(es):
Loaded AuthClass[Automatically-generated Bearer Token Class (id={$auto}-token-class)]: internal.osp.oidp.service.authentication.classes.BearerTokenAuthenticationClass:
Named Value(s) Count: 1
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.configuration.ConfigurationManager.loadAuthMethods() [1932] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.396+0100
Log Data: Examined 1 Authentication Method(s):
Loaded AuthMethod[Automatically-generated Bearer Token Method (id={$auto}-token-method)]:
Named Value(s) Count: 0
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.configuration.ConfigurationManager.autoWireMethod() [2804] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.401+0100
Log Data: Examined 1 Automatically-configured Authentication Class(es):
Loaded AuthClass[(Auto) Name/Password (Form) Class (id={$auto}-np-auth-class)]: internal.osp.oidp.service.authentication.classes.system.PasswordClass:
Named Value(s) Count: 2
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.configuration.ConfigurationManager.autoWireMethod() [2811] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.402+0100
Log Data: Examined 1 Automatically-configured Authentication Method(s):
Loaded AuthMethod[(Auto) Name/Password (Form) Method (id={$auto}-np-auth-method)]:
Named Value(s) Count: 0
Added Authentication Source LDAP Directory User Authentication(id=bisadus)
Added Authentication Source CSV File User Authentication(id=asf1)
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.configuration.ConfigurationManager.autoWireMethod() [2804] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.403+0100
Log Data: Examined 1 Automatically-configured Authentication Class(es):
Loaded AuthClass[(Auto) SSPR Checks Class (id={$auto}-sspr-checks-class)]: internal.osp.oidp.service.authentication.classes.sspr.SSPRChecksClass:
Named Value(s) Count: 2
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.configuration.ConfigurationManager.autoWireMethod() [2811] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.403+0100
Log Data: Examined 1 Automatically-configured Authentication Method(s):
Loaded AuthMethod[(Auto) SSPR Checks Method (id={$auto}-sspr-checks-method)]:
Named Value(s) Count: 0
Added Authentication Source LDAP Directory User Authentication(id=bisadus)
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.configuration.ConfigurationManager.autoWireMethod() [2804] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.406+0100
Log Data: Examined 1 Automatically-configured Authentication Class(es):
Loaded AuthClass[(Auto) IDM Admin Role Mapping Class (id={$auto}-admin-role-mapping-class)]: internal.osp.oidp.service.authentication.classes.RoleMapping:
Named Value(s) Count: 2
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.configuration.ConfigurationManager.autoWireMethod() [2811] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.406+0100
Log Data: Examined 1 Automatically-configured Authentication Method(s):
Loaded AuthMethod[(Auto) IDM Admin Role Mapping Method (id={$auto}-admin-role-mapping-method)]:
Named Value(s) Count: 0
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.configuration.ConfigurationManager.autoWireMethod() [2804] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.408+0100
Log Data: Examined 1 Automatically-configured Authentication Class(es):
Loaded AuthClass[(Auto) Access Review Bootstrap Admin Role Assignment Class (id={$auto}-iac-bootstrap-role-assignment-class)]: internal.osp.oidp.service.authentication.classes.RoleAssignment:
Named Value(s) Count: 2
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.configuration.ConfigurationManager.autoWireMethod() [2811] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.408+0100
Log Data: Examined 1 Automatically-configured Authentication Method(s):
Loaded AuthMethod[(Auto) Access Review Bootstrap Admin Role Assignment Method (id={$auto}-iac-bootstrap-role-assignment-method)]:
Named Value(s) Count: 0
Added Authentication Source CSV File User Authentication(id=asf1)
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.authentication.AuthenticationManager.addContract() [738] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.409+0100
Log Data: Adding Authentication Contract: User Name/Password Login(id=np-contract), Uri: idm:login:user:np
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.authentication.AuthenticationManager.putCard() [263] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.409+0100
Elapsed time: 151.906 microseconds
Log Data: Putting authentication card:
Class: LocalAuthenticationCard
<AuthCard>:
Id: np-contract-$default-card$
DisplayName: User Name/Password Login-$default-card$
Show: false
Authentication Required: true
<Reference>:
Reference identifier: {$default-card-image-set}
Type: ImageSet
Contract Id: np-contract
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.configuration.ConfigurationManager.autoWireMethod() [2804] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.411+0100
Log Data: Examined 1 Automatically-configured Authentication Class(es):
Loaded AuthClass[(Auto) Name/Password Background Class (id={$auto}-np-bg-auth-class)]: internal.osp.oidp.service.authentication.classes.system.PasswordClass:
Named Value(s) Count: 2
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.configuration.ConfigurationManager.autoWireMethod() [2811] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.411+0100
Log Data: Examined 1 Automatically-configured Authentication Method(s):
Loaded AuthMethod[(Auto) Name/Password Background Method (id={$auto}-np-bg-auth-method)]:
Named Value(s) Count: 0
Added Authentication Source LDAP Directory User Authentication(id=bisadus)
Added Authentication Source CSV File User Authentication(id=asf1)
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.configuration.ConfigurationManager.autoWireMethod() [2804] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.411+0100
Log Data: Examined 1 Automatically-configured Authentication Class(es):
Loaded AuthClass[(Auto) IDM Admin Role Mapping Class (id={$auto}-admin-role-mapping-class)]: internal.osp.oidp.service.authentication.classes.RoleMapping:
Named Value(s) Count: 2
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.configuration.ConfigurationManager.autoWireMethod() [2811] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.412+0100
Log Data: Examined 1 Automatically-configured Authentication Method(s):
Loaded AuthMethod[(Auto) IDM Admin Role Mapping Method (id={$auto}-admin-role-mapping-method)]:
Named Value(s) Count: 0
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.configuration.ConfigurationManager.autoWireMethod() [2804] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.412+0100
Log Data: Examined 1 Automatically-configured Authentication Class(es):
Loaded AuthClass[(Auto) Access Review Bootstrap Admin Role Assignment Class (id={$auto}-iac-bootstrap-role-assignment-class)]: internal.osp.oidp.service.authentication.classes.RoleAssignment:
Named Value(s) Count: 2
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.configuration.ConfigurationManager.autoWireMethod() [2811] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.413+0100
Log Data: Examined 1 Automatically-configured Authentication Method(s):
Loaded AuthMethod[(Auto) Access Review Bootstrap Admin Role Assignment Method (id={$auto}-iac-bootstrap-role-assignment-method)]:
Named Value(s) Count: 0
Added Authentication Source CSV File User Authentication(id=asf1)
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.authentication.AuthenticationManager.addContract() [738] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.413+0100
Log Data: Adding Authentication Contract: OAuth2 Resource Owner Credentials Login(id=ro-np-contract), Uri: idm:login:user:ro-np
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.authentication.AuthenticationManager.putCard() [263] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.413+0100
Elapsed time: 39.43 microseconds
Log Data: Putting authentication card:
Class: LocalAuthenticationCard
<AuthCard>:
Id: ro-np-contract-$default-card$
DisplayName: OAuth2 Resource Owner Credentials Login-$default-card$
Show: false
Authentication Required: true
<Reference>:
Reference identifier: {$default-card-image-set}
Type: ImageSet
Contract Id: ro-np-contract
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.configuration.ConfigurationManager.autoWireMethod() [2804] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.414+0100
Log Data: Examined 1 Automatically-configured Authentication Class(es):
Loaded AuthClass[(Auto) IDM Admin Role Mapping Class (id={$auto}-admin-role-mapping-class)]: internal.osp.oidp.service.authentication.classes.RoleMapping:
Named Value(s) Count: 2
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.configuration.ConfigurationManager.autoWireMethod() [2811] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.414+0100
Log Data: Examined 1 Automatically-configured Authentication Method(s):
Loaded AuthMethod[(Auto) IDM Admin Role Mapping Method (id={$auto}-admin-role-mapping-method)]:
Named Value(s) Count: 0
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.configuration.ConfigurationManager.autoWireMethod() [2804] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.414+0100
Log Data: Examined 1 Automatically-configured Authentication Class(es):
Loaded AuthClass[(Auto) OAuth2 Client Role Mapping Class (id={$auto}-oauth2-client-role-mapping-class)]: internal.osp.oidp.service.authentication.classes.RoleMapping:
Named Value(s) Count: 2
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.configuration.ConfigurationManager.autoWireMethod() [2811] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.415+0100
Log Data: Examined 1 Automatically-configured Authentication Method(s):
Loaded AuthMethod[(Auto) OAuth2 Client Role Mapping Method (id={$auto}-oauth2-client-role-mapping-method)]:
Named Value(s) Count: 0
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.configuration.ConfigurationManager.autoWireMethod() [2804] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.415+0100
Log Data: Examined 1 Automatically-configured Authentication Class(es):
Loaded AuthClass[(Auto) Access Review Bootstrap Admin Role Assignment Class (id={$auto}-iac-bootstrap-role-assignment-class)]: internal.osp.oidp.service.authentication.classes.RoleAssignment:
Named Value(s) Count: 2
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.configuration.ConfigurationManager.autoWireMethod() [2811] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.416+0100
Log Data: Examined 1 Automatically-configured Authentication Method(s):
Loaded AuthMethod[(Auto) Access Review Bootstrap Admin Role Assignment Method (id={$auto}-iac-bootstrap-role-assignment-method)]:
Named Value(s) Count: 0
Added Authentication Source CSV File User Authentication(id=asf1)
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.authentication.AuthenticationManager.addContract() [738] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.416+0100
Log Data: Adding Authentication Contract: Automatically-generated Bearer Token Contract(id={$auto}-token-contract), Uri: urn:uiid:b1f60b0f-fef1-4072-9b97-a4ca6440d835
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.authentication.AuthenticationManager.putCard() [263] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.416+0100
Elapsed time: 40.0 microseconds
Log Data: Putting authentication card:
Class: LocalAuthenticationCard
<AuthCard>:
Id: {$auto}-token-contract-$default-card$
DisplayName: Automatically-generated Bearer Token Contract-$default-card$
Show: false
Authentication Required: true
<Reference>:
Reference identifier: {$default-card-image-set}
Type: ImageSet
Contract Id: {$auto}-token-contract
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.configuration.ConfigurationManager.loadAuthContracts() [2222] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.417+0100
Log Data: Examined 7 Authentication Contract(s):
Loaded AuthContract[User Name/Password Login (id=np-contract)]:
Added referenced contract executable (Auto) Name/Password (Form) Method
Ignored disabled referenced contract executable NaafFactor[AAF Second Factor Authentication (id=naaf-2nd-factor)]
Ignored disabled referenced contract executable NaafFactor[AR Bootstrap Admin Second Factor Authentication (id=naaf-bootstrap-admin-factor)]
Added referenced contract executable (Auto) SSPR Checks Method
Added referenced contract executable (Auto) IDM Admin Role Mapping Method
Added referenced contract executable (Auto) Access Review Bootstrap Admin Role Assignment Method
Loaded AuthContract[OAuth2 Resource Owner Credentials Login (id=ro-np-contract)]:
Added referenced contract executable (Auto) Name/Password Background Method
Added referenced contract executable (Auto) IDM Admin Role Mapping Method
Added referenced contract executable (Auto) Access Review Bootstrap Admin Role Assignment Method
Ignored disabled AuthContract[User Kerberos Login (id=krb-contract)].
Ignored disabled AuthContract[Token Kerberos Login (id=krb-token-contract)].
Ignored disabled AuthContract[SAML2 User Login (id=saml2-contract)].
Ignored disabled AuthContract[SAML2 Bearer Authentication (id=saml2-bearer-contract)].
Loaded AuthContract[Automatically-generated Bearer Token Contract (id={$auto}-token-contract)]:
Added referenced contract executable Automatically-generated Bearer Token Method
Added referenced contract executable (Auto) IDM Admin Role Mapping Method
Added referenced contract executable (Auto) OAuth2 Client Role Mapping Method
Added referenced contract executable (Auto) Access Review Bootstrap Admin Role Assignment Method
Longest Timeout Found: 60
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.configuration.ConfigurationManager.setDefaultContracts() [2293] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.417+0100
Elapsed time: 696.729 microseconds
Log Data: Initializing default contracts:
Default contract:
Contract identifier: np-contract
Default contract for type: Password
Contract identifier: np-contract
Enabled: true
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.configuration.ConfigurationManager.loadAttrMaps() [1623] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.419+0100
Log Data: Examined 1 Attribute Map(s):
Loaded AssertionAttributeMap[SAML2 Attribute Map (id=saml2-attr-map)]:
saml2-mapping-attr->mail
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.configuration.ConfigurationManager.initializeProtocols() [2714] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.522+0100
Log Data: Initialized 1 Protocol(s):
Loaded Protocol[oauth2 (id=oauth2,provider=null)]:
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.configuration.ConfigurationManager.initializeTargetWhitelist() [2363] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.523+0100
Elapsed time: 4.641 milliseconds
Log Data: Configured target whitelist:
Class: UriWhitelist
Class: UriPartsComparator
Case-sensitive: true
Scheme: \Qhttps\E
Host: \Qidmapps.domain.com\E
Port mode: match
Port: 8443
Path: \Q/osp/a/idm/auth/\E.*
Class: UriPartsComparator
Case-sensitive: true
Scheme: \Qhttps\E
Host: \Q192.168.0.158\E
Port mode: match
Port: 8443
Path: \Q/osp/a/idm/auth/\E.*
Class: UriPartsComparator
Case-sensitive: false
Scheme: \Qhttp\E
Host: \Qlocalhost\E
Port mode: match
Port: 8180
Class: UriPartsComparator
Case-sensitive: false
Scheme: \Qhttp\E
Host: \Q127.0.0.1\E
Port mode: match
Port: 8180
Class: UriPartsComparator
Case-sensitive: false
Scheme: \Qhttp\E
Host: \Qidmapps1.server.domain.com\E
Port mode: match
Port: 8180
Class: UriPartsComparator
Case-sensitive: false
Scheme: \Qhttp\E
Host: \Q10.192.67.150\E
Port mode: match
Port: 8180
Class: UriPartsComparator
Case-sensitive: false
Scheme: \Qhttps\E
Host: \Qidmapps.domain.com\E
Port mode: match
Port: 8443
Class: UriPartsComparator
Case-sensitive: false
Scheme: \Qhttps\E
Host: \Q192.168.0.158\E
Port mode: match
Port: 8443
Class: UriPartsComparator
Case-sensitive: false
Scheme: \Qhttps\E
Host: \Qidgov.domain.com\E
Port mode: match
Port: 8443
Class: UriPartsComparator
Case-sensitive: false
Scheme: \Qhttps\E
Host: \Q192.168.0.98\E
Port mode: match
Port: 8443
Class: UriPartsComparator
Case-sensitive: false
Scheme: \Qhttps\E
Host: \Qidgovsrv1.server.domain.com\E
Port mode: match
Port: 8443
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.configuration.ConfigurationManager.loadExternalHandlers() [2580] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.527+0100
Log Data: Examined 0 External Handler(s).
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.configuration.ConfigurationManager.initialize() [394] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.529+0100
Log Data: Class: ConfigurationManager
Class: OAuth2Protocol
Display Name: oauth2
Protocol Id: oauth2
Provider Id: https://idmapps.domain.com:8443/osp/a/idm/auth/oauth2/metadata
Security Properties Count: 16
Class: AuthClassDefinition
Id: {$auto}-np-auth-class
Name: (Auto) Name/Password (Form) Class
Type: Password
Count: 0
Class: internal.osp.oidp.service.authentication.classes.system.PasswordClass
Properties Count: 2
Class: AuthClassDefinition
Id: {$auto}-token-class
Name: Automatically-generated Bearer Token Class
Type: Token
Count: 0
Class: internal.osp.oidp.service.authentication.classes.BearerTokenAuthenticationClass
Properties Count: 1
Class: AuthClassDefinition
Id: {$auto}-oauth2-client-role-mapping-class
Name: (Auto) OAuth2 Client Role Mapping Class
Type: RoleAssignment
Count: 0
Class: internal.osp.oidp.service.authentication.classes.RoleMapping
Properties Count: 2
Class: AuthClassDefinition
Id: {$auto}-sspr-checks-class
Name: (Auto) SSPR Checks Class
Type: Validation
Count: 0
Class: internal.osp.oidp.service.authentication.classes.sspr.SSPRChecksClass
Properties Count: 2
Class: AuthClassDefinition
Id: {$auto}-iac-bootstrap-role-assignment-class
Name: (Auto) Access Review Bootstrap Admin Role Assignment Class
Type: RoleAssignment
Count: 0
Class: internal.osp.oidp.service.authentication.classes.RoleAssignment
Properties Count: 2
Class: AuthClassDefinition
Id: {$auto}-np-bg-auth-class
Name: (Auto) Name/Password Background Class
Type: Password
Count: 0
Class: internal.osp.oidp.service.authentication.classes.system.PasswordClass
Properties Count: 2
Class: AuthClassDefinition
Id: {$auto}-admin-role-mapping-class
Name: (Auto) IDM Admin Role Mapping Class
Type: RoleAssignment
Count: 0
Class: internal.osp.oidp.service.authentication.classes.RoleMapping
Properties Count: 2
Class: AuthenticationMethod
Id: {$auto}-iac-bootstrap-role-assignment-method
Name: (Auto) Access Review Bootstrap Admin Role Assignment Method
Type : non-user
Properties Count: 2
Class: AuthClassDefinition
Id: {$auto}-iac-bootstrap-role-assignment-class
Name: (Auto) Access Review Bootstrap Admin Role Assignment Class
Type: RoleAssignment
Count: 0
Class: internal.osp.oidp.service.authentication.classes.RoleAssignment
Properties Count: 2
Class: AuthenticationMethod
Id: {$auto}-np-bg-auth-method
Name: (Auto) Name/Password Background Method
Type : user-authenticate
Properties Count: 2
Class: AuthClassDefinition
Id: {$auto}-np-bg-auth-class
Name: (Auto) Name/Password Background Class
Type: Password
Count: 0
Class: internal.osp.oidp.service.authentication.classes.system.PasswordClass
Properties Count: 2
Class: AuthenticationMethod
Id: {$auto}-token-method
Name: Automatically-generated Bearer Token Method
Type : user-authenticate
Properties Count: 1
Class: AuthClassDefinition
Id: {$auto}-token-class
Name: Automatically-generated Bearer Token Class
Type: Token
Count: 0
Class: internal.osp.oidp.service.authentication.classes.BearerTokenAuthenticationClass
Properties Count: 1
Class: AuthenticationMethod
Id: {$auto}-admin-role-mapping-method
Name: (Auto) IDM Admin Role Mapping Method
Type : non-user
Properties Count: 2
Class: AuthClassDefinition
Id: {$auto}-admin-role-mapping-class
Name: (Auto) IDM Admin Role Mapping Class
Type: RoleAssignment
Count: 0
Class: internal.osp.oidp.service.authentication.classes.RoleMapping
Properties Count: 2
Class: AuthenticationMethod
Id: {$auto}-sspr-checks-method
Name: (Auto) SSPR Checks Method
Type : non-user
Properties Count: 2
Class: AuthClassDefinition
Id: {$auto}-sspr-checks-class
Name: (Auto) SSPR Checks Class
Type: Validation
Count: 0
Class: internal.osp.oidp.service.authentication.classes.sspr.SSPRChecksClass
Properties Count: 2
Class: AuthenticationMethod
Id: {$auto}-np-auth-method
Name: (Auto) Name/Password (Form) Method
Type : user-authenticate
Properties Count: 2
Class: AuthClassDefinition
Id: {$auto}-np-auth-class
Name: (Auto) Name/Password (Form) Class
Type: Password
Count: 0
Class: internal.osp.oidp.service.authentication.classes.system.PasswordClass
Properties Count: 2
Class: AuthenticationMethod
Id: {$auto}-oauth2-client-role-mapping-method
Name: (Auto) OAuth2 Client Role Mapping Method
Type : non-user
Properties Count: 2
Class: AuthClassDefinition
Id: {$auto}-oauth2-client-role-mapping-class
Name: (Auto) OAuth2 Client Role Mapping Class
Type: RoleAssignment
Count: 0
Class: internal.osp.oidp.service.authentication.classes.RoleMapping
Properties Count: 2
Class: AuthenticationContract
Id: np-contract
Name: User Name/Password Login
URI: idm:login:user:np
Trust Level: 0
Timeout: 0
Check Trust Level: false
Show Pwd Expired UI: true
Remote: false
Default: true
Executable: (Auto) Name/Password (Form) Method(id={$auto}-np-auth-method)
Executable: (Auto) SSPR Checks Method(id={$auto}-sspr-checks-method)
Executable: (Auto) IDM Admin Role Mapping Method(id={$auto}-admin-role-mapping-method)
Executable: (Auto) Access Review Bootstrap Admin Role Assignment Method(id={$auto}-iac-bootstrap-role-assignment-method)
Authentication Card: User Name/Password Login-$default-card$(id=np-contract-$default-card$)
Class: AuthenticationContract
Id: ro-np-contract
Name: OAuth2 Resource Owner Credentials Login
URI: idm:login:user:ro-np
Trust Level: 0
Timeout: 0
Check Trust Level: false
Show Pwd Expired UI: false
Remote: false
Default: false
Executable: (Auto) Name/Password Background Method(id={$auto}-np-bg-auth-method)
Executable: (Auto) IDM Admin Role Mapping Method(id={$auto}-admin-role-mapping-method)
Executable: (Auto) Access Review Bootstrap Admin Role Assignment Method(id={$auto}-iac-bootstrap-role-assignment-method)
Authentication Card: OAuth2 Resource Owner Credentials Login-$default-card$(id=ro-np-contract-$default-card$)
Class: AuthenticationContract
Id: {$auto}-token-contract
Name: Automatically-generated Bearer Token Contract
URI: urn:uiid:b1f60b0f-fef1-4072-9b97-a4ca6440d835
Trust Level: 0
Timeout: 600000
Check Trust Level: false
Show Pwd Expired UI: false
Remote: false
Default: false
Executable: Automatically-generated Bearer Token Method(id={$auto}-token-method)
Executable: (Auto) IDM Admin Role Mapping Method(id={$auto}-admin-role-mapping-method)
Executable: (Auto) OAuth2 Client Role Mapping Method(id={$auto}-oauth2-client-role-mapping-method)
Executable: (Auto) Access Review Bootstrap Admin Role Assignment Method(id={$auto}-iac-bootstrap-role-assignment-method)
Authentication Card: Automatically-generated Bearer Token Contract-$default-card$(id={$auto}-token-contract-$default-card$)
Class: AssertionAttributeMap
Id: saml2-attr-map
Name: SAML2 Attribute Map
Local to native mapping:
Local name: saml2-mapping-attr
Class: AssertionMapEntry
Native name: mail
Cachable: true
Private: false
Name format: urn:oasis:names:tc:SAML:2.0:attrname-format:basic
Source to Local Mapping:
Class: AssertionMapEntry
Native name: mail
Cachable: true
Private: false
Name format: urn:oasis:names:tc:SAML:2.0:attrname-format:basic
Local Name: saml2-mapping-attr
Class: AuthenticationManager
Type Key: MobileTwoFactorContract
Class: AuthenticationType
Type: MobileTwoFactorContract
Type Key: MobileTest
Class: AuthenticationType
Type: MobileTest
Type Key: X509
Class: AuthenticationType
Type: X509
Type Key: Kerberos
Class: AuthenticationType
Type: Kerberos
Type Key: Basic
Class: AuthenticationType
Type: Basic
Type Key: Provisioning
Class: AuthenticationType
Type: Provisioning
Type Key: Token
Class: AuthenticationType
Type: Token
Type Key: SmartCard
Class: AuthenticationType
Type: SmartCard
Type Key: HOTP
Class: AuthenticationType
Type: HOTP
Type Key: Other
Class: AuthenticationType
Type: Other
Type Key: MobileOneFactorContract
Class: AuthenticationType
Type: MobileOneFactorContract
Type Key: Validation
Class: AuthenticationType
Type: Validation
Type Key: SPNEGO/Kerberos
Class: AuthenticationType
Type: SPNEGO/Kerberos
Type Key: OutOfBoundRedirection
Class: AuthenticationType
Type: OutOfBoundRedirection
Type Key: MobileTwoFactorUnregistered
Class: AuthenticationType
Type: MobileTwoFactorUnregistered
Type Key: ProtectedPassword
Class: AuthenticationType
Type: ProtectedPassword
Type Key: InternetProtocol
Class: AuthenticationType
Type: InternetProtocol
Type Key: RoleAssignment
Class: AuthenticationType
Type: RoleAssignment
Type Key: TOTP
Class: AuthenticationType
Type: TOTP
Type Key: Biometric
Class: AuthenticationType
Type: Biometric
Type Key: Password
Class: AuthenticationType
Type: Password
Contract Id: np-contract
Type Key: PreviousSession
Class: AuthenticationType
Type: PreviousSession
Type Key: MobileOneFactorUnregistered
Class: AuthenticationType
Type: MobileOneFactorUnregistered
Type Key: SmartCardPKI
Class: AuthenticationType
Type: SmartCardPKI
Type Key: ProtectedBasic
Class: AuthenticationType
Type: ProtectedBasic
Type Key: Mapping
Class: AuthenticationType
Type: Mapping
Default Contract Id: np-contract
IDP Select Contract Id: sysSelect
Intro Contract Id: sysIntro
No Default Contract Id: sysDefault
Class: AuthenticationContract
Id: np-contract
Name: User Name/Password Login
URI: idm:login:user:np
Trust Level: 0
Timeout: 0
Check Trust Level: false
Show Pwd Expired UI: true
Remote: false
Default: true
Executable: (Auto) Name/Password (Form) Method(id={$auto}-np-auth-method)
Executable: (Auto) SSPR Checks Method(id={$auto}-sspr-checks-method)
Executable: (Auto) IDM Admin Role Mapping Method(id={$auto}-admin-role-mapping-method)
Executable: (Auto) Access Review Bootstrap Admin Role Assignment Method(id={$auto}-iac-bootstrap-role-assignment-method)
Authentication Card: User Name/Password Login-$default-card$(id=np-contract-$default-card$)
Class: AuthenticationContract
Id: ro-np-contract
Name: OAuth2 Resource Owner Credentials Login
URI: idm:login:user:ro-np
Trust Level: 0
Timeout: 0
Check Trust Level: false
Show Pwd Expired UI: false
Remote: false
Default: false
Executable: (Auto) Name/Password Background Method(id={$auto}-np-bg-auth-method)
Executable: (Auto) IDM Admin Role Mapping Method(id={$auto}-admin-role-mapping-method)
Executable: (Auto) Access Review Bootstrap Admin Role Assignment Method(id={$auto}-iac-bootstrap-role-assignment-method)
Authentication Card: OAuth2 Resource Owner Credentials Login-$default-card$(id=ro-np-contract-$default-card$)
Class: AuthenticationContract
Id: {$auto}-token-contract
Name: Automatically-generated Bearer Token Contract
URI: urn:uiid:b1f60b0f-fef1-4072-9b97-a4ca6440d835
Trust Level: 0
Timeout: 600000
Check Trust Level: false
Show Pwd Expired UI: false
Remote: false
Default: false
Executable: Automatically-generated Bearer Token Method(id={$auto}-token-method)
Executable: (Auto) IDM Admin Role Mapping Method(id={$auto}-admin-role-mapping-method)
Executable: (Auto) OAuth2 Client Role Mapping Method(id={$auto}-oauth2-client-role-mapping-method)
Executable: (Auto) Access Review Bootstrap Admin Role Assignment Method(id={$auto}-iac-bootstrap-role-assignment-method)
Authentication Card: Automatically-generated Bearer Token Contract-$default-card$(id={$auto}-token-contract-$default-card$)
Card Key: ro-np-contract-$default-card$
Class: LocalAuthenticationCard
<AuthCard>:
Id: ro-np-contract-$default-card$
DisplayName: OAuth2 Resource Owner Credentials Login-$default-card$
Show: false
Authentication Required: true
<Reference>:
Reference identifier: {$default-card-image-set}
Type: ImageSet
Contract Id: ro-np-contract
Card Key: np-contract-$default-card$
Class: LocalAuthenticationCard
<AuthCard>:
Id: np-contract-$default-card$
DisplayName: User Name/Password Login-$default-card$
Show: false
Authentication Required: true
<Reference>:
Reference identifier: {$default-card-image-set}
Type: ImageSet
Contract Id: np-contract
Card Key: {$auto}-token-contract-$default-card$
Class: LocalAuthenticationCard
<AuthCard>:
Id: {$auto}-token-contract-$default-card$
DisplayName: Automatically-generated Bearer Token Contract-$default-card$
Show: false
Authentication Required: true
<Reference>:
Reference identifier: {$default-card-image-set}
Type: ImageSet
Contract Id: {$auto}-token-contract
Class: ListenerManager
Listener Count: 0
Class: PolicyPluginManager
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.NIDPAuthenticationService.handleStart() [436] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.535+0100
Log Data: Initializing from XML: AuthenticationService, startup: true
Preamble: [OSP]
Priority Level: INFO
Java: internal.osp.framework.OSPTenant.startTenant() [612] thread=localhost-startStop-1
Time: 2019-01-31T16:31:48.541+0100
Log Data: Tenant For IDM and IG started.
Preamble: [Tenant]
Priority Level: FINER
Java: internal.atlaslite.jcce.net.TlsProbe.probe() [531] thread=osp-common-thread-1
Time: 2019-01-31T16:31:48.541+0100
Elapsed time: 42.891 milliseconds
Log Data: Probe TLS: 192.168.0.158:8443
Protocol: SSLv3
Handshake unsuccessful: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
Protocol: TLSv1
Handshake unsuccessful: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
Protocol: TLSv1.1
Handshake unsuccessful: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
Protocol: TLSv1.2
Handshake unsuccessful: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
Preamble: [OSP]
Priority Level: FINER
Java: internal.osp.common.logging.HttpRequestLogger.log() [340] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:02.866+0100
Log Data: HttpServletRequest (Number 1)
Method: GET
Request URL: /osp/a/idm/auth/oauth2/grant
Query String: ?response_type=token&redirect_uri=https%3A//idgov.domain.com%3A8443/oauth.html&client_id=iac&state=gromitstate0.11439243921740716
Scheme: https
Context Path: /osp
Servlet Path: /a
Path Info: /idm/auth/oauth2/grant
Server Name: idmapps.domain.com
Server Port: 8443
Locale: en_GB
Host IP Address: 192.168.0.158
Remote Client IP Address: 10.192.67.58
Headers
accept=text/html, application/xhtml+xml, image/jxr, */*
referer=https://idgov.domain.com:8443/
accept-language=en-GB,en;q=0.7,nb;q=0.3
user-agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding=gzip, deflate, br
host=idmapps.domain.com:8443
connection=Keep-Alive
Session
Id: A3600F7BECF67813E5C350EB2243A994
Last Accessed Time: 2019-01-31T16:33:02.863+0100 (1548948782863)
Parameters
response_type
redirect_uri
client_id
state
Attributes
org.apache.tomcat.util.net.secure_protocol_version
javax.servlet.request.key_size
javax.servlet.request.ssl_session_mgr
javax.servlet.request.cipher_suite
javax.servlet.request.ssl_session_id
OSPRequestContext
Preamble: [OSP]
Priority Level: FINEST
Java: internal.osp.framework.servlet.OSPServlet.process() [198] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:02.867+0100
Log Data:
Class: OSPRequestContext
HttpServletResponse exists.
Http request type: GET
Request number: 1
Tenant: For IDM and IG
Service: For IDM and IG(id=auth)
Path element count: 2
Element: oauth2
Element: grant
Override locale: en_GB
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.servlets.handler.AuthenticationServiceRequestHandler.resolveHandler() [192] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:02.880+0100
Log Data: IDP oauth2 handler to process request received for grant
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.oauth2.handler.Grant.getCommand() [201] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:02.882+0100
Elapsed time: 170.733 microseconds
Log Data: Parse OAuth 2.0 response_type or grant_type:
response_type: token
Maps to: Implicit Grant profile
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.session.NIDPSession.<init>() [308] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:02.909+0100
Log Data: Created new Session: id: 88ce91f44ed84c4bb008c868246c3fce-9ff6fbf2b2feeaebf7-CX, Type: PERSISTENT
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.cluster.ClusterCookieContext.resolveSession() [147] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:02.887+0100
Elapsed time: 23.380 milliseconds
Log Data: Session was created for this user request because no cookie accompanied the request: 88ce91f44ed84c4bb008c868246c3fce-9ff6fbf2b2feeaebf7
Session cached:
Class: NIDPSession
Identifier: 88ce91f44ed84c4bb008c868246c3fce-9ff6fbf2b2feeaebf7-CX
Sub-identifier: 0
Private identifier: -_Yr0c5vOeve!=5IjVBLozN4V
Type: PERSISTANT
Create time: 2019-01-31T16:33:02.900+0100 (1548948782900), elapsed: 0.010s (10)
Authenticated time: 1970-01-01T00:59:59.999+0100 (-1), elapsed: 17927d 15h 33m 2.911s (1548948782911)
Last used time: 2019-01-31T16:33:02.900+0100 (1548948782900), elapsed: 0.010s (10)
Main JSP: main
Set activity: true
Storage cache: <none>
Logout flag: 0
Show logout: false
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.session.NIDPSession.checkAuthenticated() [2576] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:02.913+0100
Elapsed time: 814.676 microseconds
Log Data: Session authenticated?
Identifier: 88ce91f44ed84c4bb008c868246c3fce-9ff6fbf2b2feeaebf7
Zero consumed authentications.
Authenticated: false
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.session.NIDPSession.getSessionData() [776] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:02.916+0100
Elapsed time: 4.231 milliseconds
Log Data: Get session data based on request:
Creating new session data; id: 1
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.oauth2.handler.InterRequestPackage.forward() [368] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:02.934+0100
Elapsed time: 3.433 milliseconds
Log Data: Assigned package id: 1548948782936--387714392
Setting cookie:
Name: x-oidp-oauth2-1548948782936--387714392
Value: cnQ9ZEc5clpXNH4tIy1pPVlqbGhNRGd3TUdJNE4yUXlZekprTWpSaE1tWX4tIy1yPWFIUjBjSE02THk5c1lXSXRaMjkyWlhKdVlXNWpaUzVpWVdWeWRXMHVhMjl0YlhWdVpTNXViem80TkRRekwyOWhkWFJvTG1oMGJXd34tIy1oPVpEaGtiSGh3WjJSeFQzRlZlVlF6U3pWNVJXeHRNVEppTkRrM01VbHNiVzF6VFZwTGRHOWlNbnByVFQwfi0jLXQ9WjNKdmJXbDBjM1JoZEdVd0xqRXhORE01TWpRek9USXhOelF3TnpFMg~~
Encrypted bytes: 320
Base64-encoded characters: 428
Domain: idmapps.domain.com
Path: /
Maximum age (seconds): unlimited
Secure: true
HttpOnly: true
Preamble: [OIDP]
Priority Level: INFO
Java: internal.osp.oidp.service.profile.LoginProfile.login() [237] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:02.949+0100
Log Data: Processing login request with TARGET: https://idmapps.domain.com:8443/osp/a/idm/auth/oauth2/implicitcontinue?privateId=b9a0800b87d2c2d24a2f&client_id=iac&irdpkg=1548948782936--387714392, Saved TARGET: https://idmapps.domain.com:8443/osp/a/idm/auth/oauth2/implicitcontinue?privateId=b9a0800b87d2c2d24a2f&client_id=iac&irdpkg=1548948782936--387714392, Force: false.
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.profile.authentication.MethodProfile.setExecutables() [268] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:02.955+0100
Log Data: Number of contract executables set to run: 4
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.profile.authentication.MethodProfile.setExecutables() [273] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:02.956+0100
Log Data: Introductions are set to execute.
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.profile.LoginProfile.getContractToExecute() [494] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:02.950+0100
Elapsed time: 6.708 milliseconds
Log Data: Get contract to execute:
Existing contract execution profile: false
Get authentication contract by card identifier:
Card identifier: none
Contract: none found
Get default contract:
Select IDP contract when no configuration-specified default: true
Default contract group: none
Default contract: User Name/Password Login(id=np-contract)
No specified contract. Default: User Name/Password Login(id=np-contract)
New contract execution profile created:
Contract: User Name/Password Login(id=np-contract)
Card identifier: np-contract-$default-card$
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.session.NIDPSession.setMessage() [1033] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:02.957+0100
Log Data: Setting session message to null
Preamble: [OIDP]
Priority Level: INFO
Java: internal.osp.oidp.service.profile.authentication.ContractExecutionProfile.exec() [488] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:02.957+0100
Log Data: Executing contract User Name/Password Login.
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.profile.authentication.MethodProfile.authenticateMethod() [708] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:02.969+0100
Log Data: Contract executable executing: Introductions
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.profile.authentication.MethodProfile.authenticateMethod() [867] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:02.970+0100
Elapsed time: 620.883 microseconds
Log Data: Contract executable completed:
Method: Introductions
Class: internal.osp.oidp.service.protocol.authentication.classes.IntroductionClass
Status: NotAuthenticated
Move to next executable: false
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.profile.authentication.MethodProfile.getNextExecutable() [662] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:02.971+0100
Elapsed time: 124.573 microseconds
Log Data: Get next contract executable:
Executables count: 4
Counter: 0
Executable: (Auto) Name/Password (Form) Method(id={$auto}-np-auth-method)
Type: user-authenticate
Session authenticated: false
Valid on session: false
Method selected for execution.
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.profile.authentication.MethodProfile.authenticateMethod() [708] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:02.989+0100
Log Data: Contract executable executing: (Auto) Name/Password (Form) Method
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.profile.authentication.MethodProfile.authenticateMethod() [867] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:03.345+0100
Elapsed time: 33.933 microseconds
Log Data: Contract executable completed:
Method: (Auto) Name/Password (Form) Method
Class: internal.osp.oidp.service.authentication.classes.system.PasswordClass
Status: ShowPage
Required additional interaction: true
Move to next executable: false
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.profile.authentication.ContractExecutionProfile.exec() [497] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:03.346+0100
Log Data: Executing methods returned status: SHOW_PAGE
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.profile.authentication.ContractExecutionProfile.exec() [552] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:03.354+0100
Log Data: UIResponder set to JSP response.
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.profile.LoginProfile.executeContract() [774] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:03.355+0100
Elapsed time: 24.521 microseconds
Log Data: Contract execution profile "execute" returned status: HandledRequest
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.servlets.handler.AuthenticationServiceRequestHandler.commit() [562] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:03.356+0100
Elapsed time: 5.879 milliseconds
Log Data: Persisting session: 88ce91f44ed84c4bb008c868246c3fce-9ff6fbf2b2feeaebf7-CX
Session to cookie: true
Preamble: [OSP]
Priority Level: FINEST
Java: internal.osp.framework.UIResponder$PageResponse.setSpecificResponse() [2211] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:03.363+0100
Log Data: Forwarding:
Class: PageToShow
Page: /idm/jsp/login.jsp
Attribute count: 13
FailedLoginAttempts=0
FilterAuthenticationClass.dup-res-data=dWNTn8Gf4P9vkx5CoeRkacs6b3Yvcvi54eN9/tt0RrfAlUcZ7fphb9I8OPAP4qOtAoKpDyENwPmh6XcnHAhyKQ6SaO4RCcWRXaEJR6r2qGyX94E4RXPwAZMQ6aCRal3j
FilterAuthenticationClass.dup-res-state=PRIMARY
MaximumPasswordLength=512
MaximumUserNameLength=512
cexid=np-auth
oidp.allow-show-hide=UNDEFINED
oidp.show-hide-initial-state=UNDEFINED
oidp.use-continue-button=true
originalRequestUrl=https://idmapps.domain.com:8443/osp/a/idm/auth/oauth2/grant?response_type=token&redirect_uri=https://idgov.domain.com:8443/oauth.html&client_id=iac&state=gromitstate0.11439243921740716
pdlinks=[Class: DisplayLink
URL: https://idmapps.domain.com:8443/sspr/public?forwardURL=https%3A//idmapps.domain.com%3A8443/osp/a/idm/auth/oauth2/grant?response_type%3Dtoken%26redirect_uri%3Dhttps%3A//idgov.domain.com%3A8443/oauth.html%26client_id%3Diac%26state%3Dgromitstate0.11439243921740716&logoutURL=https%3A//idmapps.domain.com%3A8443/osp/a/idm/auth/oauth2/grant?response_type%3Dtoken%26redirect_uri%3Dhttps%3A//idgov.domain.com%3A8443/oauth.html%26client_id%3Diac%26state%3Dgromitstate0.11439243921740716
Target: _self
Text resource identifier: OIDPENDUSER.50077
Title resource identifier: OIDPENDUSER.50078
]
url=https://idmapps.domain.com:8443/osp/a/idm/auth/app/login?acAuthCardId=np-contract-%24default-card%24&sid=1
urlprops={}
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.ui.UIHandler.getUIIcons() [639] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:03.487+0100
Elapsed time: 2.168 milliseconds
Log Data: Get UI icons:
Authorization policy: false
Preamble: [OSP]
Priority Level: FINEST
Java: internal.osp.framework.UIResponder$Response.setResponse() [1418] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:03.493+0100
Log Data: Response: PAGE
Class: PageToShow
Page: /idm/jsp/login.jsp
Attribute count: 13
FailedLoginAttempts=0
FilterAuthenticationClass.dup-res-data=dWNTn8Gf4P9vkx5CoeRkacs6b3Yvcvi54eN9/tt0RrfAlUcZ7fphb9I8OPAP4qOtAoKpDyENwPmh6XcnHAhyKQ6SaO4RCcWRXaEJR6r2qGyX94E4RXPwAZMQ6aCRal3j
FilterAuthenticationClass.dup-res-state=PRIMARY
MaximumPasswordLength=512
MaximumUserNameLength=512
cexid=np-auth
oidp.allow-show-hide=UNDEFINED
oidp.show-hide-initial-state=UNDEFINED
oidp.use-continue-button=true
originalRequestUrl=https://idmapps.domain.com:8443/osp/a/idm/auth/oauth2/grant?response_type=token&redirect_uri=https://idgov.domain.com:8443/oauth.html&client_id=iac&state=gromitstate0.11439243921740716
pdlinks=[Class: DisplayLink
URL: https://idmapps.domain.com:8443/sspr/public?forwardURL=https%3A//idmapps.domain.com%3A8443/osp/a/idm/auth/oauth2/grant?response_type%3Dtoken%26redirect_uri%3Dhttps%3A//idgov.domain.com%3A8443/oauth.html%26client_id%3Diac%26state%3Dgromitstate0.11439243921740716&logoutURL=https%3A//idmapps.domain.com%3A8443/osp/a/idm/auth/oauth2/grant?response_type%3Dtoken%26redirect_uri%3Dhttps%3A//idgov.domain.com%3A8443/oauth.html%26client_id%3Diac%26state%3Dgromitstate0.11439243921740716
Target: _self
Text resource identifier: OIDPENDUSER.50077
Title resource identifier: OIDPENDUSER.50078
]
url=https://idmapps.domain.com:8443/osp/a/idm/auth/app/login?acAuthCardId=np-contract-%24default-card%24&sid=1
urlprops={}
Preamble: [OSP]
Priority Level: FINER
Java: internal.osp.common.logging.HttpResponseLogger.log() [138] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:03.497+0100
Log Data: HttpServletResponse (Number 1)
Duration (seconds): 0.647
Content type: text/html;charset=UTF-8
Character encoding: UTF-8
Locale: en
Buffer size: 8192
Preamble: [OSP]
Priority Level: FINER
Java: internal.osp.common.logging.HttpRequestLogger.log() [340] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:10.082+0100
Log Data: HttpServletRequest (Number 2)
Method: POST
Request URL: /osp/a/idm/auth/app/login
Query String: ?acAuthCardId=np-contract-%24default-card%24&sid=1
Scheme: https
Context Path: /osp
Servlet Path: /a
Path Info: /idm/auth/app/login
Server Name: idmapps.domain.com
Server Port: 8443
Content Length: 312
Content Type: application/x-www-form-urlencoded
Locale: en_GB
Host IP Address: 192.168.0.158
Remote Client IP Address: 10.192.67.58
Cookies
(1 of 3): JSESSIONID=A3600F7BECF67813E5C350EB2243A994
(2 of 3): x-oidp-oauth2-1548948782936--387714392=uyViPPiy9C1Eos06FK95@Sq8TSkQw/9fcR4woWVpxnhoTDgvYWMsjJsCrDPELjrWJNGG3P80NNImqLjSUpZqlRoZVnsrvAyTaW/y2@AZx7fPoWcyRQWtyQOnHwMbnRku0scxn1yvN/IVLSjAecnQTawuI5BCH33EALSSf6dt48@N@tKh3iIGKRuwGqsj@Zr1ut5dXtvldbHhfRr3vpmfwZNJAyf1SCPCoCDGR2u/OODQPOq26ft7sXRhNXxW2r@QYgvSX1m1ceW/GW0EiydrjwtituAqF5yALH8MNDBIJSqejG8s9tXuXcORl/bsoEe5Cd1mFztYVWYLuFSeipt/5RuPahMc2VaEZ6HVpb0pFKoPuX1k0i2pPDKqwc73hxk7hZE6@kif0lOT6gsXdckSFKhMNkvFeE3g5js7fLd7a7Q~
(3 of 3): x-oidp-session59303d34382c2d310=200-JQEXE6HXS2ESJE+VABXD6Z75XXWNIHYV/1YT1CGK-6EBE8939-D1F!1!D21!120!127!1SI0GrurJSk8ltlp2pHpTUiHFtpVm039wVdhcB3/tl8~!SFt5By+9xTcgiZ3eBTbfIsxsbItbZMibDXr12yrqybzDKwcZ6nkXRH2cFeE7Am1DNpVn23DL8wajJ0iw+c1LZv4aLdJjow2Z3pgw4CFBDqS2Smx6rL4/ugwzGarigoWJKGW9edeSf4lH3Rs8o5u8y6awfTAuos1fmgNu532DoL8nE8zKDFt8Yu+FL42vBjkzMpmpbUsdSrUa72rJeKvViJh5jb5MGCxjyh7UtXQ0xJQSp4CrvJlLKEjIZxnRP3K78Kwiq4fzRPpVfQPRRgGBnZ0LECAFKRdalYivLGthPFCO9lSSGz1+GwJ7ILfqfRRNnyuk8BVDeeAXttphxThjxflw/TDtvlpt4ap7uHF9bXd4mMyjlgu4B9qCdFvARQH2TO3g2mjN39PL+GA2btEHhLXCrgAFspjJSeIOXzUxjsqYWWIZtzY2FjB3QJoWGxI+4QuMfcZQKcZX0wWPeiNCifQVQsYyrnlPkl0XaJM5CF/+tSwfRxftmtcrQvZlYslQRtVv6ex9Fh2awNNypijiv3PHfqt94KB44qjSoIQ6piOsc8fIa21YKK6xs70ZOP1CH2bWAMJSsXWe/k+fwAM44qbo8Iu+5qRiiaiQMQ38Rds~
Headers
accept=text/html, application/xhtml+xml, image/jxr, */*
referer=https://idmapps.domain.com:8443/osp/a/idm/auth/oauth2/grant?response_type=token&redirect_uri=https://idgov.domain.com:8443/oauth.html&client_id=iac&state=gromitstate0.11439243921740716
accept-language=en-GB,en;q=0.7,nb;q=0.3
user-agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
content-type=application/x-www-form-urlencoded
accept-encoding=gzip, deflate, br
host=idmapps.domain.com:8443
content-length=312
connection=Keep-Alive
cache-control=no-cache
cookie=(see above)
Session
Id: A3600F7BECF67813E5C350EB2243A994
Last Accessed Time: 2019-01-31T16:33:03.583+0100 (1548948783583)
Parameters
acAuthCardId
sid
cexid
ccancelid
option
excludeParameterNames
FilterAuthenticationClass.dup-res-state
Ecom_User_ID
Ecom_Password
Attributes
org.apache.tomcat.util.net.secure_protocol_version
javax.servlet.request.key_size
javax.servlet.request.ssl_session_mgr
javax.servlet.request.cipher_suite
javax.servlet.request.ssl_session_id
OSPRequestContext
Preamble: [OSP]
Priority Level: FINEST
Java: internal.osp.framework.servlet.OSPServlet.process() [198] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:10.083+0100
Log Data:
Class: OSPRequestContext
HttpServletResponse exists.
Http request type: POST
Request number: 2
Tenant: For IDM and IG
Service: For IDM and IG(id=auth)
Path element count: 2
Element: app
Element: login
Override locale: en_GB
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.servlets.handler.AuthenticationServiceRequestHandler.handleRequest() [388] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:10.085+0100
Log Data: Loaded handler to fulfill request: CommonHandler
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.profile.authentication.MethodProfile.setExecutables() [268] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:10.115+0100
Log Data: Number of contract executables set to run: 4
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.session.NIDPSession.<init>() [451] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:10.117+0100
Log Data: Built Session from XML: id: 88ce91f44ed84c4bb008c868246c3fce-9ff6fbf2b2feeaebf7-CX, Type: PERSISTENT
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.session.NIDPSession.reapSessionData() [837] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:10.119+0100
Elapsed time: 56.890 microseconds
Log Data: Clean up expired session data instances:
No expired instances found.
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.session.NIDPSession.isAuthenticated() [2607] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:10.120+0100
Elapsed time: 56.748 microseconds
Log Data: Session authenticated?
Identifier: 88ce91f44ed84c4bb008c868246c3fce-9ff6fbf2b2feeaebf7
Zero consumed authentications.
Authenticated: false
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.cluster.ClusterCookieContext.resolveSession() [147] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:10.120+0100
Elapsed time: 975.465 microseconds
Log Data:
Session cached:
Class: NIDPSession
Identifier: 88ce91f44ed84c4bb008c868246c3fce-9ff6fbf2b2feeaebf7-CX
Sub-identifier: 0
Private identifier: -_Yr0c5vOeve!=5IjVBLozN4V
Type: PERSISTANT
Create time: 2019-01-31T16:33:02.900+0100 (1548948782900), elapsed: 7.220s (7220)
Authenticated time: 1970-01-01T00:59:59.999+0100 (-1), elapsed: 17927d 15h 33m 10.121s (1548948790121)
Last used time: 2019-01-31T16:33:03.356+0100 (1548948783356), elapsed: 6.764s (6764)
Main JSP: main
Set activity: true
Storage cache: <none>
Session data key: 1
Class: NIDPSessionData
Id: 1
Create time: 2019-01-31T16:33:02.920+0100 (1548948782920), elapsed: 7.201s (7201)
Target stack:
0: https://idmapps.domain.com:8443/osp/a/idm/auth/oauth2/implicitcontinue?privateId=b9a0800b87d2c2d24a2f&client_id=iac&irdpkg=1548948782936--387714392
Class: ContractExecutionProfile
Service: For IDM and IG(id=auth)
Request: /osp/a/idm/auth/app/login
Reset: false
First Time: true
Passive: false
Force: false
Counter: 0
Return URL: https://idmapps.domain.com:8443/osp/a/idm/auth/app/login?acAuthCardId=np-contract-%24default-card%24&sid=1
Top: false
Authenticated: false
Credential Update: false
Class: AuthenticationContract
Id: np-contract
Name: User Name/Password Login
URI: idm:login:user:np
Trust Level: 0
Timeout: 0
Check Trust Level: false
Show Pwd Expired UI: true
Remote: false
Default: true
Executable: (Auto) Name/Password (Form) Method(id={$auto}-np-auth-method)
Executable: (Auto) SSPR Checks Method(id={$auto}-sspr-checks-method)
Executable: (Auto) IDM Admin Role Mapping Method(id={$auto}-admin-role-mapping-method)
Executable: (Auto) Access Review Bootstrap Admin Role Assignment Method(id={$auto}-iac-bootstrap-role-assignment-method)
Authentication Card: User Name/Password Login-$default-card$(id=np-contract-$default-card$)
Logout flag: 0
Show logout: false
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.servlets.handler.CommonHandler.processRequest() [458] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:10.124+0100
Log Data: Handling request command: Login
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.session.NIDPSession.getSessionData() [776] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:10.124+0100
Elapsed time: 40.44 microseconds
Log Data: Get session data based on request:
Session data identifier source: request parameter
Found existing session data; id: 1
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.profile.LoginProfile.isForceAuth() [135] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:10.126+0100
Elapsed time: 74.673 microseconds
Log Data: Examining force authentication state:
forceAuth parameter: not present
Persisted AuthnRequest: not present
Force authentication: false
Preamble: [OIDP]
Priority Level: INFO
Java: internal.osp.oidp.service.profile.LoginProfile.login() [237] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:10.126+0100
Log Data: Processing login request with TARGET: , Saved TARGET: https://idmapps.domain.com:8443/osp/a/idm/auth/oauth2/implicitcontinue?privateId=b9a0800b87d2c2d24a2f&client_id=iac&irdpkg=1548948782936--387714392, Force: false.
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.profile.LoginProfile.getContractToExecute() [494] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:10.127+0100
Elapsed time: 1.530 milliseconds
Log Data: Get contract to execute:
Existing contract execution profile: true
Get authentication contract by card identifier:
Card identifier: np-contract-$default-card$
Local card: true
Contract: np-contract
Found specified contract: User Name/Password Login(id=np-contract)
Timeout: 0
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.session.NIDPSession.setMessage() [1033] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:10.129+0100
Log Data: Setting session message to null
Preamble: [OIDP]
Priority Level: INFO
Java: internal.osp.oidp.service.profile.authentication.ContractExecutionProfile.exec() [488] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:10.129+0100
Log Data: Executing contract User Name/Password Login.
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.profile.authentication.MethodProfile.getNextExecutable() [662] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:10.129+0100
Elapsed time: 49.141 microseconds
Log Data: Get next contract executable:
Executables count: 4
Counter: 0
Executable: (Auto) Name/Password (Form) Method(id={$auto}-np-auth-method)
Type: user-authenticate
Session authenticated: false
Valid on session: false
Method selected for execution.
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.profile.authentication.MethodProfile.authenticateMethod() [708] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:10.130+0100
Log Data: Contract executable executing: (Auto) Name/Password (Form) Method
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.authentication.classes.PrincipalSelectionAuthClass.handlePostedData() [618] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:10.132+0100
Elapsed time: 46.720 microseconds
Log Data: Searching for principal:
Identifier: mytestuser
Auth source: all configured
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.source.ldap.LDAPSource.getNativeIdentitySchema() [957] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:10.240+0100
Elapsed time: 190.755 milliseconds
Log Data: Read directory schema:
Get next available admin connection:
Get admin connection from pool:
Pool: PL9f9a218d-5c53-4ebe-af4d-f973fcbdfc4c:807b0936-10ed-42bd-aeb8-e1be3e7a038c
Reserve connection:
Type: ADMIN_CONNECTION
Wait filled from existing admin connection: 1
Obtained existing connection: 1
Put connection:
Connection: 1
No pending reservation, check in connection: 1
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.source.ldap.LDAPSource.search() [706] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:10.138+0100
Elapsed time: 296.597 milliseconds
Log Data: Search for LDAP principal:
Store: LDAP Directory Data Source(id=idm_idv)
Admin search:
Context: ou=Users,o=data
Scope: subtree
Filter: (&(objectClass=User)(|(cn=mytestuser)(mail=mytestuser)))
Attributes: cn, fullName, givenName, GUID, initials, loginIntruderAttempts, mail, mobile, nrfMemberOf, objectClass, sn, srvprvPreferredLocale
Get next available admin connection:
Get admin connection from pool:
Pool: PL9f9a218d-5c53-4ebe-af4d-f973fcbdfc4c:807b0936-10ed-42bd-aeb8-e1be3e7a038c
Reserve connection:
Type: ADMIN_CONNECTION
New reservation (non-existing): 1
New LDAP connection:
Connection: 1
User store: LDAP Directory Data Source(id=idm_idv)
Replica: LDAP Directory Data Source/idmapps1.server.domain.com:636(id=807b0936-10ed-42bd-aeb8-e1be3e7a038c)
Username: cn=admin,ou=sa,o=system
Type: ADMIN_CONNECTION
Parameters:
java.naming.factory.initial: com.sun.jndi.ldap.LdapCtxFactory
java.naming.provider.url: ldaps://idmapps1.server.domain.com
com.sun.jndi.ldap.connect.timeout: 15000
java.naming.security.principal: cn=admin,ou=sa,o=system
java.naming.security.authentication: simple
java.naming.security.credentials: ********
java.naming.security.protocol: ssl
java.naming.ldap.factory.socket: internal.osp.framework.util.net.client.OSP_SSLSocketFactory
Added property to LDAP connection environment:
java.naming.ldap.attributes.binary: GUID nDSPKITrustedRootCertificate
Created new connection: 1
Try connection: idmapps1.server.domain.com
Result count: 1
Put connection:
Connection: 1
No pending reservation, check in connection: 1
Admin search:
Context: ou=sa,o=system
Scope: subtree
Filter: (&(objectClass=User)(|(cn=mytestuser)(mail=mytestuser)))
Attributes: cn, fullName, givenName, GUID, initials, loginIntruderAttempts, mail, mobile, nrfMemberOf, objectClass, sn, srvprvPreferredLocale
Get next available admin connection:
Get admin connection from pool:
Pool: PL9f9a218d-5c53-4ebe-af4d-f973fcbdfc4c:807b0936-10ed-42bd-aeb8-e1be3e7a038c
Reserve connection:
Type: ADMIN_CONNECTION
Wait filled from existing admin connection: 1
Obtained existing connection: 1
Try connection: idmapps1.server.domain.com
Result count: 0
Put connection:
Connection: 1
No pending reservation, check in connection: 1
Found objects:
cn=mytestuser,ou=Ekstern
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.attributes.cache.CacheAttributeSource.addAttributes() [146] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:10.447+0100
Elapsed time: 69.331 microseconds
Log Data: Adding cached attributes:
userCN
fullName
first_name
roles
{$authsource.ObjectNameAttr}
last_name
dn
userDN
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.authentication.classes.AuthenticationClass.findPrincipals() [615] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:10.133+0100
Elapsed time: 315.132 milliseconds
Log Data: Find principals:
Authentication source count: 2
LDAP Directory User Authentication(id=bisadus)
CSV File User Authentication(id=asf1)
Find all principals: true
LDAP Directory User Authentication(id=bisadus):
Principals found: 1
Total principals found: 1
Preamble: [OIDP]
Priority Level: INFO
Java: internal.osp.oidp.service.authentication.classes.PasswordAuthenticationClass.authenticatePrincipal() [180] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:10.449+0100
Log Data: Attempting to authenticate user cn=mytestuser,ou=Ekstern,ou=Users,o=data with provided credentials.
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.source.ldap.LDAPAuthenticationSource.authenticate() [649] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:10.450+0100
Elapsed time: 65.804 milliseconds
Log Data: Authenticate user:
DN: cn=mytestuser,ou=Ekstern,ou=Users,o=data
Get user connection from pool:
Pool: PL9f9a218d-5c53-4ebe-af4d-f973fcbdfc4c:807b0936-10ed-42bd-aeb8-e1be3e7a038c
Reserve connection:
Type: USER_CONNECTION
New reservation (non-existing): 4
New LDAP connection:
Connection: 2
User store: LDAP Directory Data Source(id=idm_idv)
Replica: LDAP Directory Data Source/idmapps1.server.domain.com:636(id=807b0936-10ed-42bd-aeb8-e1be3e7a038c)
Username: cn=mytestuser,ou=Ekstern,ou=Users,o=data
Type: USER_CONNECTION
Parameters:
java.naming.factory.initial: com.sun.jndi.ldap.LdapCtxFactory
java.naming.provider.url: ldaps://idmapps1.server.domain.com
com.sun.jndi.ldap.connect.timeout: 15000
java.naming.security.principal: cn=mytestuser,ou=Ekstern,ou=Users,o=data
java.naming.security.authentication: simple
java.naming.security.credentials: ********
java.naming.security.protocol: ssl
java.naming.ldap.factory.socket: internal.osp.framework.util.net.client.OSP_SSLSocketFactory
Added property to LDAP connection environment:
java.naming.ldap.attributes.binary: GUID nDSPKITrustedRootCertificate
Created new connection.
Connection: 2
Elapsed time (milliseconds): 65
Put connection:
Connection: 2
No pending reservation, check in connection: 2
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.profile.authentication.MethodProfile.authenticateMethod() [867] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:10.517+0100
Elapsed time: 682.367 microseconds
Log Data: Contract executable completed:
Method: (Auto) Name/Password (Form) Method
Class: internal.osp.oidp.service.authentication.classes.system.PasswordClass
Status: Authenticated
Move to next executable: true
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.profile.authentication.MethodProfile.getNextExecutable() [662] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:10.518+0100
Elapsed time: 32.66 microseconds
Log Data: Get next contract executable:
Executables count: 4
Counter: 1
Executable: (Auto) SSPR Checks Method(id={$auto}-sspr-checks-method)
Type: non-user
Session authenticated: false
Valid on session: false
Method selected for execution.
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.profile.authentication.MethodProfile.authenticateMethod() [708] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:10.518+0100
Log Data: Contract executable executing: (Auto) SSPR Checks Method
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.profile.authentication.MethodProfile.authenticateMethod() [867] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:11.327+0100
Elapsed time: 40.711 microseconds
Log Data: Contract executable completed:
Method: (Auto) SSPR Checks Method
Class: internal.osp.oidp.service.authentication.classes.sspr.SSPRChecksClass
Status: Authenticated
Move to next executable: true
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.profile.authentication.MethodProfile.getNextExecutable() [662] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:11.327+0100
Elapsed time: 32.592 microseconds
Log Data: Get next contract executable:
Executables count: 4
Counter: 2
Executable: (Auto) IDM Admin Role Mapping Method(id={$auto}-admin-role-mapping-method)
Type: non-user
Session authenticated: false
Valid on session: false
Method selected for execution.
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.profile.authentication.MethodProfile.authenticateMethod() [708] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:11.328+0100
Log Data: Contract executable executing: (Auto) IDM Admin Role Mapping Method
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.authentication.classes.RoleMapping.doAuthenticate() [190] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:11.328+0100
Elapsed time: 19.408 milliseconds
Log Data: Assigning the following role(s) to selected principal 'cn=mytestuser,ou=Ekstern,ou=Users,o=data
Name: system::IDPAdministrator
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.profile.authentication.MethodProfile.authenticateMethod() [867] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:11.348+0100
Elapsed time: 16.863 microseconds
Log Data: Contract executable completed:
Method: (Auto) IDM Admin Role Mapping Method
Class: internal.osp.oidp.service.authentication.classes.RoleMapping
Status: Authenticated
Move to next executable: true
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.profile.authentication.MethodProfile.getNextExecutable() [662] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:11.348+0100
Elapsed time: 50.371 microseconds
Log Data: Get next contract executable:
Executables count: 4
Counter: 3
Executable: (Auto) Access Review Bootstrap Admin Role Assignment Method(id={$auto}-iac-bootstrap-role-assignment-method)
Type: non-user
Session authenticated: false
Valid on session: false
Method selected for execution.
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.profile.authentication.MethodProfile.authenticateMethod() [708] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:11.349+0100
Log Data: Contract executable executing: (Auto) Access Review Bootstrap Admin Role Assignment Method
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.authentication.classes.RoleAssignment.doAuthenticate() [183] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:11.349+0100
Elapsed time: 51.272 microseconds
Log Data: Principal 'cn=mytestuser,ou=Ekstern,ou=Users,o=data' is not explicitly named for role assignment.
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.profile.authentication.MethodProfile.authenticateMethod() [867] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:11.350+0100
Elapsed time: 11.737 microseconds
Log Data: Contract executable completed:
Method: (Auto) Access Review Bootstrap Admin Role Assignment Method
Class: internal.osp.oidp.service.authentication.classes.RoleAssignment
Status: Authenticated
Move to next executable: true
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.profile.authentication.MethodProfile.getNextExecutable() [662] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:11.350+0100
Elapsed time: 11.575 microseconds
Log Data: Get next contract executable:
Executables count: 4
Considered all contract executables and none need be executed.
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.profile.authentication.ContractExecutionProfile.exec() [497] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:11.350+0100
Log Data: Executing methods returned status: AUTHENTICATED
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.profile.authentication.ContractExecutionProfile.exec() [625] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:11.351+0100
Log Data: Authenticated Principal: mytestuser
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.profile.authentication.UserIDProfile.validateIdentifiedPrincipal() [136] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:11.351+0100
Log Data: Session not authenticated. Principal considered valid.
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.session.authentication.NIDPAuthentication.<init>() [78] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:11.352+0100
Log Data: Created new Local consumed authentication.
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.profile.authentication.ContractExecutionProfile.authenticateSessionByContract() [779] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:11.355+0100
Log Data: Created new authentication context:
Type: NIDPAuthnContext
Profile: ContractExecutionProfile
Authentication instant: 2019-01-31T16:33:11.354+0100 (1548948791354)
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.session.authentication.NIDPAuthentication.addAuthnContext() [365] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:11.355+0100
Log Data: Class: NIDPLocalAuthentication
Identity Id: e2ab0b4cdd081d4e8bb7e2ab0b4cdd08
Display Text: np-contract-$default-card$
Consumed: true
AuthnContext Objects:
Class: NIDPAuthnContext
Auth instant: 2019-01-31T16:33:11.354+0100 (1548948791354), elapsed: 0.001s (1)
Last used time: 2019-01-31T16:33:11.354+0100 (1548948791354), elapsed: 0.001s (1)
Authentication types: ProtectedPassword
Mag Context: false
Class: AuthenticationContract
Id: np-contract
Name: User Name/Password Login
URI: idm:login:user:np
Trust Level: 0
Timeout: 0
Check Trust Level: false
Show Pwd Expired UI: true
Remote: false
Default: true
Executable: (Auto) Name/Password (Form) Method(id={$auto}-np-auth-method)
Executable: (Auto) SSPR Checks Method(id={$auto}-sspr-checks-method)
Executable: (Auto) IDM Admin Role Mapping Method(id={$auto}-admin-role-mapping-method)
Executable: (Auto) Access Review Bootstrap Admin Role Assignment Method(id={$auto}-iac-bootstrap-role-assignment-method)
Authentication Card: User Name/Password Login-$default-card$(id=np-contract-$default-card$)
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.session.NIDPSession.setAuthPrincipal() [1477] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:11.356+0100
Elapsed time: 213.771 microseconds
Log Data: Setting the authenticated principal:
Candidate principal:
Type: LDAPPrincipal
GUID: e2ab0b4cdd081d4e8bb7e2ab0b4cdd08
User identifier: cn=mytestuser,ou=Ekstern,ou=Users,o=data
Authentication source: bisadus
Cached attribute count: 8
No existing principal found; Candidate principal set in session: 88ce91f44ed84c4bb008c868246c3fce-9ff6fbf2b2feeaebf7
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.session.NIDPSession.authenticate() [2945] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:11.356+0100
Elapsed time: 8.323 milliseconds
Log Data: Authenticating session:
Identifier: 88ce91f44ed84c4bb008c868246c3fce-9ff6fbf2b2feeaebf7-CX
Type: PERSISTANT
Add new local authentication: true
Preamble: [OIDP]
Priority Level: INFO
Java: internal.osp.framework.OSPTenantLogger.buildAuthenticationLog() [247] thread=localhost-startStop-1
Time: 2019-01-31T16:31:47.704+0100
Log Data: Authenticated user cn=mytestuser,ou=Ekstern,ou=Users,o=data in User Store LDAP Directory User Authentication with roles <Roles(null)>:
<RoleSet(null)>:
Role: IDPAdministrator
Name: system
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.profile.authentication.ContractExecutionProfile.returnFromAuthnRequest() [721] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:11.366+0100
Log Data: No pending request OR going to Password Expired Servlet. Status: AUTHENTICATED
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.profile.LoginProfile.executeContract() [774] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:11.366+0100
Elapsed time: 476.235 microseconds
Log Data: Contract execution profile "execute" returned status: Authenticated
Set authentication context:
Type: NIDPAuthnContext
Profile: ContractExecutionProfile
Authentication instant: 2019-01-31T16:33:11.354+0100 (1548948791354)
Preamble: [OIDP]
Priority Level: INFO
Java: internal.osp.oidp.service.profile.LoginProfile.successfulAuthentication() [174] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:11.367+0100
Log Data: nLogin succeeded, redirecting to https://idmapps.domain.com:8443/osp/a/idm/auth/oauth2/implicitcontinue?privateId=b9a0800b87d2c2d24a2f&client_id=iac&irdpkg=1548948782936--387714392.
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.servlets.handler.AuthenticationServiceRequestHandler.commit() [562] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:11.367+0100
Elapsed time: 3.179 milliseconds
Log Data: Persisting session: 88ce91f44ed84c4bb008c868246c3fce-9ff6fbf2b2feeaebf7-CX
Session to cookie: true
Preamble: [OSP]
Priority Level: FINEST
Java: internal.osp.framework.UIResponder$Response.setResponse() [1418] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:11.371+0100
Log Data: Response: TARGET
Target: https://idmapps.domain.com:8443/osp/a/idm/auth/oauth2/implicitcontinue?privateId=b9a0800b87d2c2d24a2f&client_id=iac&irdpkg=1548948782936--387714392
Preamble: [OSP]
Priority Level: FINER
Java: internal.osp.common.logging.HttpResponseLogger.log() [138] thread=https-jsse-nio-8443-exec-10
Time: 2019-01-31T16:33:11.372+0100
Log Data: HttpServletResponse (Number 2)
Duration (seconds): 1.292
Character encoding: ISO-8859-1
Locale: en
Buffer size: 8192
Preamble: [OSP]
Priority Level: FINER
Java: internal.osp.common.logging.HttpRequestLogger.log() [340] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:11.394+0100
Log Data: HttpServletRequest (Number 3)
Method: GET
Request URL: /osp/a/idm/auth/oauth2/implicitcontinue
Query String: ?privateId=b9a0800b87d2c2d24a2f&client_id=iac&irdpkg=1548948782936--387714392
Scheme: https
Context Path: /osp
Servlet Path: /a
Path Info: /idm/auth/oauth2/implicitcontinue
Server Name: idmapps.domain.com
Server Port: 8443
Locale: en_GB
Host IP Address: 192.168.0.158
Remote Client IP Address: 10.192.67.58
Cookies
(1 of 3): JSESSIONID=A3600F7BECF67813E5C350EB2243A994
(2 of 3): x-oidp-oauth2-1548948782936--387714392=uyViPPiy9C1Eos06FK95@Sq8TSkQw/9fcR4woWVpxnhoTDgvYWMsjJsCrDPELjrWJNGG3P80NNImqLjSUpZqlRoZVnsrvAyTaW/y2@AZx7fPoWcyRQWtyQOnHwMbnRku0scxn1yvN/IVLSjAecnQTawuI5BCH33EALSSf6dt48@N@tKh3iIGKRuwGqsj@Zr1ut5dXtvldbHhfRr3vpmfwZNJAyf1SCPCoCDGR2u/OODQPOq26ft7sXRhNXxW2r@QYgvSX1m1ceW/GW0EiydrjwtituAqF5yALH8MNDBIJSqejG8s9tXuXcORl/bsoEe5Cd1mFztYVWYLuFSeipt/5RuPahMc2VaEZ6HVpb0pFKoPuX1k0i2pPDKqwc73hxk7hZE6@kif0lOT6gsXdckSFKhMNkvFeE3g5js7fLd7a7Q~
(3 of 3): x-oidp-session59303d34382c2d310=200-BLGXJKKTP1LSBKL5DA5CFMURMWCTLEYCJTKC6X6B-6EBE8939-2C6A!1!2C6A!120!127!f0QnLSCS816HHSr+HZwZI+l4s3CFk+V7l8fO7mlK55M~!NuGus7lua+AYPzxHRL+aul60OQ7TGhCZ3DSDE1uBw5ib0aZ4rkMrau/rFLJ3qjNbXfhxZmF6B0jpiSyN5UY4nixx/oOwxnRIqxso/jlvxjWRGLunNJrBRr7F9L4W/USa70Uv4c+HWq9apOufJVFwWj10wN3qSGyFPxZ2V349OJiq9oDXYK20l5JTWs4wQ5mYg8m0XSnMGDcEBbu7keaRDcaAIzSi1aqEKo7+DO99IyQ6QWhS1MxLuE6ObVsNV8+/A5LIEKSdeuLptRodkG/iqVUOxYGEOZD+wYcC1a/AHIgZgElRotscBYo4quWBSwFqGnTvYjKCGNJ/u4kVdOHLIideJ1HjzLuq4b+XUleEl/IS41quHwMTHiqWJrOIoouPLy0WAgAAcUFB3AKcRnzVAZl2mCoBE0aRBGe3jWD5cBc9EFV8tJNLxhiBBdT0rXBXUWO9SI23G06QymYVc6bmkpOoNEGzQ5YioXUj2+v7j/FXfQ7HlLqfVVMWNku3mAOi8E4pDOFtDq0oZkIV6CfMcVZHq8bREZNrXWz5AFis6HUJtNDXWvKhXTflC10WRHpKDPyxCYbD+qJV2A+RKFaKGehDuVY5tj4ErBvJqYJVy5jmoH+BdGyUNkjMPh5S2ka6o0mFsKqlGJgvN6cswU57AiinwZSb2ALvq+W6ZTiWLFoPTxIutPt0jO2gYEj6WfiX2FXaGQ4lbqDLwFOkviqM1dYnprDcePpDuBEo8f78e7N4Gf9ypvd2fz48cJ1yIglJIi0/pjKwrrMh0OkkzTvYc0+IGPWqX++gs1EXqhQYjMhxq1928QQZhZmXcAIpHE8fy0gleDhhd7QcybKRBLWc+h5l579u4aC/AezgmYXMrYiWwra9zyfekeb5+IEcnSHVUBHJPQsyHwC+IfcZQAwEyrCfTytySjACO+rG/rUiyq4DN/oWkQOx/Azk68ZB68of5/ECl4Wx5UwpXzsr/BVRCWLGxnrMX2Etckpt125Iw6kfeM2Uz4pwxbnRD7fk/r3ZxL1b/iIJoPZThflyomY0L05eiqc5OJz7OBg/MPnJn9SZHyOwDur8LaZGMtyAQfk8F8WG9+VU3fNM+jkUVU/qVw~~
Headers
accept=text/html, application/xhtml+xml, image/jxr, */*
referer=https://idmapps.domain.com:8443/osp/a/idm/auth/oauth2/grant?response_type=token&redirect_uri=https://idgov.domain.com:8443/oauth.html&client_id=iac&state=gromitstate0.11439243921740716
accept-language=en-GB,en;q=0.7,nb;q=0.3
user-agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding=gzip, deflate, br
host=idmapps.domain.com:8443
connection=Keep-Alive
cookie=(see above)
Session
Id: A3600F7BECF67813E5C350EB2243A994
Last Accessed Time: 2019-01-31T16:33:11.374+0100 (1548948791374)
Parameters
privateId
client_id
irdpkg
Attributes
org.apache.tomcat.util.net.secure_protocol_version
javax.servlet.request.key_size
javax.servlet.request.ssl_session_mgr
javax.servlet.request.cipher_suite
javax.servlet.request.ssl_session_id
OSPRequestContext
Preamble: [OSP]
Priority Level: FINEST
Java: internal.osp.framework.servlet.OSPServlet.process() [198] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:11.394+0100
Log Data:
Class: OSPRequestContext
HttpServletResponse exists.
Http request type: GET
Request number: 3
Tenant: For IDM and IG
Service: For IDM and IG(id=auth)
Path element count: 2
Element: oauth2
Element: implicitcontinue
Override locale: en_GB
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.servlets.handler.AuthenticationServiceRequestHandler.resolveHandler() [192] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:11.394+0100
Log Data: IDP oauth2 handler to process request received for implicitcontinue
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.session.authentication.NIDPAuthentication.addAuthnContext() [365] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:11.398+0100
Log Data: Class: NIDPLocalAuthentication
Identity Id: e2ab0b4cdd081d4e8bb7e2ab0b4cdd08
Display Text: np-contract-$default-card$
Consumed: true
AuthnContext Objects:
Class: NIDPAuthnContext
Auth instant: 2019-01-31T16:33:11.354+0100 (1548948791354), elapsed: 0.044s (44)
Last used time: 2019-01-31T16:33:11.367+0100 (1548948791367), elapsed: 0.031s (31)
Authentication types: ProtectedPassword
Mag Context: false
Class: AuthenticationContract
Id: np-contract
Name: User Name/Password Login
URI: idm:login:user:np
Trust Level: 0
Timeout: 0
Check Trust Level: false
Show Pwd Expired UI: true
Remote: false
Default: true
Executable: (Auto) Name/Password (Form) Method(id={$auto}-np-auth-method)
Executable: (Auto) SSPR Checks Method(id={$auto}-sspr-checks-method)
Executable: (Auto) IDM Admin Role Mapping Method(id={$auto}-admin-role-mapping-method)
Executable: (Auto) Access Review Bootstrap Admin Role Assignment Method(id={$auto}-iac-bootstrap-role-assignment-method)
Authentication Card: User Name/Password Login-$default-card$(id=np-contract-$default-card$)
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.session.NIDPSession.setAuthPrincipal() [1477] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:11.399+0100
Elapsed time: 121.17 microseconds
Log Data: Setting the authenticated principal:
Candidate principal:
Type: LDAPPrincipal
GUID: e2ab0b4cdd081d4e8bb7e2ab0b4cdd08
User identifier: cn=mytestuser,ou=Ekstern,ou=Users,o=data
Authentication source: bisadus
Cached attribute count: 0
Existing principal found:
Type: LDAPPrincipal
GUID: e2ab0b4cdd081d4e8bb7e2ab0b4cdd08
User identifier: cn=mytestuser,ou=Ekstern,ou=Users,o=data
Authentication source: bisadus
Cached attribute count: 0
Candidate principal cached but not added to session: 88ce91f44ed84c4bb008c868246c3fce-9ff6fbf2b2feeaebf7
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.session.NIDPSession.<init>() [451] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:11.399+0100
Log Data: Built Session from XML: id: 88ce91f44ed84c4bb008c868246c3fce-9ff6fbf2b2feeaebf7-CX, Type: PERSISTENT
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.session.NIDPSession.reapSessionData() [837] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:11.399+0100
Elapsed time: 19.175 microseconds
Log Data: Clean up expired session data instances:
No expired instances found.
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.session.NIDPSession.isAuthenticated() [2607] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:11.399+0100
Elapsed time: 1.71 milliseconds
Log Data: Session authenticated?
Identifier: 88ce91f44ed84c4bb008c868246c3fce-9ff6fbf2b2feeaebf7
Initial consumed authentications count: 1
The local authentication has at least one existing AuthnContext
Local: true
Remote: false
Authenticated: true
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.cluster.ClusterCookieContext.resolveSession() [147] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:11.401+0100
Elapsed time: 571.982 microseconds
Log Data:
Session cached:
Class: NIDPSession
Identifier: 88ce91f44ed84c4bb008c868246c3fce-9ff6fbf2b2feeaebf7-CX
Sub-identifier: 0
Private identifier: -_Yr0c5vOeve!=5IjVBLozN4V
Type: PERSISTANT
Create time: 2019-01-31T16:33:02.900+0100 (1548948782900), elapsed: 8.501s (8501)
Authenticated time: 2019-01-31T16:33:11.357+0100 (1548948791357), elapsed: 0.044s (44)
Last used time: 2019-01-31T16:33:11.367+0100 (1548948791367), elapsed: 0.034s (34)
Main JSP: main
Set activity: true
Storage cache: idm_idv=807b0936-10ed-42bd-aeb8-e1be3e7a038c
Session data key: 1
Class: NIDPSessionData
Id: 1
Create time: 2019-01-31T16:33:02.920+0100 (1548948782920), elapsed: 8.481s (8481)
Target stack:
0: https://idmapps.domain.com:8443/osp/a/idm/auth/oauth2/implicitcontinue?privateId=b9a0800b87d2c2d24a2f&client_id=iac&irdpkg=1548948782936--387714392
<RoleSet(null)>:
Role: IDPAdministrator
Name: system
Logout flag: 0
Show logout: false
Class: LDAPPrincipal
GUID: e2ab0b4cdd081d4e8bb7e2ab0b4cdd08
Auth Source Id: bisadus
Result of getLogIdentifier(): cn=mytestuser,ou=Ekstern,ou=Users,o=data
Result of getUserIdentifier(): cn=mytestuser,ou=Ekstern,ou=Users,o=data
Provided Identities: 0
Consumed Identities: 1
Lookup Key: local
Persistent:
<NIDPIdentity(null)>:
Identifier: e2ab0b4cdd081d4e8bb7e2ab0b4cdd08
Format: federated
Name Qualifier: local
SP Name Qualifier: local
Provider: local
Cluster DN: bisadus
GUID: e2ab0b4cdd081d4e8bb7e2ab0b4cdd08
IsTemporary?: false
IsAffiliation: false
Provisioned: false
Cachable: true
Result of getIdentityID(): local
DN: cn=mytestuser,ou=Ekstern,ou=Users,o=data
Class: NIDPConsumedAuthentications
[Empty or Null List]
Refresh Index: -2
Last Refresh Time: 0
Class: NIDPLocalAuthentication
Identity Id: e2ab0b4cdd081d4e8bb7e2ab0b4cdd08
Display Text: np-contract-$default-card$
Consumed: true
AuthnContext Objects:
Class: NIDPAuthnContext
Auth instant: 2019-01-31T16:33:11.354+0100 (1548948791354), elapsed: 0.047s (47)
Last used time: 2019-01-31T16:33:11.367+0100 (1548948791367), elapsed: 0.034s (34)
Authentication types: ProtectedPassword
Mag Context: false
Class: AuthenticationContract
Id: np-contract
Name: User Name/Password Login
URI: idm:login:user:np
Trust Level: 0
Timeout: 0
Check Trust Level: false
Show Pwd Expired UI: true
Remote: false
Default: true
Executable: (Auto) Name/Password (Form) Method(id={$auto}-np-auth-method)
Executable: (Auto) SSPR Checks Method(id={$auto}-sspr-checks-method)
Executable: (Auto) IDM Admin Role Mapping Method(id={$auto}-admin-role-mapping-method)
Executable: (Auto) Access Review Bootstrap Admin Role Assignment Method(id={$auto}-iac-bootstrap-role-assignment-method)
Authentication Card: User Name/Password Login-$default-card$(id=np-contract-$default-card$)
Class: NIDPProvidedAuthentications
[Empty or Null List]
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.session.NIDPSession.getSessionData() [776] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:11.402+0100
Elapsed time: 29.263 microseconds
Log Data: Get session data based on request:
Creating new session data; id: 2
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.oauth2.handler.InterRequestPackage.<init>() [284] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:11.402+0100
Elapsed time: 638.75 microseconds
Log Data: Inter-request data:
Package Id: 1548948782936--387714392
Searching for cookie: x-oidp-oauth2-1548948782936--387714392
Total request cookies: 3
Found.
Length: 428
Base64-decoded byte count: 320
Decrypted cookie byte count: 316
Plaintext cookie length: 316
Preamble: [OIDP]
Priority Level: INFO
Java: internal.osp.framework.logging.OSPLoggingBase.buildAuditEvent() [129] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:11.417+0100
Log Data: IssueOAuthToken
Preamble: [OIDP]
Priority Level: FINEST
Java: internal.osp.oidp.service.oauth2.handler.InterRequestPackage.cleanup() [392] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:11.419+0100
Elapsed time: 124.345 microseconds
Log Data: Deleting OAuth2 Inter-request data package cookie: 1548948782936--387714392
Setting cookie:
Name: x-oidp-oauth2-1548948782936--387714392
Domain: idmapps.domain.com
Path: /
Maximum age (seconds): 0
Secure: true
HttpOnly: true
Preamble: [OIDP]
Priority Level: FINER
Java: internal.osp.oidp.service.servlets.handler.AuthenticationServiceRequestHandler.commit() [562] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:11.419+0100
Elapsed time: 2.106 milliseconds
Log Data: Persisting session: 88ce91f44ed84c4bb008c868246c3fce-9ff6fbf2b2feeaebf7-CX
Session to cookie: true
Preamble: [OSP]
Priority Level: FINEST
Java: internal.osp.framework.UIResponder$Response.setResponse() [1418] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:11.422+0100
Log Data: Response: TARGET
Target: https://idgov.domain.com:8443/oauth.html#access_token=eH8AILXiY/l9k2GCOn%40VcIj0sHzCuZarF25LOwv/JR7v4t%404pVHi4K8lB036rTUTRECdqqZmhn0SF0Y/X/Cj/TsKMlyH0oggz8muc2fZwSO5TZ%40Z9Jh19cdws7PXmdHt2npc6DOEWt0AEoWgM7TDknjclrW787E0cb8z6VKF9WSWawn5ssFQkNS7afpDlcQknQEV/IlUnveKxxypdOOQxx0ohcCT5DjYrZHnwzscaBuaRH%40Z&state=gromitstate0.11439243921740716&token_type=Bearer&expires_in=120
Preamble: [OSP]
Priority Level: FINER
Java: internal.osp.common.logging.HttpResponseLogger.log() [138] thread=https-jsse-nio-8443-exec-1
Time: 2019-01-31T16:33:11.422+0100
Log Data: HttpServletResponse (Number 3)
Duration (seconds): 0.30
Character encoding: ISO-8859-1
Locale: en
Buffer size: 8192