Approuter not audit logging logout scenario.
we use approuter and when we logout it is not getting audit logged. how can we see audit log for a logout scenario ?
Two points to be mentioned.
- We use the AppRouter as a reverse proxy for URL delegation and auth handling with XSUAA.
- We don’t have any CF presence and deploy the AppRouter using it’s docker image to Kubernetes pods.
Problem Statement:-
We have configured a logout endpoint and when its triggered user gets logout successfully. The problem is it being a security event it’s not getting audit logged.
We can see the audit log when user gets authenticated and is logged in but not when it’s being logged out.
More Information:-
Part of our AppRouter xs-app.yaml file:-
{
"welcomeFile": "/cockpit/",
"sessionTimeout": 60,
"logout": {
"logoutEndpoint": "/logout",
},
"routes": [
{…},
{…},
{
"source": "/logout",
"destination": "luigi-core",
},
]
}
Sample AuditLog for login:
{
"message_uuid": "cac37832-07f2-****-8027-3186adac6323",
"time": "2023-05-09T07:30:54.674Z",
"tenant": "c01e293****************b1ad",
"org_id": "92f1da92***********64165af11c8",
"space_id": "92f1da92******************4165af11c8",
"app_or_service_id": "******************4165af11c8",
"als_service_id": "a8b9a836-******************-7e43b37f574d",
"user": ad******************gh@sap.com,
"category": "audit.security-events",
"format_version": "",
"message": "{\"uuid\":\"cac37832-07f2-4704-8027-3186adac6323\",\"user\":\a******************gh@sap.com\,\"time\":\"2023-05-09T07:30:54.674970Z\",\"ip\":\"103.109.144.42\",\"data\":\"{\\\"level\\\":\\\"INFO\\\",\\\"origin\\\":null,\\\"msgNo\\\":1,\\\"msgId\\\":\\\"c0766ed9-f92c-491b-bf8d-2dd3670feab3\\\",\\\"message\\\":\\\"UserAuthenticationSuccess (ad******************gh@sap.com'): principal=6351eff0-35cf-432a-9f02-46a3e4852a94, origin=[remoteAddress=1993.134.1141.4456, sessionId= ], identityZoneId=[c01e2935******************-a308-8aa9ac99b1ad]******************ad\",\"customDetails\":{}}"
},