Hi Arjun,
In API Connect v10 you have a lot more control over the analytics record than you did in v5. You can provide a log action on your assembly which will populate within the API Gateway context the log data (ie, context.log) with the current analytics record based upon your activity-log settings (activity, headers, payload). You can then add your custom data using a GatewayScript policy but updating the context.log object to contain your custom data, in this case, the username. From my discussion with the analytics developer, if you only want to see this in your analytics data, that's all there is to it. If you wanted to search your analytics data based on this custom property, that would require what was described as a "hacky and not recommended" process today, although an enhancement is on the books to allow a "custom" element which would be indexed and query-able. No commitment on when that will be implemented or exactly what it will look like, but perhaps you might add a property named "custom", ie, context.log.custom, and within that object, add your userid.
Regards,
Steve
------------------------------
Steve Linn
Senior Consulting I/T Specialist
IBM
------------------------------
Original Message:
Sent: Wed May 04, 2022 02:38 AM
From: Arjun Pilli
Subject: Context variable or policy to get authenticated ldap user
Thank you Steve,
If I understand correctly, I will need to extract username in API's and send it to analytics right. If we want username in logs ?
Original Message:
Sent: 5/3/2022 4:29:00 PM
From: Steve Linn
Subject: RE: Context variable or policy to get authenticated ldap user
Hi Arjun,
The authorization request header may be sanitized in the APIC analytics data, but within the API, it is still in the request headers. To test, I did a simple GatewayScript in my API and enabled the GatewayScript debugger:
1:let auth = context.get('request.headers.authorization');
=>2:debugger;
(debug) p auth
Basic bXl1aWQ6bXlwd2Q=
(debug) p Buffer.from(auth.slice(6), 'base64').toString()
myuid:mypwd
Regards,
Steve
------------------------------
Steve Linn
Senior Consulting I/T Specialist
IBM
Original Message:
Sent: Wed April 06, 2022 08:44 AM
From: Arjun Pilli
Subject: Context variable or policy to get authenticated ldap user
In version 10.0.1.6 IBM Added APAR(https://www.ibm.com/support/pages/apar/IT38254) that sanitizes the authorization header before sending it to the analytics endpoint. it is good that sensitive information like credentials is not visible on analytics but we would like to see the username information.
I do not find any context variable storing this information. Does anyone have any idea on how to get the authenticated user for the requests into analytics?
------------------------------
Arjun Pilli
API Specialist
DSV
Johannesburg
+27 0840611655
------------------------------