IBM Security Verify

Expand all | Collapse all

SCIM Logging

  • 1.  SCIM Logging

    Posted Wed May 06, 2020 04:34 PM
    Hi all,

    what is the best way to have a log of requests processed by SCIM?

    I turned on the trace "com.ibm.isam.scim. * = ALL" but writes too much and does not however give the information inherent to the operation carried out (creation, deletion, modification of attributes).

    Any suggest?

    Thanks in advance


    ------------------------------
    Patrizio Spadavecchia
    ------------------------------


  • 2.  RE: SCIM Logging

    Posted Mon June 07, 2021 05:05 AM
    no answer / suggestion?

    Thanks

    ------------------------------
    Patrizio Spadavecchia
    ------------------------------



  • 3.  RE: SCIM Logging

    Posted Mon June 07, 2021 06:04 AM
    Edited by Patrizio Mon June 07, 2021 06:04 AM
    .


  • 4.  RE: SCIM Logging

    Posted Mon June 07, 2021 05:36 PM
    You have more options. Instead of using ALL, you can control the level of logging with other options. For example FINEST, FINE, etc.
    Regarding the operations carried out, I am not sure what you want, but you the scim REST API, are http requests, so if that is what you need, you may find these also in the reverse proxy logs.

    ------------------------------
    Joao Goncalves
    Pyxis, Lda.
    +351 91 721 4994
    ------------------------------



  • 5.  RE: SCIM Logging

    Posted Tue June 08, 2021 04:31 AM
    Thanks Joao,

    in reverse proxy logs i can find requests but not the payload, so it's not possible to understand what operation was done on the data.

    I know there are several log verbosity settings for trace logs, but my aim would be to keep track of all the operations performed through this interface.

    Thanks

    ------------------------------
    Patrizio Spadavecchia
    ------------------------------



  • 6.  RE: SCIM Logging

    Posted 8 days ago
    Patrizio,

    Unfortunately we don't have audit records written for SCIM operations - that probably would have been the best answer.  If you think this would be the right answer then please create  a "Request for Enhancement" to register this requirement. https://www.ibm.com/developerworks/rfe/?PROD_ID=1575

    As already discussed, HTTP request log gives some information but not enough to really know what changes were made.

    I can think of two ideas:

    1. Enable auditing in whatever directory server actually stores the users and groups.  If you BIND to this with a specific user when doing SCIM operations then perhaps you could filter based on that to get just the SCIM operations.

    2. Create a "proxy" HTTP service (your own or something in JavaScript using the AAC) which writes audit records before forwarding the requests to the "real" SCIM endpoint.  I'm not sure how easy this would be - just an option.

    Jon.

    ------------------------------
    Jon Harry
    Consulting IT Security Specialist
    IBM
    ------------------------------



  • 7.  RE: SCIM Logging

    This message was posted by a user wishing to remain anonymous
    Posted 9 days ago
    This post was removed