Bug 912233

Summary: No audit feature for security-realm
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Hisanobu Okuda <hokuda>
Component: SecurityAssignee: Darran Lofthouse <darran.lofthouse>
Status: CLOSED NOTABUG QA Contact: Josef Cacek <jcacek>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.0.1CC: bmaxwell, brian.stansberry, darran.lofthouse, dvanbale, hokuda, jawilson, jcacek, jlee, olukas, ppenicka, tfonteyn
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-02-20 16:33:06 UTC Type: Feature Request
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Hisanobu Okuda 2013-02-18 07:54:13 UTC 
Description of problem:
There is no auditing feature for security-realm. Need the feature like audit provider for security-domain.

Version-Release number of selected component (if applicable):
EAP 6.0.x

How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Heiko Braun 2013-02-18 08:56:22 UTC 
Please create feature request in the community Jira
Comment 3 Hisanobu Okuda 2013-02-26 01:08:39 UTC 
The RFE was filed in the community JIRA.
https://issues.jboss.org/browse/AS7-6628
Comment 4 Darran Lofthouse 2013-03-07 10:11:13 UTC 
Taking ownership of this one, it is not actually the realm that requires audit capabilities but the entry point to the server.

The reason being that as we switch to a more IDM based approach access to the backing store no longer reveals information on the successful outcome of an authentication attempt - that decision now happens at the entry point e.g. the HTTP authentication mechanism or the SASL mechanism, both of which need to be sending out some form of notification that can be logged.

Undertow already has quite a bit of this in place to cover HTTP, the SASL mechanisms require some further work so that they can emit similar notifications.
Comment 5 JBoss JIRA Server 2013-03-07 15:15:51 UTC 
Brian Stansberry <brian.stansberry> made a comment on jira AS7-6628

This should be part of the general audit logging functionality. See AS7-444. Darran, before doing anything on this, chat with Kabir and I.
Comment 26 Petr Penicka 2016-02-08 14:28:12 UTC 
Triage: @Brad verify and infor if we can close.
Comment 27 Brad Maxwell 2017-02-20 16:33:06 UTC 
Closing as this is an RFE: PRODMGT-1483