Event Examples for Failure situation

[D035676]

Hi Colleagues,

to monitor malicious scenarios, we need to have a deep look on Events protocolling Failure situation.
Could you provide us event examples (e.g. a according JSON strings) for following Failure Events:
UserAuthenticationFailure
MfaAuthenticationFailure
IdentityProviderAuthenticationFailure
ClientAuthenticationFailure
PrincipalAuthenticationFailure
PasswordChangeFailure

best regards,
Eugen

PS: above events were taken from
https://docs.cloudfoundry.org/running/managing-cf/uaa-audit-requirements.html

[cf-gitbot]

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/182047924

The labels on this github issue will be updated when the story is started.

[strehle]

@torsten-sap can you provide more details thus you worked on it

[D035676]

Hi Torsten (@torsten-sap), could you help us with examples to above use-cases?

[torsten-sap]

For IdentityProviderAuthenticationFailure you find two examples in the following PivotalTracker story:
https://www.pivotaltracker.com/n/projects/997278/stories/154404992

Keep in mind that often one failure causes another, e.g.:

• UserAuthenticationFailure -> PrincipalAuthenticationFailure
• IdentityProviderAuthenticationFailure -> PrincipalAuthenticationFailure

MfaAuthenticationFailure and PasswordChangeFailure should not be relevant for you.

@tack-sap Do you by chance have examples for UserAuthenticationFailure, ClientAuthenticationFailure and PrincipalAuthenticationFailure?