AuditLogging

Realm Operations

Resource path:

/realm-config/services/audit

Resource version: 1.0

create

Usage

am> create AuditLogging --realm Realm --body body

Parameters

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "auditEnabled" : {
      "title" : "Audit logging",
      "description" : "Enable audit logging in OpenAM.",
      "propertyOrder" : 100,
      "required" : true,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "whitelistFieldFilters" : {
      "title" : "Field whitelist filters",
      "description" : "OpenAM has a predefined whitelist built-in that only records values that do not contain sensitive information. Use this property to whitelist fields in addition to the built-in list. <p> Each field filter should be provided using a JSON Pointer-like syntax which is prefixed with the event's topic. The topic will be one of <code>access</code>, <code>activity</code>, <code>authentication</code>, or <code>config</code>.<p> For example, to record the values of the <code>Accept-Language</code> HTTP header in <em>access</em> events, the pointer is <code>/access/http/request/headers/accept-language</code>.",
      "propertyOrder" : 200,
      "required" : false,
      "items" : {
        "type" : "string"
      },
      "type" : "array",
      "exampleValue" : ""
    },
    "blacklistFieldFilters" : {
      "title" : "Field blacklist filters",
      "description" : "Blacklist filters can be used to remove audit event fields which are whitelisted by default. These are fields which are safe to log but which you have decided are not necessary for your requirements. <p> Each field filter should be provided using a JSON Pointer-like syntax which is prefixed with the event's topic. The topic will be one of <code>access</code>, <code>activity</code>, <code>authentication</code>, or <code>config</code>.<p> For example, you might want to filter out surnames by hiding the <code>sn</code> field from <em>activity</em> events. To do so, add the following pointers to the Field blacklist filters list: <ul><li><code>/activity/before/sn</code></li><li><code>/activity/after/sn</code></li></ul>",
      "propertyOrder" : 300,
      "required" : false,
      "items" : {
        "type" : "string"
      },
      "type" : "array",
      "exampleValue" : ""
    }
  }
}

delete

Usage

am> delete AuditLogging --realm Realm

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage

am> action AuditLogging --realm Realm --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage

am> action AuditLogging --realm Realm --actionName getCreatableTypes

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage

am> action AuditLogging --realm Realm --actionName nextdescendents

read

Usage

am> read AuditLogging --realm Realm

update

Usage

am> update AuditLogging --realm Realm --body body

Parameters

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "auditEnabled" : {
      "title" : "Audit logging",
      "description" : "Enable audit logging in OpenAM.",
      "propertyOrder" : 100,
      "required" : true,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "whitelistFieldFilters" : {
      "title" : "Field whitelist filters",
      "description" : "OpenAM has a predefined whitelist built-in that only records values that do not contain sensitive information. Use this property to whitelist fields in addition to the built-in list. <p> Each field filter should be provided using a JSON Pointer-like syntax which is prefixed with the event's topic. The topic will be one of <code>access</code>, <code>activity</code>, <code>authentication</code>, or <code>config</code>.<p> For example, to record the values of the <code>Accept-Language</code> HTTP header in <em>access</em> events, the pointer is <code>/access/http/request/headers/accept-language</code>.",
      "propertyOrder" : 200,
      "required" : false,
      "items" : {
        "type" : "string"
      },
      "type" : "array",
      "exampleValue" : ""
    },
    "blacklistFieldFilters" : {
      "title" : "Field blacklist filters",
      "description" : "Blacklist filters can be used to remove audit event fields which are whitelisted by default. These are fields which are safe to log but which you have decided are not necessary for your requirements. <p> Each field filter should be provided using a JSON Pointer-like syntax which is prefixed with the event's topic. The topic will be one of <code>access</code>, <code>activity</code>, <code>authentication</code>, or <code>config</code>.<p> For example, you might want to filter out surnames by hiding the <code>sn</code> field from <em>activity</em> events. To do so, add the following pointers to the Field blacklist filters list: <ul><li><code>/activity/before/sn</code></li><li><code>/activity/after/sn</code></li></ul>",
      "propertyOrder" : 300,
      "required" : false,
      "items" : {
        "type" : "string"
      },
      "type" : "array",
      "exampleValue" : ""
    }
  }
}

Global Operations

Resource path:

/global-config/services/audit

Resource version: 1.0

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage

am> action AuditLogging --global --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage

am> action AuditLogging --global --actionName getCreatableTypes

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage

am> action AuditLogging --global --actionName nextdescendents

read

Usage

am> read AuditLogging --global

update

Usage

am> update AuditLogging --global --body body

Parameters

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "whitelistFieldFilters" : {
      "title" : "Field whitelist filters",
      "description" : "OpenAM has a predefined whitelist built-in that only records values that do not contain sensitive information. Use this property to whitelist fields in addition to the built-in list. <p> Each field filter should be provided using a JSON Pointer-like syntax which is prefixed with the event's topic. The topic will be one of <code>access</code>, <code>activity</code>, <code>authentication</code>, or <code>config</code>.<p> For example, to record the values of the <code>Accept-Language</code> HTTP header in <em>access</em> events, the pointer is <code>/access/http/request/headers/accept-language</code>.",
      "propertyOrder" : 200,
      "required" : false,
      "items" : {
        "type" : "string"
      },
      "type" : "array",
      "exampleValue" : ""
    },
    "blacklistFieldFilters" : {
      "title" : "Field blacklist filters",
      "description" : "Blacklist filters can be used to remove audit event fields which are whitelisted by default. These are fields which are safe to log but which you have decided are not necessary for your requirements. <p> Each field filter should be provided using a JSON Pointer-like syntax which is prefixed with the event's topic. The topic will be one of <code>access</code>, <code>activity</code>, <code>authentication</code>, or <code>config</code>.<p> For example, you might want to filter out surnames by hiding the <code>sn</code> field from <em>activity</em> events. To do so, add the following pointers to the Field blacklist filters list: <ul><li><code>/activity/before/sn</code></li><li><code>/activity/after/sn</code></li></ul>",
      "propertyOrder" : 300,
      "required" : false,
      "items" : {
        "type" : "string"
      },
      "type" : "array",
      "exampleValue" : ""
    },
    "auditEnabled" : {
      "title" : "Audit logging",
      "description" : "Enable audit logging in OpenAM.",
      "propertyOrder" : 100,
      "required" : true,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "defaults" : {
      "properties" : {
        "auditEnabled" : {
          "title" : "Audit logging",
          "description" : "Enable audit logging in OpenAM.",
          "propertyOrder" : 100,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "blacklistFieldFilters" : {
          "title" : "Field blacklist filters",
          "description" : "Blacklist filters can be used to remove audit event fields which are whitelisted by default. These are fields which are safe to log but which you have decided are not necessary for your requirements. <p> Each field filter should be provided using a JSON Pointer-like syntax which is prefixed with the event's topic. The topic will be one of <code>access</code>, <code>activity</code>, <code>authentication</code>, or <code>config</code>.<p> For example, you might want to filter out surnames by hiding the <code>sn</code> field from <em>activity</em> events. To do so, add the following pointers to the Field blacklist filters list: <ul><li><code>/activity/before/sn</code></li><li><code>/activity/after/sn</code></li></ul>",
          "propertyOrder" : 300,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "whitelistFieldFilters" : {
          "title" : "Field whitelist filters",
          "description" : "OpenAM has a predefined whitelist built-in that only records values that do not contain sensitive information. Use this property to whitelist fields in addition to the built-in list. <p> Each field filter should be provided using a JSON Pointer-like syntax which is prefixed with the event's topic. The topic will be one of <code>access</code>, <code>activity</code>, <code>authentication</code>, or <code>config</code>.<p> For example, to record the values of the <code>Accept-Language</code> HTTP header in <em>access</em> events, the pointer is <code>/access/http/request/headers/accept-language</code>.",
          "propertyOrder" : 200,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        }
      },
      "type" : "object",
      "title" : "Realm Defaults"
    }
  }
}