USER_AUTHENTICATION (100)
- Former user (Deleted)
The event is generated when a Universal Agent component was not able to successfully authenticate a user identifier and password.
USER_AUTHENTICATION Event Header
|
Field Name |
Description |
|
eventCategory |
Security |
|
eventSeverity |
Major |
|
eventTopic |
User |
|
eventType |
100 |
|
(Source Fields) |
Universal Agent component that encountered the failed user authentication. |
|
(Reporter Fields) |
|
USER_AUTHENTICATION Event Body
|
Field Name |
Notes |
Description |
|
certId |
1, 2 |
UACL certificate map identifier to which the client's digital certificate mapped. |
|
clientCertIssuer |
1, 2 |
Issuer field of the digital certificate provided by the client. |
|
clientCertSerialNo |
1, 2 |
Serial number of the digital certificate provided by the client. |
|
clientCertSubject |
1, 2 |
Subject field of the digital certificate provided by the client. |
|
clientIpAddr |
1 |
IP address from which the client's socket connection was established. |
|
clientUserId |
1, 3, 4 |
User identifier of the client. |
|
clientWorkId |
1 |
Work identifier of the client. |
|
userId |
3 |
User identifier that failed authentication. |
Notes
- Client fields identify the client that requested user authentication. A client is not always the initiator of the authentication request however. Authentication may be performed by a Universal Agent component on its own behalf as part of its normal processing.
- Digital certificate information is only provided if the client provided a digital certificate.
- A case-dependent value.
- A case-dependent value, but for pre-3.2 clients, the value always is considered case sensitive.