USER_AUTHENTICATION (100)
The event is generated when a Universal Agent component was not able to successfully authenticate a user identifier and password.
USER_AUTHENTICATION Event Header
Field Name | Description |
---|---|
eventCategory | Security |
eventSeverity | Major |
eventTopic | User |
eventType | 100 |
(Source Fields) | Universal Agent component that encountered the failed user authentication. |
(Reporter Fields) |
USER_AUTHENTICATION Event Body
Field Name | Notes | Description |
---|---|---|
certId | 1, 2 | UACL certificate map identifier to which the client's digital certificate mapped. |
clientCertIssuer | 1, 2 | Issuer field of the digital certificate provided by the client. |
clientCertSerialNo | 1, 2 | Serial number of the digital certificate provided by the client. |
clientCertSubject | 1, 2 | Subject field of the digital certificate provided by the client. |
clientIpAddr | 1 | IP address from which the client's socket connection was established. |
clientUserId | 1, 3, 4 | User identifier of the client. |
clientWorkId | 1 | Work identifier of the client. |
userId | 3 | User identifier that failed authentication. |
Notes
- Client fields identify the client that requested user authentication. A client is not always the initiator of the authentication request however. Authentication may be performed by a Universal Agent component on its own behalf as part of its normal processing.
- Digital certificate information is only provided if the client provided a digital certificate.
- A case-dependent value.
- A case-dependent value, but for pre-3.2 clients, the value always is considered case sensitive.