Loading...

XML

Word

Printable

Type: Feature Request
Resolution: Unresolved
Priority: Major
Fix Version/s: None
Affects Version/s: 2.14.0 GA
Component/s: System
Labels:
- roadmap
- security
- support

Blocked:
False
Blocked Reason:
None
Ready:
False
3Scale PT Tested upstream:
Not Started
3scale PT Docs:
Not Started
3scale PT Product Specs:
Not Started
3scale PT Product Update Ready:
Not Started
3scale PT Released In Saas:
Not Started
3scale PT Verified Product:
Not Started
Target Release:

2.16.0 GA
Epic Link:
Audit changes
Intelligence Requested:
Market:

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Current Behaviour

User session is not audited.

Expected Behaviour

User sessions are audited and a distinction is made in the audit log between a successful and failed session create event.

customer is looking for the following audit logs:

Login, success:
Login, Failed:
User Account change password, success
User Account change password, failure
User Account locked, success:

Release Notes:

Removed audit logs for login/logout success
Login and logout are audited by `UserSession`. `created` for login, `revoked_at` for logout.
Password change is audited by `User#password_digest`
A new audit log is generated when the user fails trying to change its password.
All above is valid for admin and developer portals.

links to

What is the list of audit logs that can be provided by 3scale team?

mentioned on

Merge request - Updated US source to: 81b0121 Merge pull request #3896 from 3scale/update_headless_chrome_options

Merge request - Updated US source to: a8dc5c7 Merge pull request #3894 from 3scale/dependabot/npm_and_yarn/express-4.21.0

Merge request - Updated US source to: fd324cc Merge pull request #3885 from jlledom/THREESCALE-10843-user-session-audited

Assignee:: Unassigned

Reporter:: Kevin Price

Tester:: Martin Kudlej

Developer:: Joan Lledo

Votes:: 9 Vote for this issue

Watchers:: 9 Start watching this issue

Created:: 2024/02/29 9:32 AM

Updated:: 2024/12/11 11:08 AM