We are using Ignition’s audit manager to record changes into a MSSQL DB and need to record any failed login attempts. We are using a hybrid IdP where AD has the users and passwords, and Ignition has the roles. When logging into my perspective session, we can see in the audit log a successful login, but do not see any failed attempts. According to the manual, only lockout events get recorded to the audit log. I’m working with Inductive support on the issue, but I wanted to ask here if anybody has a work around? This project is in the biomedical industry, 21 CFR and what not, so I need the information. I’m hoping somebody knows a way to get the info.
I see a ticket was in backlog in 2022 here, but no updates: [FEATURE-2062] Gateway login auditing
And here is the manual page (under user sources): Auditing Actions Reference | Ignition User Manual
IGN-2062 was implemented and merged into 8.1.17, the scope was for login/logout actions on the Gateway status and config pages, though, and not anything to do with Perspective.
Successful login and logout responses are captured by the audit manager, but if a user attempts to login and is unsuccessful, there is nothing stored in the audit manager unless they lock themselves out (added in 8.1.14). I need to capture that login attempt that failed.
Is this a different scenario than your other post, where you are using an external IdP?
edit: oops that's this post. External IdP, yes?
Hybrid IdP, AD and Ignition, yes.
Right, well the ticket you're asking about doesn't help you here.
With an external IdP the login takes place on the IdP, not in Ignition. The failure happens there too, and there's no callback from the IdP to tell Ignition that the login failed.
Maybe there's some way to retrieve audit logs from AD and insert them into Ignition or something, don't know.
Where does the text in red saying the login failed come from?
On the surface, I do not have a non-custom way of getting the AD logs and putting them into the DB.
Hang on, this looks like the Ignition internal IdP, not an external one. Doesn't help because I don't think our internal IdP currently has auditing support. Gonna ask somebody who knows more.
K, sounds like it was a terminology mismatch.
This is the Ignition internal IdP, configured against an AD hybrid user source, by the sound of it.
The ticket to reference is IGN-5725, which is to add auditing support to Ignition's internal IdP...
I don't have better news or a suggested workaround, but maybe somebody else does.
1 Like
Here is some more information. Here is a locked user response stored in the logs, but it did not get captured by the audit log. I know the manual says this was added 8.1.14, so I’m not sure why its not getting caught by the audit manager.
