| DESCRIPTION |
The KERNEL PKI LOGS file is meant to be used by the Kernel team to log
are extracted from the given SAML TOKEN; therefore it is possible that
this data is forged, inaccurate or simply not provided. The main takeaway
is that we understand who the user said they were using SECID so that we
can later compare that to IAM.
The ERROR MESSAGE FROM API and ERROR MESSAGE FROM RSA fields are meant to
store messages reported by the InterSystems APIs. The OTHER MESSAGE field
is meant to store other messages that maybe relevant to help triage why
the SAML TOKEN failed PKI digital signature validation.
which SAML TOKENS would fail PKI digital signature validation. This file
has been released in patch XU*8*810.
At minimum a log entry MUST contain a DATE/TIME CREATED and a SAML TOKEN.
Please note that to preserve the byte by byte integrity of the SAML TOKEN
the SAML TOKEN has been saved in base64 format.
The USER'S SECID, FIRST NAME and LAST NAME fields
|
