My Oracle Support Banner

OES11g - Audit on WLS SM Shows Most of the Columns In IAU_BASE Are NULL Including Resource Name (Doc ID 2480544.1)

Last updated on OCTOBER 15, 2019

Applies to:

Oracle Entitlements Server - Version 11.1.2.3.0 to 11.1.2.3.0 [Release 11g]
Information in this document applies to any platform.

Symptoms

OES 11123, WLS Security Module Audit configured with database authorization request generate record in buss stop audit log file,

it contains a lots of info, including related OES resource name.

Data loaded in database contain only a few columns, the rest are NULL, also resource name missing.

 A typical authorization request generates the following audit in the bus-stop file:

2016-07-26 14:57:28.425 - "IsAccessAllowed" true "Authorization check permission succeeded." - - - - - "<ENCRYPTED_VALUE>"
"Authorization" "success" - "<HOST>" "<IPADDRESS>" "(DecisionTime:7/26/16 4:57 PM) (IsAllowed:false)" - - - - - - -
"[(Name:<NAME>) (Value:100)] " - - - "file:/<OESCLIENT_HOME>/modules/oracle.oes.sm_11.1.1/ws
sm.jar" - - - - - - "ONCE" - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - "[]" - - - - - - - - - - - - -
- - - - - - - "read" "(AppName:<APP_NAME>) (ResourceType:dipstype) (ResourceName:medicalEmployee)" "(principals([(Name:Administrators) (Class
name:weblogic.security.principal.WLSGroupImpl)] [(Name:<USERNAME>) (Class name:weblogic.security.principal.WLSUserImpl)] ))" - - - - - - - - - "1" "2"
- - - - - - - - - "12" - - - The event ECID is <ENCRYPTED_VALUE>.

The corresponding data in IAU_BASE is:

SQL> select * from iau_base where iau_ecid='<ENCRYPTED_VALUE>';

<NUMBER>
_JPS
<HOST>
2
<ENCRYPTED_VALUE
IsAccessAllowed
Authorization
1
DD-MON-D HH:MM:SS:MS PM
12
Authorization check permission succeeded.
success
idm_domain
<NUMBER>
_JPS
<HOST>
2
<ENCRYPTED_VALUE>
IsAccessAllowed
Authorization
1
26-JUL-16 04:57:28:425000 PM
12
Authorization check permission succeeded.
success
<DOMAIN_NAME>

 

In above select output observing only a few columns, the rest are NULL, also resource name missing.

Changes

 Configure audit for Weblogic security module.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.