My Oracle Support Banner

Oracle Access Manager 12c PS3 (OAM 12.2.1.3): Audit Date Is Not Being Written To OAM and Federation Tables in AuditDB (Doc ID 2606772.1)

Last updated on DECEMBER 15, 2022

Applies to:

Oracle Access Manager - Version 12.2.1.3.0 and later
Information in this document applies to any platform.
Oracle is not responsible for instructions/information from 3rd party sites that may be contained in this KM note.

Goal

In Oracle Access Manager 12c PS3 (OAM 12.2.1.3), audit is being only written to IAU_BASE table in the database (DB). OAM audit.log bus stop file has a very different attribute field header in comparison to IAU_BASE table. So, IAU_BASE table is missing very important audit data that is available in audit.log file but since there are no such fields in IAU_BASE table they will never be loaded in the DB.

OAM 12c product then its missing a lot of valuable audit data that was earlier visible in OAM and Federation audit tables but since Oracle is no longer writing to these tables the audit information is just available in the audit.log file and will never be moved to the Audit Database like in earlier Oracle Access Manager 11g R2PS2 (OAM 11.1.2.2) versions. The primary objective of writing this audit information in database is to get a much quicker access either via running custom SQL queries against audit DB or accessing the data via BI Publisher reports which will not work now.

Some of such examples of missing fields are:

IAU_APPLICATIONNAME doesn't contains the real application name but in some cases the domain name for OAM installation or the Authentication Policy Name or the Authorization Policy Name or the Data Store Name. It contains inconsistent data and not true data .

IAU_EVENTCATEGORY contains a very different value. Examples of values in this field "PROXY_IP_ADDRESS = unknown" or "AdminConsole". Similar to above this contains highly inconsistent or incorrect data.

IAU_AGENTID Field is missing in IAU_BASE table which should ideally hold the value of the agentname (web server) where the WebGate is installed. This field exists in the OAM audit.log bus stop file.

IAU_SSOSESSIONID field is missing in IAU_BASE table but exists in the OAM audit.log bus stop file.

IAU_USERDN field is missing in IAU_BASE table. It shows the DN of the user performing the action. This field also exists in OAM audit.log bus stop file.

IAU_RESOURCEID field is missing from IAU_BASE table but this field also exists in OAM audit.log bus stop file. This field contains the name of Protected resources.

IAU_AUTHORIZATIONPOLICYID field is missing from IAU_BASE table, but this field also exits in OAM audit.log bus stop file. This field contains the authorization policy name against the web resource that is being audited.

IAU_USERID field is missing from IAU_BASE table but this field also exists in the OAM audit.log bus stop file. This file contains the userid of the user logging into the application protected by OAM.



Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.