Note: this is an abstract component that cannot be instantiated.
Authorization Log Publishers are used for recording information about actions performed by the Identity Broker policy engine and OAuth2 service.
↓Direct Subcomponents
↓Parent Component
↓Relations from This Component
↓Properties
↓dsconfig Usage
The following Authorization Log Publishers are available in the server :
These Authorization Log Publishers inherit from the properties described below.
The Authorization Log Publisher component inherits from the Log Publisher
The following components have a direct composition relation from Authorization Log Publishers:
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ description | None |
| ↓ enabled | |
| ↓ java-class | |
| ↓ logged-message-type |
| Description | A description for this Log Publisher |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether the Log Publisher is enabled for use. |
| Default Value | None |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The fully-qualified name of the Java class that provides the Authorization Log Publisher implementation. |
| Default Value | None |
| Allowed Values | The fully-qualified name of a Java class that extends or implements com.unboundid.directory.broker.loggers.AuthorizationLogPublisher |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the message types which can be logged. |
| Default Value | All messages are logged except for decision-trace. |
| Allowed Values | policy-decision - Indicates that policy decisions will be logged. decision-trace - For debugging of XACML policies. Indicates that decision trace messages will be logged. Can generate a lot of output and could impact performance. add-consent - Indicates that capture of consent will be logged. delete-consent - Indicates that revocation of consent will be logged. oauth-code-granted - Indicates that information on OAuth 2 authorization codes will be logged. oauth-code-consumed - Indicates that OAuth 2 authorization codes being converted to a token will be logged. oauth-token-granted - Indicates that information on OAuth 2 access tokens will be logged. oauth-token-revoked - Indicates that OAuth 2 access tokens being revoked will be logged. oauth-token-validation - Indicates that OAuth 2 access token validation results will be logged. oauth-consent-denied - Indicates that information will be logged when a user implicitly or explicitly denies OAuth 2 consent. oauth-consent-permitted - Indicates that information will be logged when an user implicitly or explicitly approves OAuth 2 consent. oauth-consent-requested - Indicates that information will be logged when an application requests OAuth 2 consent from a user. oauth-exception - Indicates that information will be logged when there is an exception in an OAuth 2 flow. id-token-granted - Indicates that information on OpenID Connect ID tokens will be logged. external-identity-token - Indicates that information on External Identity Provider token requests and responses will be logged. external-identity-attributes - Indicates that information on External Identity Provider attribute requests and responses will be logged. |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured Log Publishers:
dsconfig list-log-publishers
[--property {propertyName}] ...
To view the configuration for an existing Log Publisher:
dsconfig get-log-publisher-prop
--publisher-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Log Publisher:
dsconfig set-log-publisher-prop
--publisher-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To delete an existing Log Publisher:
dsconfig delete-log-publisher
--publisher-name {name}