Auditing and tracking transactions

Document ID : KB000094126
Last Modified Date : 02/05/2018
Show Technical Document Details
Auditing problems for CA solution looking to link transaction from SSO AG to APIM auditing
Client flow as followed each CA product process requests to CA SSO Policy server
Client Browser -> F5 > CA Access Gateway -> F5 -_ CA APIM Gateway (OAuth)
Each product logs requests when processed, however not sure how to link transaction to get a complete flow of each request
Client browser request to F5 load balancer, sends to CA SSO Access Gateway (R12.7), proxy to F5 load balancer, sends to CA APIM Gateway (9.2 Cr7)

CA SSO products logs TransactionID for each unique requested processed through Agent/Access Gateway to the policy server
CA APIM include SSO SDK agent for isProtect(), login() and isAuthorized() calls you can set variable for TransactionID then log it to audit records
Set a variable as following
            stringValue=" ${request.http.header.sm_transactionid}"/>
            VariableToSet stringValue="SSOTransactionID1"/>
APIM Results:
SSOTransactionID1 = {String} "133d5d1b-18f98084-8c74688f-1f07fc71-bfe3cb39-0c"
SSO AG log:
[04/06/2018][14:10:42.749][31168][140393767573248][][ProxyValve::invoke][133d5d1b-18f98084-8c74688f-1f07fc71-bfe3cb39-0c][Entering the agent.]
 [04/06/2018][14:10:42.754][31168][140393767573248][][execute][133d5d1b-18f98084-8c74688f-1f07fc71-bfe3cb39-0c][Sending request to backend = url =]
The Policy server trace the TransactionID is capture in the data field:
[04/06/2018][14:10:42.860][4043][139923602585344][SmMessage.cpp:557][CSmMessage::ParseAgentMessage][s2/r1296][133d5d1b-18f98084-8c74688f-1f07fc71-bfe3cb39-0c][Receive request attribute 221, data size is 47]