Login events are not automatically audited when using SSO. You could add something similar to this under the SSO Authentication Rule (text in black represents additions) to audit these logins:
<Rule
language="beanshell"
name="SSO Authentication Rule - Example"
type="SSOAuthentication">
<Source><![CDATA[
// Needed to log AuditEvents
import sailpoint.server.Auditor;
...
String userFromHeader = httpRequest.getHeader( USER_DN );
String authServer = httpRequest.getHeader( AUTHDIR_NAME );
Application app = mapAuthDirToApp( ctx, authServer );
Correlator correlator = new Correlator( ctx );
Link link = correlator.findLinkByNativeIdentity( app,
userFromHeader );
Identity user = null;
if ( link != null ) {
user = link.getIdentity();
// Write that down.
if ( Auditor.isEnabled( AuditEvent.ActionLogin ) ) // Check to see if there is auditing logging first...
Auditor.log( AuditEvent.ActionLogin, // Logging actions pertaining to logins.
userFromHeader, // The USER_DN from the HTTP Header
user ); // The Identity we mapped
} else {
// Login fails
if ( Auditor.isEnabled( AuditEvent.ActionLoginFailure ) ) // Check to see if there is auditing logging first
Auditor.log( AuditEvent.ActionLoginFailure, // Logging an action pertaining to how much this login failed.
userFromHeader ); // The USER_DN from the HTTP Header (or lack thereof) which caused the login failure.
}
return user;
]]></Source>
</Rule>
