SIMS icon indicating copy to clipboard operation
SIMS copied to clipboard
verified publisher icon bcgov

All users' log in / log off needs to be logged

Open mzmichellesmith opened this issue 5 years ago • 3 comments

As technical support/security officer, I want the logs in and logs out activities of users recorded for the purposes of troubleshooting & audit/security purposes.

Acceptance Criteria

  • [ ] When a user logs into their account, call api to write log entry to console.
  • [ ] When a user logs out of their account (clicks logout), call api to write log entry to console.
  • [ ] When the SIMS idle timeout forces a logout call api to write entry to console.
  • [ ] When a user closes the browser best effort event should be logged via api
  • [ ] Events logged should contain
    • [ ] Static Prefix: SIMS Audit Event
    • [ ] IP
    • [ ] User GUID
    • [ ] Event: [Logged In/Logged Out/Browser Closed/Session Timed Out]
    • [ ] Portal: [Student User/Supporting User/Institution User/Ministry User]

Technical

  • [ ] Create the API calls based on the UI actions/events.
    • Once the user clicks the login button, and it is successful.
    • Once the user clicks the logoff button, and it is successful.
    • Once the login expires.
    • The best effort to log when the user closes the browser even considering that the token will be valid for the API for the upcoming token expiration time (3min-ish).
  • [ ] May need to create a specific API authenticated endpoint to execute the audit event only (e.g. api/audit).
  • [ ] Basic E2E tests for the new API endpoints.

Additional Context

  • This is used for Security audit and will be reviewed in Kibana/SIEM
  • Users are allowed to explicitly log-out of their respective portals.
  • A user can also leave their respective portal by closing their browsing session, or session time-out.
  • All entries will be written to the console so that they will be recorded in the SIEM.
  • Log entry format: [PATH} From [IP Address] | User GUID: [GUID from KeyCloak], Event: [Logged In/Logged Out/Browser Closed/Session Timed Out], Portal: [Student User/Supporting User/Institution User/Ministry User]
    • NOTE: Assuming that the log entry will already be prefixed wit the date and time as other log entries in the console already have.
    • Example: /ministry/login From 68.99.156.60 | User GUID: '04A2054629E44B1ca8e18e553da99999@idir', Event: Browser Closed, Portal: Ministry
      • Note the quotation marks around the User GUID are NOT required. They were necessary only in the context of this ticket to prevent zenhub from shortening the GUID and making it a hyperlink.

mzmichellesmith avatar Dec 11 '20 05:12 mzmichellesmith

We need to log our own logon/logoff events - this is the requirement from our Security team

IrenaMilosevic1 avatar Feb 23 '22 22:02 IrenaMilosevic1

Duplicate of #909.

TeresaBia avatar May 09 '22 21:05 TeresaBia

Re-opening this and closing #909 as duplicate.

TeresaBia avatar May 10 '22 22:05 TeresaBia