auth_authenticators_relay_failed - Relay authenticator failed

This is the documentation for the audit log event auth_authenticators_relay_failed

CEF:0|PhenixID|PAS|6.0.0|auth_authenticators_relay_failed|Relay authenticator failed|6|phxAnalyticsTag= phxAuthenticatorAlias= phxAuthenticatorId= phxAuthenticatorType= phxDelegatedAuthenticatorId= phxEntrypointId= phxEntrypointTransactionType= phxEntrypointType= phxErrorCode= phxErrorCodeNumeric= phxHttpServerId= phxTraceId= reason= relayedSessionIdHash= requestClientApplication= sourceServiceName= src=

An event that signals a user authentication with RelayAuthenticator has failed.

This log is related to:

• auth_authenticators_relay_session_created - Relay authenticator session created - Audit Log
• auth_entrypoints_relay_alreadyclaimed - The relay authentication session has already been claimed - Audit Log
• auth_entrypoints_relay_consentgiven - Consent given for relay authentication session - Audit Log
• auth_entrypoints_relay_incorrectotp - Relay authentication session successful - Audit Log
• auth_entrypoints_relay_stateupdated - Updated relay authentication session state - Audit Log

• Severity: 6 WARNING

Attributes

phxAnalyticsTag

• Data type: String

A configured tag used to help identify the events from this authenticator

phxAuthenticatorAlias

• Data type: String

The authenticator alias

phxAuthenticatorId

• Data type: String

The authenticator id

phxAuthenticatorType

• Data type: String
• The type of authenticator used
• Possible values
  • AuthSelector Auth selector authenticator
  • AnonymousAssignment Anonymous assignment authenticator (One Touch)
  • Assignment Assignment authenticator (One Touch for specific user)
  • BankID BankID Authenticator
  • Dynamic Dynamic authenticator
  • FIDO FIDO authenticator
  • Freja Freja eID authenticator
  • Nias NetID Access Server (Nias) authenticator
  • Relay Relay authenticator
  • RPBroker OIDC Relying party broker authenticator
  • Sequence Sequence authenticator
  • Siths Siths eID authenticator
  • SPBroker SAML SP Broker authenticator
  • WinSSO Windows SSO authenticator
  • Unknown Unknown authenticator

The type of authenticator

phxDelegatedAuthenticatorId

• Data type: String

The ID of the authenticator performing the actual authentication once the relayed session has been claimed

phxEntrypointId

• Data type: String

Id of the entrypoint in the configuration

phxEntrypointTransactionType

• Data type: String
• The type of transaction -- whether it is an authentication or signature transaction.
• Possible values
  • AUTH An authentication transaction.
  • SIGN A signature transaction.

The type of transaction taking place at the entrypoint

phxEntrypointType

• Data type: String
• The type of entrypoint used for the authentication session
• Possible values
  • OIDC The OpenID Connect entrypoint.
  • SAML The SAML entrypoint.
  • Internal The INTERNAL entrypoint.
  • Relay The RELAY entrypoint.
  • Unknown Unknown entrypoint type.

The entrypoint / protocol used in the authentication session

phxErrorCode

• Data type: String

The textual error code, if applicable

phxErrorCodeNumeric

• Data type: Integer

The numeric error code, if applicable

phxHttpServerId

• Data type: String

The id of the HTTP server in the configuration that received the incoming request

phxTraceId

• Data type: String

The trace id of the request

reason

• Data type: String

The reason, if applicable

relayedSessionIdHash

• Data type: String

A hash value of the relay session id

requestClientApplication

• Data type: String

The user agent for the HTTP client

sourceServiceName

• Data type: String

The request issuer, for example the SAML2 SP's entity id, or the OIDC client id

src

• Data type: String

The source IP address