Table of Contents

auth_authenticators_winsso_failed - WindowsSSO authenticator failed

This is the documentation for the audit log event auth_authenticators_winsso_failed

CEF:0|PhenixID|PAS|6.0.0|auth_authenticators_winsso_failed|WindowsSSO authenticator failed|6|phxAnalyticsTag= phxAuthenticatorAlias= phxAuthenticatorId= phxAuthenticatorType= phxEntrypointId= phxEntrypointTransactionType= phxEntrypointType= phxErrorCode= phxErrorCodeNumeric= phxHttpServerId= phxIwaProtocol= phxTraceId= reason= requestClientApplication= sourceServiceName= src=

An event that signals a user authentication with the WindowsSSO authenticator has failed

  • Severity: 6 WARNING

Attributes

phxAnalyticsTag

  • Data type: String

A configured tag used to help identify the events from this authenticator

phxAuthenticatorAlias

  • Data type: String

The authenticator alias

phxAuthenticatorId

  • Data type: String

The authenticator id

phxAuthenticatorType

  • Data type: String
  • The type of authenticator used
  • Possible values
    • AuthSelector Auth selector authenticator
    • AnonymousAssignment Anonymous assignment authenticator (One Touch)
    • Assignment Assignment authenticator (One Touch for specific user)
    • BankID BankID Authenticator
    • Dynamic Dynamic authenticator
    • FIDO FIDO authenticator
    • Freja Freja eID authenticator
    • Nias NetID Access Server (Nias) authenticator
    • Relay Relay authenticator
    • RPBroker OIDC Relying party broker authenticator
    • Sequence Sequence authenticator
    • Siths Siths eID authenticator
    • SPBroker SAML SP Broker authenticator
    • WinSSO Windows SSO authenticator
    • Unknown Unknown authenticator

The type of authenticator

phxEntrypointId

  • Data type: String

Id of the entrypoint in the configuration

phxEntrypointTransactionType

  • Data type: String
  • The type of transaction -- whether it is an authentication or signature transaction.
  • Possible values
    • AUTH An authentication transaction.
    • SIGN A signature transaction.

The type of transaction taking place at the entrypoint

phxEntrypointType

  • Data type: String
  • The type of entrypoint used for the authentication session
  • Possible values
    • OIDC The OpenID Connect entrypoint.
    • SAML The SAML entrypoint.
    • Internal The INTERNAL entrypoint.
    • Relay The RELAY entrypoint.
    • Unknown Unknown entrypoint type.

The entrypoint / protocol used in the authentication session

phxErrorCode

  • Data type: String

The textual error code, if applicable

phxErrorCodeNumeric

  • Data type: Integer

The numeric error code, if applicable

phxHttpServerId

  • Data type: String

The id of the HTTP server in the configuration that received the incoming request

phxIwaProtocol

  • Data type: String
  • The IWA protocol used
  • Possible values
    • Negotiate The Negotiate protocol
    • NTLM The NTLM protocol

The IWA protocol used

phxTraceId

  • Data type: String

The trace id of the request

reason

  • Data type: String

The reason, if applicable

requestClientApplication

  • Data type: String

The user agent for the HTTP client

sourceServiceName

  • Data type: String

The request issuer, for example the SAML2 SP's entity id, or the OIDC client id

src

  • Data type: String

The source IP address