Authentication Logs
The ADSS Signing Service keep record of every authentication request and corresponding
response made to the service in the authentication log for auditing
purpose. Each item in the image is described below:
Each item in the screenshot is described below:
| Item |
Description |
| Clear Search | After a Search this window will only show the filtered records. The Clear Search button is used to view the full set of records. |
| Search | This opens a new window where search criteria can be entered based on each column of the authentication logs grid. |
| Customise Columns | This opens a new window to configure which column need to be shown in the grid and which column need to be hidden. See below for more details |
| |< < > >| | These buttons are for navigating the different pages of the authentication logs. Note: The number of records shown per page is configurable from within Global Settings. |
| Export Logs | Exports the authentication logs into a zipped CSV file in human readable format. |
| Verify Integrity | Verifies the integrity of the Authentication log records. It detects tampered and deleted records and
generates a report that can be exported to a physical drive. Note: When exporting HMAC verification reports, it is recommended to save the file with “.html” extension so that the report can be viewed in a web browser. |
| Show Archived | This opens a new window where you can import and view previously archived file i.e. archived/exported Authentication logs. |
| Log ID | A unique serial number for the log record, it is system-defined and not part of the request/response messages. |
| Mobile Number |
The Mobile device number on which the OTP (One-Time password) was sent. |
| Response Status | This shows whether a “success” or “failure” response was returned. |
| Request Time | Records the date/time when the request was received. |
| Response Time | Records the date/time when the response was sent. |
| Originator ID | This is the client’s Originator ID as found in the
request message. ADSS Signing Service verifies it is a legitimate
Originator ID as registered in the Client Manager module before granting
access to the signing service. For more details see the link Registering Business Applications |
| TLS Cert | Clicking on “View” link under this column displays the TLS client authentication certificate. The “View” link is only present when TLS client authentication was used to send requests to the signing service. |
| Doc Signing Cert | This column shows the Common Name of the document signing certificate. |
| Error Code | Hover your mouse over the "View" link to show the error message e.g. Failed to proccess request - certificte does not exisits against the alias etc. |
The Signing Service Authentication records can be sorted in either ascending or descending order by selecting a table column from the drop down list.
From the drop down menu in above screen, choose Import Archived and click on Go button. This will show the following screen:
| Item | Description |
| Import archived transaction file |
Use this option to browse the archived log file in zip
format from the operator machine. By using this option the archived log
file is uploaded on the ADSS Server. It can be an expensive operation if
the file is of large size so the operator is allowed to upload a file
with maximum size up to 25 MB. Use the archived file path option for
files bigger than 25 MB. |
| Archived transaction file path |
Use this option if the file size is greater than 25 MB.
This option does not upload the archived file to the server. Rather the
server reads the file from given file path before importing which is
faster than the above option. You can either specify the local file
system path or a network path. Note: Do specify the archived log file name in the file path. |
Archived transaction records are temporarily imported into the ADSS Server database for viewing purposes only (these are not re-stored in the database for future use) and these are removed when you next visit the transactions logs page.
As explained above, clicking on the Search button on Authentication Logs displays following screen:
This helps to locate a particular type of authentication transaction. The Authentication Logs can be searched based on "Log ID, Request ID", "Originator ID", "Mobile Number", "Response Status", "Request Time From", "Request Time To", "Response Time From" and "Response Time To". If a search is based on multiple values, then these will be combined together using the “AND” operand, and thus only records that meet all the criteria will be presented.
If "_" character is used in the search then it will act as wildcard.Clicking on the Customise Columns button on Authentication Log viewer will display the following screen:
By default few columns are in the "Selected Columns" list. In order to hide a column move the required column to "Available Columns" list
Each log record within the database is protected with a cryptographic HMAC checksum to detect any intentional or accidental modification of records. Clicking the Verify Integrity button verifies the log integrity by checking each checksum and generates a report as shown below:
Click on the Export logs button to export the request/response to a network file. Clicking the Fix HMAC Errors button will re-calculate the HMAC for tempered authentication logs records for this module.
This option will not detect the unauthorized deleted records but it will only fix the unauthorized modifications and/or ambiguous records for which HMAC value is not present/incorrect.Clicking on the link for Log ID shows detail of the selected log as shown below:
See also