Secure Login Server: Track User Enrollments

CHALLENGE

You need to know how many user enrollments have been performed by Secure Login Server in a given period of time, either for auditing reasons, to optimise the system resources, to find peaks and clusters in your user´s SSO day, or to find issues and potential attacks.

SOLUTIONS

Secure Login Server 2.0 / 3.0 does not provide its own audit logs. Instead, all successful or failed enrollment events are put into NetWeaver standard logs.

For advanced use cases, Secure Login Server is also able to write all successfully enrolled user requests and responses into the file system.

USING NETWEAVER LOGS

In NetWeaver Administrator, go to Troubleshooting > Logs and Traces >  Log Viewer.

Select View > Customize Layout, and add the column User to your Table Layout.

Select Show Advanced Filter.

Add Application contains sap.com/SecureLoginServer, Date and Time Equals <you desired period>, and Message contains CERTIFICATE CREATION.

Select Apply Filters.

The table now shows all log events of successfully enrolled user certificates. To do an advanced analysis, you can export the results as Excel sheet.

USING CERTIFICATE ARCHIVES

In Secure Login Administration Console, go to Profile Management > Authentication Profiles.

In the profile(s) you want to track, go to Certificate Configuration > Certificate Archiving and Storage.

Turn on the switch Enable storing of archiving certificate, and enter a folder that is accessible in your Secure Login Server host. Make sure that sufficient write permissions are given for your SIDADM, and care for sufficient disk space – once a write operation fails, the profile gets locked automatically. Secure Login Server does not remove such archived files.