Access Event Type

Programming Guides › Programming Guide for C › Event API Guidance › Event API Reference › Access Event Type

Access Event Type

Access events result from user-related activities. They are called in the context of authentication, authorization, administration, and affiliate activity.

There are four categories of access events. Each of these event categories responds with its own set of events. The following table lists the access event categories and their associated response events.

Event Category	SiteMinder Activity	SiteMinder Event
Authentication	User authentication accepted User authentication rejected User authentication attempted User authentication challenged User session validated	SmLogAccessEvent_AuthAccept SmLogAccessEvent_AuthReject SmLogAccessEvent_AuthAttempt SmLogAccessEvent_AuthChallenge SmLogAccessEvent_ValidateAccept SmLogAccessEvent_ValidateReject SmLogAccessEvent_AuthLogout
Authorization	User authorization accepted User authorization rejected	SmLogAccessEvent_AzAccept SmLogAccessEvent_AzReject SmLogAccessEvent_AzUnresolved
Administration	Administrator login Administrator rejected Administrator logout	SmLogAccessEvent_AdminLogin SmLogAccessEvent_AdminLogout SmLogAccessEvent_AdminReject
Affiliate	—	SmLogAccessEvent_Visit

Filter Access Events

Beginning with SiteMinder v5.x, you can filter the kinds of access events you want to audit and log using the Auditing tab on the Policy Server Management Console. For example, for each of the four event categories you can select Log All Events or Log No Events.

In addition, for the Authentication, Authorization, and Administration categories, you can select Log Rejection Events Only. For example, if this option is selected for the Authentication category, SmLogAccessEvent_AuthReject events would be logged, but SmLogAccessEvent_AuthAccept events would not be. Also, note the following behavior when Log Rejection Events Only is selected:

SmLogAccessEvent_AuthAttempt events are not logged.
A login attempt that does not result in an accepted authentication is considered a failure. However, because the authentication was not actually rejected, events are not logged if Log Rejection Events Only is selected.

You can use SmLogAccessEvent_AuthAttempt events for intrusion detection.
SmLogAccessEvent_AuthChallenge events are logged.
A challenge is not considered a failure. It simply indicates a need for additional authentication information. However, because a challenge involves a rejected authentication, events are logged if Log Rejection Events Only is selected.