Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Audit logs should show roles #2823

Closed
klizhentas opened this issue Jul 2, 2019 · 2 comments
Closed

Audit logs should show roles #2823

klizhentas opened this issue Jul 2, 2019 · 2 comments
Assignees
@klizhentas
Labels
good-starter-issue Good starter issue to start contributing to Teleport
Milestone
4.1 "Seattle"

Comments

@klizhentas
Copy link
Contributor

Description

The audit log of the user success full login should show the roles
of the user to simplify troubleshooting
@klizhentas klizhentas added this to the 4.1 "Seattle" milestone Jul 2, 2019
@klizhentas
Copy link
Contributor Author

Also, K8s proxy should log audit requests with all requests to the API server.

@klizhentas
Copy link
Contributor Author

Also, see zendesk ticket #411 that asks to include claims/attribute statements to the audit log:

Whenever user is using SAML/OIDC and the RBAC fails to map claims to roles, audit log error looks like this:

{"error":"unable to map claims to role for connector: <connector>","event":"user.login","method":"oidc","success":false,"time":"2019-01-03T16:30:11Z"}

But what would be really useful is to see what claims are being sent
I cant really guide someone here other than saying, its configured wrong with no more info
I know its right, but convincing other teams tend to not believe it with out seeing it

Suggestesd solution is to add claims sent by the SAML/OIDC identity provider to the audit log

@klizhentas klizhentas added the good-starter-issue Good starter issue to start contributing to Teleport label Jul 10, 2019
@klizhentas klizhentas self-assigned this Aug 6, 2019
klizhentas added a commit that referenced this issue Aug 7, 2019
@klizhentas
Include identity traits in the audit log.
e23e8ef 
Implements #2823
@klizhentas klizhentas mentioned this issue Aug 7, 2019
Merged
klizhentas added a commit that referenced this issue Aug 7, 2019
@klizhentas
Include identity traits in the audit log.
1327929 
Implements #2823
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@klizhentas klizhentas

Labels
good-starter-issue Good starter issue to start contributing to Teleport
Projects
None yet
Milestone
4.1 "Seattle"
Development

No branches or pull requests
1 participant
@klizhentas