diff --git a/packages/console/src/consts/logs.ts b/packages/console/src/consts/logs.ts index 0a1ff2495..f1e5bf1d7 100644 --- a/packages/console/src/consts/logs.ts +++ b/packages/console/src/consts/logs.ts @@ -104,6 +104,8 @@ export const auditLogEventTitle: Record> & { 'Create and send forgot-password SMS verification code', 'Interaction.ForgotPassword.Verification.SmsVerificationCode.Submit': 'Verify forgot-password SMS verification code', + 'Interaction.SignIn.Verification.IdpInitiatedSso.Create': + 'Create IdP-initiated SAML SSO authentication session', }); export const logEventTitle: Record> & { diff --git a/packages/core/src/routes/authn.ts b/packages/core/src/routes/authn.ts index 8fa9e963b..4d100d989 100644 --- a/packages/core/src/routes/authn.ts +++ b/packages/core/src/routes/authn.ts @@ -18,6 +18,7 @@ import { import { idpInitiatedSamlSsoSessionCookieName } from '../constants/index.js'; import { EnvSet } from '../env-set/index.js'; +import koaAuditLog from '../middleware/koa-audit-log.js'; import { ssoPath } from './interaction/const.js'; import type { AnonymousRouter, RouterInitArgs } from './types.js'; @@ -183,6 +184,7 @@ export default function authnRoutes( params: z.object({ connectorId: z.string().min(1) }), status: [302, 400, 404], }), + koaAuditLog(queries), async (ctx, next) => { const { params: { connectorId }, @@ -237,6 +239,13 @@ export default function authnRoutes( const { autoSendAuthorizationRequest, clientIdpInitiatedAuthCallbackUri } = idpInitiatedAuthConfig; + const log = ctx.createLog('Interaction.SignIn.Verification.IdpInitiatedSso.Create'); + log.append({ + connectorId, + ssoSessionId: id, + assertionContent, + }); + // Redirect to the client side callback URI if the autoSendAuthorizationRequest is disabled. // Client side will generate and verify the state to prevent CSRF attack. if (!autoSendAuthorizationRequest) { diff --git a/packages/schemas/src/types/log/interaction.ts b/packages/schemas/src/types/log/interaction.ts index f70a13f4e..aebade7bb 100644 --- a/packages/schemas/src/types/log/interaction.ts +++ b/packages/schemas/src/types/log/interaction.ts @@ -96,4 +96,6 @@ export type LogKey = | Action.Submit | Action.Create}` | `${Prefix}.${InteractionEvent}.${Field.Verification}.${VerificationType}.${Action}` - | `${Prefix}.${InteractionEvent}.${Field.Identifier}.${Action.Submit}`; + | `${Prefix}.${InteractionEvent}.${Field.Identifier}.${Action.Submit}` + // IdpInitiatedSingleSignOn log, used upon receiving a SAML request from the IdP + | `${Prefix}.${InteractionEvent.SignIn}.${Field.Verification}.IdpInitiatedSso.${Action.Create}`;