Capture Login user details on dsp page

Kumar_Saurav2 · September 7, 2022, 1:57am

Hi Expert,
I am looking for a way I can capture the user details logged in to the dsp page for auditing purpose. Do we have any inbuilt IS service that can be used to perform this task ?

Nagendra_Prasad · September 7, 2022, 10:27am

The user details are already present in the dsp page at the top along with the instance name and the IP Address. Note that this corresponds to the user credentials which have been used to log in in the current session.
As an administrator, you can also choose to enable the security logs (Logs->Security) which will log Authentication , Authorization and other event types that can be configured in the Settings->Logging->Security Logger in the admin UI.

It is not clear what the exact usecase is, perhaps you can elaborate more on what you mean by auditing.
-NP

John_Carter4 · September 7, 2022, 10:56am

Do you mean you want to identify the user at runtime from within a service ?

If so you need to write a small java service e.g.

public static final void getUserID(IData pipeline) throws ServiceException {
	 String sessionId = null;
	 String name = null;
		 
	    if (Service.getSession() != null)     {
	        try {
	            sessionId = Service.getSession().getSessionID();
	            name = Service.getSession().getUser().getName();
	        } catch (Exception e) {
	            throw new RuntimeException("Unable to retrieve the session ID : " + e);
	        }
	    }
	
	    IDataCursor c = pipeline.getCursor();
	    IDataUtil.put(c, "sessionID", sessionId);
		    
	    if (name != null && !name.equals("Default") && !name.equals("webTaskUser"))
	    		IDataUtil.put(c, "userID", name);
		    
	    	IDataUtil.put(c, "uniqueID", sessionId + getNextCount());
	    c.destroy();	   
}

Nagendra_Prasad · September 7, 2022, 11:18am

@John_Carter4 , I thought about this one too, but I couldn’t see how this helps, if you are running this service, that means that you have already logged in /connected with a particular user. And if you have connected , then you know the user anyway.
Perhaps I’m missing the why here.

-NP

John_Carter4 · September 7, 2022, 11:32am

Not necessarily, perhaps the user was authentication via openID or OAuth in which case you won’t know. Or it could be that you have a login screen but perhaps it’s authentication directly against /invoke/wm.server/login

regards,
John.

Kumar_Saurav2 · September 7, 2022, 9:20pm

Thanks John. This is exactly I was looking for. Basically for auditing purpose , we need to capture the user who is login to the dsp and performing changes.

Kalpesh_Shah1 · September 7, 2022, 9:39pm

In case, if this is useful, IS already provides ways to capture HTTP log information. Please have a look @ watt.server.httplog property and “The HTTP Log” section in IS’s Admin Guide - Untitled (softwareag.com).

system · March 6, 2023, 9:40pm

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.