Logging Client IP Address instead of Load Balancer IP Address


If Sun Identity Manager version 8.1 is deployed with a Load Balancer or Reverse HTTP Proxy server in front of it and you need to log the IP address of the actual client in Audit logs then you need to configure Identity Manager (IdM) to pick the client IP address from the HTTP request headers. For example, if the Load Balancer sends the actual client IP address in the "X-Forwarded-For" HTTP request header then you would have to modify the IdM “Waveset.properties” file to make it read this header and log the client IP address from this header. To do this, edit the "Waveset.properties" file and set "client.headerIPVariable" as follows:

client.headerIPVariable=X-Forwarded-For

Save the “Waveset.properties” file and restart IdM server. Now when a user logs in to IdM, you should see the actual IP address of the actual client rather than the Load Balancer IP address being logged in IdM Audit logs. Some times the "X-Forwarded header" of an incoming HTTP request can contain multiple IP addresses like "<Client IP>, <Proxy IP>, <Load Balancer IP>". In this case, I noticed that IdM 8.1 logs all three IP addresses, which is nice.

Comments:

Post a Comment:
Comments are closed for this entry.
About

manish

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today