Sessions
Session is a context of an authentication and capture various details about the client context, the type of authentication, exploiter device, authentication device, which methods where used, claims and other. This session is created by the server when the service provider initiates the authentication, it gets an unique ID and keeps updated on each step and action made by the client during the authentication journey.
Captured details:
journey ID - each authentication is performed using a journey. A journey is a collection of rules used during the authentication and can enforce multiple authentication steps.
the type of the authentication (QR, PUSH, SMS, PIN, TOTP, SPNEGO, YUBICO_OTP, FIDO, …)
authentication related timestamps:
request time - the time the authentication was requested by the client
register time - the time of authentication registration in Veridium backend
expire time - the expiration time of the authentication. When the expiration is reached without a final resolution, then the session is closed with timeout status
complete time - the session close time. This value is filled when the final session status is set.
authentication final status. This value can be: completed, failed, timeout, canceled
identity details: ID, external ID, UPN and display name
identity external claims - the external claims fetched from Active Directory
exploiter devices - this object tracks:
the name and device ID of the Identity Provider
the service provider ID and name
service provider user agent - it can be either browser or desktop context (like the IP, browser name, browser version, OS details, …)
authenticator device - it can be mobile device or browser or desktop (application version, mobile device name, OS, IP, browser name, browser version, …)
biometric methods used during the authentication, no of attempts and final status (successfully used or failed)
Storage format in Elasticsearch
The sessions are stored in 2 index aliases:
sessions - finished veridium sessions. The source document is the serialised json of the AuthenticationSession entity from the main model
sessions_history - contains the history changes of the session. The document is used to load the full history of the session as raw data for now without indexed field yet. TODO: the sessions history will be migrated to the model similar to accounts and devices (later added).
Sessions indices
Sessions are distributed in indices using time window pattern. One index for each month following the pattern sessions-YYYY-MM (veridium.sessions-2024-02).
The same rules apply for sessions history index. Pattern: sessions_history-YYYY-MM (veridium.sessions_history-2024-02).
The index is automatically created when the first session index request is received for the current month.
Documents are never individually deleted, only the entire index gets deleted according to the lifecycle policy.
Search and statistics
The search and statistics requests are done against the “sessions“ alias. This alias incluse all sessions indices.
Sessions document model
Searchable fields
Field path | Functional meaning | Mapping types | Notes | Example value |
|---|---|---|---|---|
|
| searchable as keyword only (exact value) |
| |
|
|
| ||
|
|
|
| |
|
| full text search (individual terms, partial terms, lower/upper case) |
| |
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
| full text search (individual terms, partial terms, lower/upper case) |
| |
|
|
| ||
|
|
| ||
|
|
|
| |
|
|
| ||
| time the authentication requested |
|
| |
| time the session was inserted in DB |
|
| |
| session completion |
|
| |
| session expire time |
|
| |
|
|
| ||
|
| full text search (individual terms, partial terms, lower/upper case) |
| |
|
|
| ||
|
|
|
| |
|
|
| ||
| successfully applied the biometrics?! |
| boolean filter can be applied |
|
|
| range filter, sessions counts by retries | ||
|
| 0 | ||
|
|
|
| |
|
|
| ||
|
| full text search (individual terms, partial terms, lower/upper case) |
| |
|
|
|
| |
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
|
| |
|
| full text search (individual terms, partial terms, lower/upper case) |
| |
|
|
| ||
|
|
|
| |
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
| 2 | ||
|
|
| ||
|
|
| ||
|
| 1.0 | ||
|
| 1 | ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
| ||||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
| ||
|
|
CODE
| ||
|
| search or group by individual group keyword |
CODE
| |
|
|
| ||
|
|
| ||
Example of json session document:
{
"id": "f75e7f4f-352a-4fbd-9d6c-7af06a54a7a6",
"alias": {},
"applicationId": "AD",
"accountId": "aad40845-0fa4-4159-9db6-d32865f6e7f9",
"exploiterDeviceId": "shibboleth_dc1",
"status": "COMPLETED",
"biometricMethods": [
{
"type": "TOUCHID",
"status": true,
"retries": 0
}
],
"journeyId": "b8204060-2127-4ade-9d04-e06b68f90bd8",
"journeyDefinitionId": "d9544754-de7a-415e-b087-c33adf35b685",
"journeyStateName": "Authenticated",
"commands": [],
"ubaMotionOutput": {
"answer": 2,
"answerConfidence": "HIGH",
"score": 1.0,
"resolveType": "processed",
"errorMessage": "",
"errorCausedBy": ""
},
"ubaContextOutput": {
"answer": 1,
"answerConfidence": "HIGH",
"score": 4.299605940341516,
"resolveType": "processed",
"scoreReason": {
"DIFFERENT_DEVICE": "[Current mobile app version is 3.2.7, while previously used ones are: 3.6.0.]"
},
"criteriaMet": {
"SAME_COUNTRY_CODE": "[Country code is the same: RO. Source: MOBILE.]",
"IP_IN_HISTORY": "[IP address or IP class for authenticator is in user history., IP address or IP class for workstation is in user history.]",
"NORMAL_TRAVEL": "[The user has traveled (km) 0.0075 with a speed (km/h) of 0.0001 in (hh:mm:ss): 51:18:41. Geolocation source: MOBILE]",
"IP_LOCAL_NETWORK": "[Authenticator IP address from private network (Class A)]"
},
"errorMessage": "",
"errorCausedBy": ""
},
"ubaSessionId": "f75e7f4f-352a-4fbd-9d6c-7af06a54a7a6",
"location": {
"countryCode": "RO",
"source": "MOBILE",
"countryName": "Romania",
"city": "Bucharest",
"coordinates": {
"latitude": 44.5298949,
"longitude": 26.0597304
},
"accuracy": 5.0,
"errorCode": 0
},
"authenticationDeviceName": "iPhone",
"authenticationDeviceDescription": "iPhone12,3 ' 17.3.1",
"authenticationDeviceType": "PHONE",
"authenticationDeviceOs": "iOS",
"authenticationDeviceOsVersion": "17.3.1",
"authenticationDevicePhone": "Apple iPhone 11 Pro",
"authenticationDevicePhoneModel": "iPhone12,3",
"authenticationDeviceRegistrationTime": "2024-06-10T12:15:14.399+00:00",
"accountName": "Özgür Şahin",
"exploiterDeviceName": "shibboleth_dc1",
"authenticationResult": "AUTHENTICATED",
"requestTime": "2024-06-11T13:42:50.577+00:00",
"registerTime": "2024-06-11T13:42:52.351+00:00",
"completeTime": "2024-06-11T13:43:10.310+00:00",
"expireTime": "2024-06-11T13:43:12.335+00:00",
"authenticationTime": "2024-06-11T13:43:10.292+00:00",
"transactionType": "B2B",
"transactionCode": "b322d843203a213c7542c0e89bce50608f811a9db5762b235ebd98913b75da5a",
"signatureInformation": [
{
"authenticator": "TOUCHID",
"signature": "MEUCIHFefgbzOMfdZFOhFkNcwU05pcDn51otOKZ3s1+vek4FAiEAxzBxxi8jtkO09KUeQ8osxHb0h/2VJ+thZ02XbxugdFg=",
"publicKey": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYd/oiltCPAHMPpbgqAmMXuwe5TVLOXXUaDr0PuUG2LFidFS2FeEyvI4aXN4YchAa38tcvRORPzON66m8qgITLA==",
"algorithm": "SHA256withECDSA"
}
],
"desktopAuthenticatorType": "SERVER_FULL",
"phoneAuthenticatorType": "CLIENT_FULL",
"identityId": "c6e88ecf-14a1-4adc-9baf-460190d3bbf0",
"identityExternalId": "S-1-5-21-410015106-2063711249-828150371-1261",
"identityDisplayName": "ailie@veridiumid.com",
"identityUpn": "ailie@dev.local2",
"memberDefinitionId": "d2535f4f-f510-4875-8991-55974a566a69",
"memberDefinitionExternalId": "ADv2MultiStepEnrollment",
"type": "QR",
"numberOfFailedAttempts": 0,
"identityToken": {
"id": "b23077d3-3c35-4b1a-a887-c719616af89f",
"authenticationRequestTime": 1718113370577,
"authenticationGrantedTime": 1718113390292,
"authenticationDeviceId": "42c33c26-80c3-4cd9-87d4-580a41b18e22",
"exploiterDeviceId": "shibboleth_dc1",
"expirationTime": 1718116990295,
"subject": "S-1-5-21-410015106-2063711249-828150371-1261",
"upn": "ailie@dev.local2",
"location": {
"countryCode": "RO",
"source": "MOBILE",
"countryName": "Romania",
"city": "Bucharest",
"coordinates": {
"latitude": 44.5298949,
"longitude": 26.0597304
},
"accuracy": 5.0,
"errorCode": 0
},
"ubaOutput": {
"answer": 2,
"answerConfidence": "HIGH",
"score": 1.0,
"resolveType": "processed",
"errorMessage": "",
"errorCausedBy": ""
},
"ubaContextOutput": {
"answer": 1,
"answerConfidence": "HIGH",
"score": 4.299605940341516,
"resolveType": "processed",
"scoreReason": {
"DIFFERENT_DEVICE": "[Current mobile app version is 3.2.7, while previously used ones are: 3.6.0.]"
},
"criteriaMet": {
"SAME_COUNTRY_CODE": "[Country code is the same: RO. Source: MOBILE.]",
"IP_IN_HISTORY": "[IP address or IP class for authenticator is in user history., IP address or IP class for workstation is in user history.]",
"NORMAL_TRAVEL": "[The user has traveled (km) 0.0075 with a speed (km/h) of 0.0001 in (hh:mm:ss): 51:18:41. Geolocation source: MOBILE]",
"IP_LOCAL_NETWORK": "[Authenticator IP address from private network (Class A)]"
},
"errorMessage": "",
"errorCausedBy": ""
}
},
"identityTokenSignature": "alDj3SxaCWIoR4mh0Ub5kZh5L3DxajY6VWeDB+vyJMN9FRBdFQoc4mOWNPliVvMiOkD3Z+zdyUINJ1gJGFSryO5LoO6FVza6HrvfRjIgPBZkujSsMyVzQ8Djf2kvc7PWNn0RKRyZHgO77RKhcI95gP6nd6OKsHEQYGmPF/L17q+tXE6nwze5xD8eeKj+R3dv9ljBU1LKqqFx9cdaqTXPs55YxbDESYbedDFeQUb8QaY8hYFWY9DSHmsgOKXRA33e4XEoEuuiaupvZm4nc5g/EBrVMtM9bny8cNQDDhBF6rRwEkFmpJ6NeLSflipGLrPjejJQ9aEFYDxQFQwL/ZQchfj0HCTFYGvR7XHhB8A1xv0rbuch4GLxQ7T3QvP4tixROwUD7fvVTqToLDg2pOZ8vdcSZm6S3DCNTwbKXHVPbbZ3uFXO+0tc+ZWoDluwru9vfpeo1Q/O/Tl9CEdp35eRN5dh4Tre1GOJqqqcJ4yCXfXX+OKVPciV3paPGSSqHRHE1svKTZjIY5p2TGhzWqCaz6bppJ2sCtHp80+bfR8OStiXrjLA3kPJ5i3ISQrBAeJgYDNu2/e8fq9+EZm9oI+kje1qq32DpFosuEBqzJnGGzwT0NPuzd7Z5/x4Xc8tTIG+yhIKIBHVLeq4oq4dTWzQepTElEvkfVPp8rq6NdxvZqg=",
"identityTokenJWT": {
"jti": "b23077d3-3c35-4b1a-a887-c719616af89f",
"sub": "S-1-5-21-410015106-2063711249-828150371-1261",
"aud": [
"ADv2MultiStepEnrollment",
"shibboleth_dc1"
],
"iss": "VeridiumID",
"exp": 1718116990,
"iat": 1718113390,
"tt": null,
"tc": "b322d843203a213c7542c0e89bce50608f811a9db5762b235ebd98913b75da5a",
"sid": "f75e7f4f-352a-4fbd-9d6c-7af06a54a7a6",
"ad": "42c33c26-80c3-4cd9-87d4-580a41b18e22",
"ed": "shibboleth_dc1",
"upn": "ailie@dev.local2",
"location": {
"countryCode": "RO",
"source": "MOBILE",
"countryName": "Romania",
"city": "Bucharest",
"coordinates": {
"latitude": 44.5298949,
"longitude": 26.0597304
},
"accuracy": 5.0,
"errorCode": 0
},
"uba_motion": {
"answer": 2,
"answerConfidence": "HIGH",
"score": 1.0,
"resolveType": "processed",
"scoreReason": null,
"criteriaMet": null,
"errorMessage": "",
"errorCausedBy": ""
},
"uba_context": {
"answer": 1,
"answerConfidence": "HIGH",
"score": 4.299605940341516,
"resolveType": "processed",
"scoreReason": {
"DIFFERENT_DEVICE": "[Current mobile app version is 3.2.7, while previously used ones are: 3.6.0.]"
},
"criteriaMet": {
"SAME_COUNTRY_CODE": "[Country code is the same: RO. Source: MOBILE.]",
"IP_IN_HISTORY": "[IP address or IP class for authenticator is in user history., IP address or IP class for workstation is in user history.]",
"NORMAL_TRAVEL": "[The user has traveled (km) 0.0075 with a speed (km/h) of 0.0001 in (hh:mm:ss): 51:18:41. Geolocation source: MOBILE]",
"IP_LOCAL_NETWORK": "[Authenticator IP address from private network (Class A)]"
},
"errorMessage": "",
"errorCausedBy": ""
}
},
"externalValues": {},
"contextValues": {},
"authenticatorDeviceContext": {
"localDateTime": "2024-06-12T13:42:09.918+00:00",
"timezoneOffset": -180,
"ip": "10.202.102.102",
"location": {
"countryCode": "RO",
"source": "MOBILE",
"countryName": "Romania",
"city": "Bucharest",
"coordinates": {
"latitude": 44.5298949,
"longitude": 26.0597304
},
"accuracy": 5.0,
"errorCode": 0
},
"userAgentName": "VeridiumAuthenticator DEV",
"userAgentVersion": "3.2.7",
"userAgentDevice": "Phone",
"language": "en",
"internetConnectionType": "WiFi",
"deviceMake": "Apple",
"deviceModel": "iPhone12,3",
"osName": "iOS",
"osVersion": "17.3.1",
"isRooted": false,
"hasHardwareCryptoSupport": true,
"rooted": false
},
"exploiterDeviceContext": {
"localDateTime": "2024-06-11T13:42:50.517+00:00",
"timezoneOffset": -180,
"ip": "95.43.32.22,95.43.32.23",
"location": {
"ip": "95.43.32.22",
"countryCode": "BG",
"countryName": "Bulgaria",
"regionCode": "22",
"regionName": "Sofia-Capital",
"city": "Sofia",
"postalCode": "1000",
"coordinates": {
"latitude": 42.6951,
"longitude": 23.325
},
"accuracy": 0.0,
"errorCode": 0
},
"userAgentRaw": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36",
"userAgentName": "Chrome",
"userAgentVersion": "125.0.0",
"userAgentDevice": "Mac",
"userAgentTrustId": "17434b7f-56ac-4514-90a7-ef20b3a7e937",
"language": "en-GB",
"osName": "Mac OS X",
"osVersion": "10.15.7",
"isRooted": false,
"hasHardwareCryptoSupport": false,
"serviceIdentifier": "SSP",
"serviceFriendlyName": "Self Service Portal",
"rooted": false
},
"identityExternalValues": {
"commonName": "CN=Alex Ilie,OU=Users,OU=Dev,DC=dev,DC=local",
"lastName": "Şahin",
"firstname": "Özgür",
"mail": "ailie@veridiumid.com",
"sAMAccountName": "ailie",
"displayName": "Özgür Şahin",
"distinguishedName": "CN=Alex Ilie,OU=Users,OU=Dev,DC=dev,DC=local",
"co": "RO",
"phoneno": "+40741027307",
"lastname": "Şahin",
"firstName": "Özgür",
"upn": "ailie@dev.local2",
"implicitUpn": "ailie@dev.local",
"countryCode": "840",
"displayname": "ailie@veridiumid.com",
"domain": "dev.local",
"memberOf": [
"CN=Veridiumid_Alerts,OU=Groups,OU=Dev,DC=dev,DC=local",
"CN=Veridiumid_Licensing,OU=Groups,OU=Dev,DC=dev,DC=local",
"CN=Veridiumid_AppAdmins,OU=Groups,OU=Dev,DC=dev,DC=local",
"CN=Administrators,CN=Builtin,DC=dev,DC=local",
"CN=Domain Admins,CN=Users,DC=dev,DC=local",
"CN=MFA-UBA,OU=Groups,OU=Dev,DC=dev,DC=local",
"CN=Remote Desktop Users,CN=Builtin,DC=dev,DC=local",
"CN=Domain Users,CN=Users,DC=dev,DC=local",
"CN=Remote Management Users,CN=Builtin,DC=dev,DC=local",
"CN=GroupTest,OU=Groups,OU=Dev,DC=dev,DC=local",
"CN=localgroup,OU=Groups,OU=QC,DC=qc,DC=local",
"CN=Veridiumid_Users,OU=Groups,OU=Dev,DC=dev,DC=local"
],
"email": "ailie@veridiumid.com",
"userPrincipalName": "ailie@dev.local2",
"pwdLastSet": "133621451928092660"
},
"assignedAgentTrust": {
"identityId": "c6e88ecf-14a1-4adc-9baf-460190d3bbf0",
"trustId": "17434b7f-56ac-4514-90a7-ef20b3a7e937",
"sessionId": "15a93b13-1ba5-4c75-900d-061ecd415aa3",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36",
"expireTime": "2024-07-10T07:56:00.923+00:00"
},
"httpContextIP": "10.202.102.102"
}