HPMA Audit Message Reference

ETAF—Security Authentication Failed

A connection attempt using Transport Layer Security (TLS) has failed.

Table 28: ETAF—Security Authentication Failed Fields

Code

Field

Description

 

 

 

CNID

Connection

The unique grid identifier for the TCP/IP connection

 

Identifier

over which the authentication failed.

 

 

 

RUID

User Identity

A service dependent identifier representing the identity

 

 

of the remote user.

 

 

 

RSLT

Reason Code

The reason for the failure:

 

 

SCNI—Secure connection establishment failed.

 

 

CERM—Certificate was missing.

 

 

CERT—Certificate was invalid.

 

 

CERE—Certificate was expired.

 

 

CERR—Certificate was revoked.

 

 

CSGN—Certificate signature was invlid.

 

 

CSGU—Certificate signer was unknown.

 

 

UCRM—User credentials were missing.

 

 

UCRI—User credentials were invalid.

 

 

UCRU—User credentials were disallowed.

 

 

TOUT—Authentication timed out.

 

 

 

When a connection is established to a secure service that uses TLS, the credentials of the remote entity are verified using the TLS profile and additional logic built into the service. If this authentication fails due to invalid, unexpected, or disallowed certificates or credentials, an audit message is logged. This enables queries for unauthorized access attempts and other security-related connection problems.

The message could result from a remote entity having an incorrect configuration, or from attempts to present invalid or disallowed cre- dentials to the system. This audit message should be monitored to detect attempts to gain unauthorized access to the system.

36

HP Medical Archive

Page 46 Page 48
Page 47
Image 47
HP Medical Archive Solution manual ETAF-Security Authentication Failed Fields
Page 46 Page 48
Top Page Image Contents