Log Formats and Examples

Access Gateway logs all events and actions, including administrative actions and user access and authorization states.

General log format

Access Gateway logs audit events in the following format:

TIMESTAMP HOSTNAME APPLICATION PROCID COMPONENT SUB-COMPONENT LOG_LEVEL EVENT [STRUCTURED_DATA] MESSAGE

Log Statement Fields

Field

Description

TIMESTAMP Current system date and time
HOSTNAME Machine hostname
APPLICATION Access Gateway
PROC_ID Process layer
COMPONENT Component of the process
SUB-COMPONENT Subcomponent of the process
LOG_LEVEL Log level
EVENT Type of event
STRUCTURED_DATA

Data related to the occurred event important for analysis/troubleshooting
MESSAGE

Readable message

Admin UI Console

Jump_to_top_↑

Startup

Log identifier

Field Value

PROC_ID

WEB_CONSOLE

COMPONENT

 -

SUB-COMPONENT

 -

EVENT

SYSTEM_STARTUP

  1. Initial authentication with access layer success

    1. Log Level: INFO

    2. Message: Startup complete, system ready.

    3. Log Sample:

      Oct 9 09:47:02 example.myaccessgateway.com WEB_CONSOLE - - INFO SYSTEM_STARTUP [] Startup complete, system ready.

User Login

Log identifier

Field Value
PROC_ID WEB_CONSOLE
COMPONENT AUTHN
SUB-COMPONENT LOCAL
EVENT USER_LOGIN

Structured data

Field Description
SESSION_ID

This is the internal session ID created for the user session. You can track user activity with this value.
SUBJECT

Username (admin)
TYPE LOCAL
RESULT

PASS/FAIL
REASON

Reason of successful/unsuccessful authentication
REMOTE_IP

User remote IP address
USER_AGENT

User browser info

  1. Initial authentication with access layer success

    1. Log Level: INFO

    2. Message: User login success: <Username>

    3. Log Sample:

      Oct 9 09:53:08 example.myaccessgateway.com WEB_CONSOLE AUTHN LOCAL INFO USER_LOGIN [SESSION_ID="xNQ45qBSM7iDSh3SJMYRIxud2NOEKKxCRE2xsHSH" SUBJECT="admin" TYPE="LOCAL" RESULT="FAIL" REASON="INVALID_CREDENTIALS" REMOTE_IP="-" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"] User login failed: admin

      Oct 9 09:53:17 example.myaccessgateway.com WEB_CONSOLE AUTHN LOCAL INFO USER_LOGIN [SESSION_ID="xNQ45qBSM7iDSh3SJMYRIxud2NOEKKxCRE2xsHSH" SUBJECT="admin" TYPE="LOCAL" RESULT="PASS" REASON="VALID_CREDENTIALS" REMOTE_IP="-" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"] User login success: admin

User Logout

Log identifier

Field Value

PROC_ID

WEB_CONSOLE

COMPONENT

SESSION

SUB-COMPONENT

LOCAL

EVENT

USER_LOGIN

Structured data

Field Description

SESSION_ID

This is the internal session ID created for the user session. You can track user activity with this value.

SUBJECT

Username (admin)

REASON

USER_ACTION

REMOTE_IP

User remote IP address

USER_AGENT

User browser info

  1. Initial authentication with access layer success

    1. Log Level: INFO

    2. Message: User logout: admin

    3. Log Sample:

      Oct 9 09:58:04 example.myaccessgateway.com WEB_CONSOLE SESSION LOCAL INFO USER_LOGOUT [SESSION_ID="xNQ45qBSM7iDSh3SJMYRIxud2NOEKKxCRE2xsHSH" SUBJECT="admin" REASON="USER_ACTION" REMOTE_IP="-" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"] User logout: admin

System Access Gateway Events

Access Gateway Setup

Log identifier

Field Value

PROC_ID

WEB_CONSOLE

COMPONENT

OAG

SUB-COMPONENT

 -

EVENT

SYSTEM_SPGW_SETUP

Structured data

Field Description

GUID

System identifier

HOST

Access Gateway virtual hostname

COOKIE_DOMAIN

Access Gateway cookie domain

REASON

SYSTEM_SPGW_SETUP

SESSION_ID

This is the internal session ID created for the user session. You can track user activity with this value.

SUBJECT

Username

REMOTE_IP

User remote IP address

USER_AGENT

User browser info

  1. Setup Access Gateway

    1. Log Level: INFO

    2. REASON: OAG_ACCEPT_LICENSE

    3. Message: Access Gateway event host: <Access Gateway Hostname> action: SYSTEM_SPGW_SETUP

    4. Log Sample:

      Oct 9 13:59:59 example.myaccessgateway.com WEB_CONSOLE OAG - INFO SYSTEM_SPGW_SETUP [GUID="82847f5a-2954-4beb-ad47-98d7ab4bdfe2" HOST="<host URL>" COOKIE_DOMAIN="<cookie domain>" REASON="OAG_ACCEPT_LICENSE" SESSION_ID="z8PtxiHk8KPi3Ft3Q-9OSOsODZUaaG04nn91roW5" SUBJECT="admin" REMOTE_IP="-" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"] Access Gateway event host: '<host URL>' action: 'SYSTEM_SPGW_SETUP'

Access Gateway Reset

Log identifier

Field Value

PROC_ID

WEB_CONSOLE

COMPONENT

OAG

SUB-COMPONENT

 -

EVENT

SYSTEM_SPGW_RESET

Structured data

Field Description

GUID

System identifier

HOST

Access Gateway virtual hostname

COOKIE_DOMAIN

Access Gateway cookie domain

REASON

SYSTEM_OAG_RESET

SESSION_ID

This is the internal session ID created for the user session. You can track user activity with this value.

SUBJECT

Username

REMOTE_IP

User remote IP address

USER_AGENT

User browser info

  1. Setup Access Gateway

    1. Log Level: INFO

    2. REASON: OAG_ACCEPT_LICENSE

    3. Message: Access Gateway event host: <Access Gateway Hostname>> action: SYSTEM_OAG_RESET

    4. Log Sample:

      Oct 9 14:23:17 example.myaccessgateway.com WEB_CONSOLE OAG - INFO SYSTEM_OAG_RESET [GUID="82847f5a-2954-4beb-ad47-98d7ab4bdfe2" HOST="<host URL>" COOKIE_DOMAIN="<cookie domain>" REASON="OAG_ACCEPT_LICENSE" SESSION_ID="ThiCzcAPvxVQSkeSi3AIqJUBTIGyJDIOwGc4DRsh" SUBJECT="admin" REMOTE_IP="-" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"] Access Gateway event host: '<host URL>' action: 'SYSTEM_OAG_RESET'

System IDP Status

Log identifier

Field Value

PROC_ID

WEB_CONSOLE

COMPONENT

IDP

SUB-COMPONENT

LOCAL

EVENT

SYSTEM_IDP_STATUS

Structured data

Field Description

NAME

IDP Name

DOMAIN

IDP Domain

TYPE

IDP Type

RESULT

PASS/FAIL

REASON

VALID / INVALID_NETWORK_CONN (FAIL), INVALID_TOKEN (FAIL)

  1. Valid IDP

    1. Log Level: INFO

    2. RESULT: PASS

    3. REASON: VALID

    4. Message: Success confirming IDP status with: <IDP Domain>

    5. Log Sample:

      Oct 9 04:00:00 Access Gateway WEB_CONSOLE IDP LOCAL INFO SYSTEM_IDP_STATUS [NAME="<IDP Name> IDP" DOMAIN="<IDP URL>" TYPE="<Identity Provider type>" RESULT="PASS" REASON="VALID"] Success confirming IDP status with: <IDP URL>

  2. IDP No longer network reachable

    1. Log Level: ALERT

    2. RESULT: FAIL

    3. REASON: INVALID_NETWORK_CONN

    4. Message: Failure confirming connectivity with IDP: <IDP Domain>. Please verify your network configuration.

    5. Log Sample:

      Oct 9 04:02:00 Access Gateway WEB_CONSOLE IDP LOCAL INFO SYSTEM_IDP_STATUS [NAME="<IDP Name> IDP" DOMAIN="<IDP URL>" TYPE="<Identity Provider type>" RESULT="FAIL" REASON="INVALID_NETWORK_CONN"] Failure confirming connectivity with IDP: <IDP URL>>. Please verify your network configuration.

  3. IDP Security Key is no longer valid

    1. Log Level: ALERT

    2. RESULT: FAIL

    3. REASON: INVALID_TOKEN

    4. Message: Failure validating security token with IDP: <IDP Domain>. Please validate token exists and is enabled.

    5. Log Sample:

      Oct 9 04:02:23 Access Gateway WEB_CONSOLE IDP LOCAL INFO SYSTEM_IDP_STATUS [NAME="<IDP Name> IDP" DOMAIN="<IDP URL>" TYPE="<Identity Provider type>" RESULT="FAIL" REASON="INVALID_NETWORK_CONN"] Failure validating security token with IDP: <IDP Domain>. Please validate token exists and is enabled.

System KRB5 Events

Log identifier

Field Value

PROC_ID

WEB_CONSOLE

COMPONENT

KRB5

SUB-COMPONENT

 -

EVENT

SYSTEM_KRB5_EVENT

Structured data

Field Description

REALM

Kerberos Realm

REASON

CREATE/UPDATE/DELETE

SESSION_ID

This is an internal session ID created for the user session. You can track user activity with this value.

SUBJECT

Username

REMOTE_IP

User remote IP address

USER_AGENT

User browser info

  1. Add Kerberos Configuration

    1. Log Level: INFO

    2. REASON: CREATE

    3. Message: Kerberos Realm: <Kerberos Realm> action: CREATE

    4. Log Sample:

      Oct 9 13:06:21 example.myaccessgateway.com WEB_CONSOLE KRB5 - INFO SYSTEM_KRB5_EVENT [REALM="<Kerberos Realm>" REASON="CREATE" SESSION_ID="lAf-w_UtYs2JmxzajaAj2tChuaSk-lKWQK1CAibO" SUBJECT="admin" REMOTE_IP="-" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"] Kerberos Realm: '<Kerberos Realm>' action: 'CREATE'

  2. Update Kerberos Configuration

    1. Log Level: INFO

    2. REASON: UPDATE

    3. Message: Kerberos Realm: <Kerberos Realm> action: UPDATE

    4. Log Sample:

      Oct 9 13:06:40 example.myaccessgateway.com WEB_CONSOLE KRB5 - INFO SYSTEM_KRB5_EVENT [REALM="<Kerberos Realm>" REASON="UPDATE" SESSION_ID="lAf-w_UtYs2JmxzajaAj2tChuaSk-lKWQK1CAibO" SUBJECT="admin" REMOTE_IP="-" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"] Kerberos Realm: '<Kerberos Realm>' action: 'UPDATE'

  3. Delete Kerberos Configuration

    1. Log Level: INFO

    2. REASON: DELETE

    3. Message: Kerberos Realm: <Kerberos Realm> action: DELETE

    4. Log Sample:

      Oct 9 13:06:53 example.myaccessgateway.com WEB_CONSOLE KRB5 - INFO SYSTEM_KRB5_EVENT [REALM="<Kerberos Realm>" REASON="DELETE" SESSION_ID="lAf-w_UtYs2JmxzajaAj2tChuaSk-lKWQK1CAibO" SUBJECT="admin" REMOTE_IP="-" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"] Kerberos Realm: '<Kerberos Realm>' action: 'DELETE'

System App Events

Log identifier

Field Value

PROC_ID

WEB_CONSOLE

COMPONENT

APP

SUB-COMPONENT

 -

EVENT

SYSTEM_APP_EVENT

Structured data

Field Description

GUID

Application identifier

NAME

Application name

TYPE

Application type

DOMAIN

Public domain of application

IDP

IDP Domain

IDP_TYPE

IDP Type

REASON

CREATE, UPDATE, DELETE, ACTIVATE, DEACTIVATE

SESSION_ID

This is an internal session ID created for the user session. You can track user activity with this value.

SUBJECT

Username

REMOTE_IP

User remote IP address

USER_AGENT

User browser info

  1. Create Application

    1. Log Level: INFO

    2. REASON: CREATE

    3. Message: Application: <Application Name> action: CREATE

    4. Log Sample:

      Oct 9 11:30:48 example.myaccessgateway.com WEB_CONSOLE APP - INFO SYSTEM_APP_EVENT [GUID="93d2e78a-c6b7-4c27-83c8-15c2b783d3bb" NAME="Sample Header App" TYPE="SAMPLEHEADER2015_APP" DOMAIN="<App Domain URL>" IDP="<IDP URL>" IDP_TYPE="<Identity Provider type>" REASON="CREATE" SESSION_ID="3dKU4yqIlHkcRUeGb9f9Dh6OSgFjHq3hIMVktx7h" SUBJECT="admin" REMOTE_IP="-" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"] Application: 'Sample Header App' action: 'CREATE'

  2. Update Application

    1. Log Level: INFO

    2. REASON: UPDATE

    3. Message: Application: <Application Name> action: UPDATE

    4. Log Sample:

      Oct 9 11:39:19 example.myaccessgateway.com WEB_CONSOLE APP - INFO SYSTEM_APP_EVENT [GUID="93d2e78a-c6b7-4c27-83c8-15c2b783d3bb" NAME="Sample Header App" TYPE="SAMPLEHEADER2015_APP" DOMAIN="<App Domain URL>" IDP="<IDP URL>" IDP_TYPE="<Identity Provider type>" REASON="UPDATE" SESSION_ID="3dKU4yqIlHkcRUeGb9f9Dh6OSgFjHq3hIMVktx7h" SUBJECT="admin" REMOTE_IP="-" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"] Application: 'Sample Header App' action: 'UPDATE'

  3. Activate Application

    1. Log Level: INFO

    2. REASON: ENABLE

    3. Message: Application: <Application Name> action: ENABLE

    4. Log Sample:

      Oct 9 11:40:56 example.myaccessgateway.com WEB_CONSOLE APP - INFO SYSTEM_APP_EVENT [GUID="93d2e78a-c6b7-4c27-83c8-15c2b783d3bb" NAME="Sample Header App" TYPE="SAMPLEHEADER2015_APP" DOMAIN="<App Domain URL>" IDP="<IDP URL>" IDP_TYPE="<Identity Provider type>" REASON="ENABLE" SESSION_ID="3dKU4yqIlHkcRUeGb9f9Dh6OSgFjHq3hIMVktx7h" SUBJECT="admin" REMOTE_IP="-" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"] Application: 'Sample Header App' action: 'ENABLE'

  4. Deactivate Application

    1. Log Level: INFO

    2. REASON: DISABLE

    3. Message: Application <Application Name> action: DISABLE

    4. Log Sample:

      Oct 9 11:40:08 example.myaccessgateway.com WEB_CONSOLE APP - INFO SYSTEM_APP_EVENT [GUID="93d2e78a-c6b7-4c27-83c8-15c2b783d3bb" NAME="Sample Header App" TYPE="SAMPLEHEADER2015_APP" DOMAIN="<App Domain URL>" IDP="<IDP URL>" IDP_TYPE="<Identity Provider type>" REASON="DISABLE" SESSION_ID="3dKU4yqIlHkcRUeGb9f9Dh6OSgFjHq3hIMVktx7h" SUBJECT="admin" REMOTE_IP="-" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"] Application: 'Sample Header App' action: 'DISABLE'

  5. Delete Application

    1. Log Level: INFO

    2. REASON: DELETE

    3. Message: Application: <Application Name> action: DELETE

    4. Log Sample:

      Oct 9 11:43:09 example.myaccessgateway.com WEB_CONSOLE APP - INFO SYSTEM_APP_EVENT [GUID="93d2e78a-c6b7-4c27-83c8-15c2b783d3bb" NAME="Sample Header App" TYPE="SAMPLEHEADER2015_APP" DOMAIN="<App Domain URL>" IDP="<IDP URL>" IDP_TYPE="<Identity Provider type>" REASON="DELETE" SESSION_ID="3dKU4yqIlHkcRUeGb9f9Dh6OSgFjHq3hIMVktx7h" SUBJECT="admin" REMOTE_IP="-" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"] Application: 'Sample Header App' action: 'DELETE'

Gateway

Jump_to_top_↑

Authentication

Log identifier

Field Value

PROC_ID

ACCESS

COMPONENT

AUTHN

SUB-COMPONENT

SAML

EVENT

USER_AUTHN

Structured data

Field Description

SESSION_ID

This is an internal session ID created for the user session. You can track user activity with this value.

SESSION_AUTH

Temporary session ID

SUBJECT

Username sent with SAML assertion

TYPE

SAML or the involved authentication module

SOURCE

EntityID

SOURCE_TYPE

<Identity Provider type>, IDP_IDCS, IDP_SAML_LOCAL

SOURCE_DOMAIN

IDP domain

SOURCE_AUTHN_TYPE

The authNcontext type from the SAML assertion

APP

Application name that is requested

APP_DOMAIN

Public domain of the requested application

RESULT

PASS/FAIL

REASON

INVALID_RELAY_STATE

REMOTE_IP

User remote IP address

USER_AGENT

User browser info

MSG

The end user message

  1. Initial authentication with access layer success

    1. Log Level: INFO

    2. Message: User login:<Username>

    3. RESULT: PASS

    4. REASON: Valid SAML Assertion

    5. Log Sample:

      Oct 5 22:57:05 example.myaccessgateway.com Access Gateway ACCESS AUTHN SAML INFO USER_AUTHN [SESSION_ID="_6f89fde9801702d4055216fad847dc889536592839" SESSION_AUTH="_99077d998f2b3c0f65ee8dbea6abd1fb389a6e18a4" SUBJECT="<User login name>" TYPE="SAML_2_0" SOURCE="IDP Source URL" SOURCE_TYPE="<Identity Provider type>" SOURCE_DOMAIN="<IDP URL>" SOURCE_AUTHN_TYPE="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" APP="Sample Header App" APP_DOMAIN="<App Domain URL>" RESULT="PASS" REASON="Valid SAML Assertion" REMOTE_IP="192.168.10.20" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"] User login:<User login name>

  2. Time not in sync

    1. Log Level: ERROR

    2. RESULT: FAIL

    3. REASON: Invalid SAML Assertion

    4. Message: Received an assertion that has expired.

    5. Log Sample:

      Oct 29 10:05:14 example.myaccessgateway.com Access Gateway ACCESS AUTHN SAML ERROR USER_AUTHN [TYPE="SAML_2_0" TRACKER_ID="cd6525dee8" SOURCE="https://<IDP URL>/app/template_saml_2_0/exkckwwaxvY3crKhn0h7/sso/saml" RESULT="FAIL" REASON="Invalid SAML Assertion" REMOTE_IP="192.168.10.192" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.62 Safari/537.36"] Received an assertion that has expired. Check clock synchronization on IdP and SP.

  3. RelayState failed validation

    1. Log Level: WARN

    2. RESULT: FAIL

    3. REASON: INVALID_RELAYSTATE

    4. Message: : Failed RelayState validation. RelayState:<Bad RelayState> changed to:<Expected RelayState>.

    5. Log Sample:

      Oct 6 12:56:34 example.myaccessgateway.com Access Gateway ACCESS AUTHN SAML WARN USER_AUTHN [SESSION_ID="_a9b67d3c0007f1614c4ca7ae991e6803d340a3e252" SESSION_AUTH="-" SUBJECT="<User login name>" TYPE="SAML_2_0" SOURCE="http://www.okta.com/exkca4yif7Qpdc6en0h7" SOURCE_TYPE="<Identity Provider type>" SOURCE_DOMAIN="<IDP URL>" SOURCE_AUTHN_TYPE="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" APP="Sample Header App" APP_DOMAIN="<App Domain URL>" RESULT="FAIL" REASON="INVALID_RELAYSTATE" REMOTE_IP="192.168.10.165" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"] Failed RelayState validation. RelayState:https://header.okta.com changed to:https://<App Domain URL>

  4. Access Gateway SAML endpoint is accessed directly

    1. Log Level: ERROR

    2. RESULT: FAIL

    3. REASON: Invalid SAML assertion

    4. Message: Unable to find the current binding.

    5. Log Sample:

      Oct 26 10:21:02 example.myaccessgateway.com Access Gateway ACCESS AUTHN SAML ERROR USER_AUTHN [TYPE="SAML_2_0" TRACKER_ID="cd6525dee8" SOURCE="unknown" RESULT="FAIL" REASON="Invalid SAML Assertion" REMOTE_IP="192.168.10.192" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.62 Safari/537.36"] Unable to find the current binding.

Authorization

Log identifier

Field Value

PROC_ID

ACCESS

COMPONENT

AUTHN

SUB-COMPONENT

SAML

EVENT

USER_AUTZ

Structured data

Field Description

SESSION_ID

This is an internal session ID created for the user session. You can track user activity with this value.

SUBJECT

Username from session

RESOURCE

The URI being accessed

POLICY

Name of the policy

POLICY_TYPE

Type of policy

DURATION

Time it takes to execute the policy

APP

Application name

APP_TYPE

The type of OAG application being used

APP_DOMAIN

Public domain of the requested application

RESULT

ALLOW/DENY

REASON

Defined policy

REMOTE_IP

User remote IP address

USER_AGENT

User browser info

MSG

The end user message

  1. Access resource allow

    1. Log Level: INFO

    2. RESULT: ALLOW

    3. Message: Allow access to resource

    4. Log Sample:

      Oct 5 22:57:05 example.myaccessgateway.com Access Gateway ACCESS AUTHZ POLICY INFO USER_AUTHZ [SESSION_ID="_6f89fde9801702d4055216fad847dc889536592839" SUBJECT="<User login name>" RESOURCE="/" METHOD="GET" POLICY="root" POLICY_TYPE="PROTECTED" DURATION="0" APP="Sample Header App" APP_TYPE="SAMPLEHEADER2015_APP" APP_DOMAIN="<App Domain URL>" RESULT="ALLOW" REASON="N/A - SESSIONID=_6f89fde9801702d4055216fad847dc889536592839 RelayDomain=<App Domain URL> static_a=aaaaa static-b=bbbbb staticc=ccccc _staticd=ddddd -statice=eeeee staticcookie=1234 secret=secretvalue spgw_username=<User login name> UserName=<User login name> login=<User login name> firstname=<User first name> lastname=<User last name> email=<User login name> samplecookie<User first name> Groups=Everyone:Group A:Group C:Group E:Group B: SourceAuthNType=urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport RemoteIP=192.168.10.20 USER_AGENT=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 " REMOTE_IP="" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"] allow access to resource

  2. Access resource deny

    1. Log Level: INFO

    2. RESULT: DENY

    3. Message: Allow access to resource

    4. Log Sample:

      Oct 5 23:47:05 example.myaccessgateway.com Access Gateway ACCESS AUTHZ POLICY INFO USER_AUTHZ [SESSION_ID="_4a3fdbbc52dadda2109e0e789098f9b473d4f68c7e" SUBJECT="<User login name>" RESOURCE="/alt" METHOD="GET" POLICY="altroot" POLICY_TYPE="PROTECTED_REGEX" DURATION="0" APP="Sample Header App" APP_TYPE="SAMPLEHEADER2015_APP" APP_DOMAIN="<App Domain URL>" RESULT="DENY" REASON="Groups=(?!.*Everyone:) - SESSIONID=_4a3fdbbc52dadda2109e0e789098f9b473d4f68c7e RelayDomain=<App Domain URL> static_a=aaaaa static-b=bbbbb staticc=ccccc _staticd=ddddd -statice=eeeee staticcookie=1234 secret=secretvalue spgw_username=<User login name> UserName=<User login name> login=<User login name> firstname=<User first name> lastname=<User last name> email=<User login name> samplecookie<User first name> Groups=Everyone:Group A:Group C:Group E:Group B: SourceAuthNType=urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport RemoteIP=192.168.10.20 USER_AGENT=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 creationTime=1507265129865 maxInactiveInterval=3600000 maxActiveInterval=28800000 lastAccessedTime=1507265129865 " REMOTE_IP="" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"] deny access to resource

User Session

Log identifier

Field Value

PROC_ID

ACCESS

COMPONENT

AUTHN

SUB-COMPONENT

SAML

EVENT

USER_SESSION

Structured data

Field Description

SESSION_ID

This is an internal session ID created for the user session. You can track user activity with this value.

SESSION_AUTH

The authSession that was used to create this session.

SESSION_APP

Only used on authSession upgraded.

SUBJECT

User from session

APP

Application name

APP_TYPE

The type of OAG application being used

APP_DOMAIN

Public domain of the requested application

RESULT

ALLOW/DENY

REASON

Defined policy

REMOTE_IP

User remote IP address

USER_AGENT

User browser info

MSG

The end user message

  1. AuthSession upgrade with valid authCookie

    1. Log Level: INFO

    2. Message: Upgraded auth cookie. App session created.

    3. REASON: VALID_AUTHCOOKIE

    4. Log Sample:

      Oct 5 22:57:05 example.myaccessgateway.com Access Gateway ACCESS AUTHZ SESSION INFO USER_SESSION [SESSION_ID="_6f89fde9801702d4055216fad847dc889536592839" SESSION_AUTH="_99077d998f2b3c0f65ee8dbea6abd1fb389a6e18a4" SESSION_APP="e701ddf534554eab8ea671e884438b99" SUBJECT="<User login name>" APP="Sample Header App" APP_TYPE="SAMPLEHEADER2015_APP" APP_DOMAIN="<App Domain URL>" RESULT="ALLOW" REASON="VALID_AUTHCOOKIE" REMOTE_IP="" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"] Upgraded auth cookie. App session created.

  2. AuthSession upgrade with bad authCookie

    1. Log Level: WARN

    2. REASON: INVALID_AUTHCOOKIE

    3. Message: This should be investigated by your security group

    4. Log Sample:

      Oct 6 10:53:16 example.myaccessgateway.com Access Gateway ACCESS AUTHZ SESSION WARN USER_SESSION [SESSION_ID="" SESSION_AUTH="_131f081ec97099fd2e3268033f859901b17da1247d" APP="Sample Header App" APP_TYPE="SAMPLEHEADER2015_APP" APP_DOMAIN="<App Domain URL>" RESULT="DENY" REASON="INVALID_AUTHCOOKIE" REMOTE_IP="" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"] This should be investigated by your security group

  3. Access application with non-existing sessionCookie

    1. Log Level: INFO

    2. REASON: NOT_EXIST

    3. Message: No session cookie. Sending to handler.

    4. Log Sample:

      Oct 6 10:12:01 example.myaccessgateway.com Access Gateway ACCESS AUTHZ SESSION INFO USER_SESSION [SESSION_ID="" APP="Sample Header App" APP_TYPE="SAMPLEHEADER2015_APP" APP_DOMAIN="<App Domain URL>" RESULT="DENY" REASON="NOT_EXIST" REMOTE_IP="" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"] No session cookie. Sending to handler.

  4. Session integrity failure (Remote IP)

    1. Log Level: WARN

    2. RESULT: DENY

    3. REASON: SESSION_INTEGRITY_REMOTEIP_MISMATCH

    4. Message: SRF Request RemoteIP (x-forwarded-for): <New IP Address> failed to match session RemoteIP: <Old IP Address>

    5. Log Sample:

      Oct 6 13:01:15 example.myaccessgateway.com sampleheaderappamar 2017/10/06 13:01:15 [warn] 14220#0: *53 using uninitialized "messagetitle" variable, client: 192.168.10.165, server: <App Domain URL>, request: "GET / HTTP/1.1", host: "<App Domain URL>", referrer: "https://<IDP URL>/app/template_saml_2_0/exkca4yif7Qpdc6en0h7/sso/saml" Oct 6 13:01:15 example.myaccessgateway.com Access Gateway ACCESS AUTHZ SESSION WARN USER_SESSION [SESSION_ID="_b3982440f0ad73e954ed7d4fb2db00cfdbb997200c" SUBJECT="<User login name>" APP="Sample Header App" APP_TYPE="SAMPLEHEADER2015_APP" APP_DOMAIN="<App Domain URL>" RESULT="DENY" REASON="SESSION_INTEGRITY_REMOTEIP_MISMATCH" REMOTE_IP="192.168.25.154" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"] SRF Request RemoteIP (x-forwarded-for): 192.168.25.154 failed to match session RemoteIP: 192.168.10.165

  5. Session integrity failure (Domain mismatch)

    1. Log Level: ALERT

    2. RESULT: DENY

    3. REASON: SESSION_INTEGRITY_DOMAIN_MISMATCH

    4. Message: Request domain:<Request Domain> does not match session Domain:<Relay Domain>

    5. Log Sample:

      Oct 6 14:09:37 example.myaccessgateway.com sampleheaderappamar <App Domain URL> 192.168.10.165 - - [06/Oct/2017:14:09:37 -0500] "GET / HTTP/1.1" 405 1942 "https://<IDP URL>/app/template_saml_2_0/exkca4yif7Qpdc6en0h7/sso/saml" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36" "-" 0.000 - . Oct 6 14:09:37 example.myaccessgateway.com Access Gateway ACCESS AUTHZ SESSION ALERT USER_SESSION [SESSION_ID="_4cf89806b42002974d023790cbf9b40a2b32a43d38" SUBJECT="<User login name>" APP="Sample Header App" APP_TYPE="SAMPLEHEADER2015_APP" APP_DOMAIN="<App Domain URL>" RESULT="DENY" REASON="SESSION_INTEGRITY_DOMAIN_MISMATCH" REMOTE_IP="" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"] Request domain:<App Domain URL> does not match session Domain:header.okta.com

Authentication and Session Handling

This section describes the normal flow of authentication that can be tracked using the audit logs to troubleshoot session-related issues. Every user session is assigned a unique session ID. This session ID can also be used to trace a user session and can be helpful in troubleshooting or debugging.

Here is the basic flow of authentication and session creation along with the sequence of audit logs that are generated:

  1. Browser sends request to Access Gateway to access an application. Access Gateway checks if a session already exists, then redirects the browser to IDP for authentication.

    Nov 1 22:46:11 example.myaccessgateway.com Access Gateway ACCESS AUTHZ SESSION INFO USER_SESSION [SESSION_ID="" APP="Sample Header App" APP_TYPE="SAMPLEHEADER2015_APP" APP_DOMAIN="<App Domain URL>" RESULT="DENY" REASON="NOT_EXIST" REMOTE_IP="" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.62 Safari/537.36"] No session cookie. Sending to handler.

  2. User is presented the login page by IDP, enters credentials, and submits the form. Upon successful authentication, browser posts SAML assertion to Access Gateway, and Access Gateway validates the assertion and authenticates the user. Upon successful authentication, Access Gateway creates a new session, assigns a new session ID to the session, and stores SAML attributes to the cache. Access Gateway also sends the domain session cookie to the browser.

    Nov 1 22:46:37 example.myaccessgateway.com Access Gateway ACCESS AUTHN SAML INFO USER_AUTHN [SESSION_ID="_3e9bf6939e3724d6af7844505971d0d52f05cb932d" SESSION_AUTH="_7a0cc86a711ad61bf760a3de582a0f1780a8796359" SUBJECT="<User login name>" TYPE="SAML_2_0" SOURCE="http://www.okta.com/exkco438bkIFqvPfn0h7" SOURCE_TYPE="<Identity Provider type>" SOURCE_DOMAIN="<IDP URL>" SOURCE_AUTHN_TYPE="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" APP="Sample Header App" APP_DOMAIN="<App Domain URL>" RESULT="PASS" REASON="Valid SAML Assertion" REMOTE_IP="192.168.10.20" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.62 Safari/537.36"] User login:<User login name>

  3. The browser requests the application again with the session cookie. Access Gateway verifies the session integrity and sends the user to an error page if any issues are found with the session; otherwise, it proceeds to processing the request.

    Nov 1 22:46:37 example.myaccessgateway.com icsIcsgwAccess <host URL> 192.168.10.20 - - [01/Nov/2017:22:46:37 -0500] "POST /auth/module.php/saml/sp/saml2-acs.php/default-sp HTTP/1.1" 303 601 "https://<IDP URL>/app/template_saml_2_0/exkco438bkIFqvPfn0h7/sso/saml?RelayState=https%3A%2F%2F<App Domain URL>%2F" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.62 Safari/537.36" "-" 0.184 0.164 . Nov 1 22:46:37 example.myaccessgateway.com Access Gateway ACCESS AUTHZ SESSION INFO USER_SESSION [SESSION_ID="_3e9bf6939e3724d6af7844505971d0d52f05cb932d" SUBJECT="<User login name>" APP="Sample Header App" APP_TYPE="SAMPLEHEADER2015_APP" APP_DOMAIN="<App Domain URL>" RESULT="ALLOW" REASON="SESSION_INTEGRITY_VERIFIED" REMOTE_IP="" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.62 Safari/537.36"] SRF Request RemoteIP: verified session RemoteIP: 192.168.10.20

  4. Access Gateway destroys the domain session cookie and creates a FQDN application cookie.

    Nov 1 22:46:37 example.myaccessgateway.com Access Gateway ACCESS AUTHZ SESSION INFO USER_SESSION [SESSION_ID="_3e9bf6939e3724d6af7844505971d0d52f05cb932d" SESSION_AUTH="_7a0cc86a711ad61bf760a3de582a0f1780a8796359" SESSION_APP="7303a91083a04a34bab3c22c54c769ae" SUBJECT="<User login name>" APP="Sample Header App" APP_TYPE="SAMPLEHEADER2015_APP" APP_DOMAIN="<App Domain URL>" RESULT="ALLOW" REASON="VALID_AUTHCOOKIE" REMOTE_IP="" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.62 Safari/537.36"] Upgraded auth cookie. App session created.

  5. Access Gateway gets the attributes from the session cache, injects attributes to the header, and allows access to the application. Application request is sent back to the browser with a FQDN session cookie.

    Nov 1 22:46:37 example.myaccessgateway.com Access Gateway ACCESS AUTHZ POLICY INFO USER_AUTHZ [SESSION_ID="_3e9bf6939e3724d6af7844505971d0d52f05cb932d" SUBJECT="<User login name>" RESOURCE="/" METHOD="GET" POLICY="root" POLICY_TYPE="PROTECTED" DURATION="0" APP="Sample Header App" APP_TYPE="SAMPLEHEADER2015_APP" APP_DOMAIN="<App Domain URL>" RESULT="ALLOW" REASON="N/A - SESSIONID=_3e9bf6939e3724d6af7844505971d0d52f05cb932d RelayDomain=<App Domain URL> static_a=aaaaa static-b=bbbbb staticc=ccccc _staticd=ddddd -statice=eeeee staticcookie=1234 secret=secretvalue spgw_username=<User login name> UserName=<User login name> login=<User login name> firstname=<User first name> lastname=<User last name> email=<User login name> samplecookie<User first name> Groups=Everyone:Group A:Group C:Group E: SourceAuthNType=urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport RemoteIP=192.168.10.20 USER_AGENT=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.62 Safari/537.36 " REMOTE_IP="" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.62 Safari/537.36"] allow access to resource

    As shown in the preceding example, the unique session ID is logged by all audit logs and can be used to track a specific user session.

Process Monitor

Jump_to_top_↑

NGINX Configuration

Log identifier

Field Value

PROC_ID

OAG_MONITOR

COMPONENT

MONITOR

SUB-COMPONENT

NGINX

EVENT

USER_SESSION

Structured data

Field Description

STATUS

NGINX configuration status codes are defined in the following table

  1. NGINX Configuration check

    1. Log Level, STATUS:

      Status Code Log Level Description

      VALID

      INFO

      		 Configuration is valid

      CONFLICTING_SERVER_NAME

      WARN

      Duplicate server name

      SUSPICIOUS_SYMBOL

      WARN

      Line note ended or suspicious symbol in configuration file

      UNKNOWN_WARNING

      WARN

      Any unknown warning

      HOST_NOT_FOUND

      ERROR

      Host not resolved

      UNKNOWN_DIRECTIVE

      ERROR

      Unknown directive found

      INVALID_PARAMETER

      ERROR

      Invalid parameter found or missing ;

      DUPLICATE_LOCATION

      ERROR

      Duplicate location block

      UNEXPECTED_END_OF_FILE

      ERROR

      File not complete or missing }

      UNKNOWN_ERROR

      ERROR

      Any unhandled error

    2. Message: NGINX test output

    3. Log Sample:

      Oct 9 15:52:52 example.myaccessgateway.com Access Gateway OAG_MONITOR MONITOR NGINX INFO CONFIG_TEST [STATUS="VALID"] NGINX configuration is valid

NGINX Application Configuration

Log identifier

Field Value

PROC_ID

OAG_MONITOR

COMPONENT

MONITOR

SUB-COMPONENT

NGINX

EVENT

USER_SESSION

Structured data

Field Description

STATUS

NGINX configuration status codes are defined below

UUID

Application identifier

  1. NGINX application configuration check

    1. Log Level, STATUS:

      Status Code Log Level Description

      VALID

      INFO

      		 Configuration is valid

      CONFLICTING_SERVER_NAME

      WARN

      Duplicate server name

      SUSPICIOUS_SYMBOL

      WARN

      Line note ended or suspicious symbol in configuration file

      UNKNOWN_WARNING

      WARN

      Any unknown warning

      HOST_NOT_FOUND

      ERROR

      Host not resolved

      UNKNOWN_DIRECTIVE

      ERROR

      Unknown directive found

      INVALID_PARAMETER

      ERROR

      Invalid parameter found or missing ;

      DUPLICATE_LOCATION

      ERROR

      Duplicate location block

      UNEXPECTED_END_OF_FILE

      ERROR

      File not complete or missing }

      UNKNOWN_ERROR

      ERROR

      Any unhandled error

    2. Message: NGINX test output

    3. Log Sample:

      Oct 9 15:52:59 example.myaccessgateway.com Access Gateway OAG_MONITOR MONITOR NGINX INFO CONFIG_TEST [STATUS="VALID" UUID="9179e919-43dc-4396-8b26-164387213b1b"] nginx: the configuration file /tmp/nginx/nginx.conf syntax is ok nginx: configuration file /tmp/nginx/nginx.conf test is successful

SSL Certificate

Log identifier

Field Value

PROC_ID

OAG_MONITOR

COMPONENT

MONITOR

SUB-COMPONENT

CERT_CHECK

EVENT

SSL_CERT_VALIDITY_CHECK

Structured data

Field Description

USER

Username

EXPIRY

Certificate expiration date in YYYYMMDD format

  1. Certificate check

    1. Log Level, STATUS:

      Status Code Log Level Description

      VALID

      INFO

      SSL Certificate is valid for more than 30 days

      EXPIREIN30DAYS

      WARN

      SSL Certificate is going to expire in 30 days or less

      EXPIRED

      ERROR

      SSL Certificate has expired

      ERROR

      ERROR

      SSL Certificate not found

    2. Log Sample:

      Oct 9 15:51:18 example.myaccessgateway.com Access Gateway OAG_MONITOR MONITOR CERT_CHECK INFO SSL_CERT_VALIDITY_CHECK [USER="<Username>" EXPIRY="20191009"] SSL Certificate is valid for more than 30 days

Auth Modules

Log identifier

Field Value

PROC_ID

OAG_MONITOR

COMPONENT

MONITOR

SUB-COMPONENT

AUTH_MODULE

EVENT

TEST_AUTHN_AD TEST_AUTHN LDAP

Structured data

Field Description

STATUS

Status Code

UUID

Auth module identifier

HOST

LDAP/AD host

PORT

LDAP port

USER_SEARCH_BASE_DN

User search base DN

SEARCH_ATTRIBUTE

Search attribute

  1. Auth module check

    1. Log Level, STATUS:

      Status Code Log Level Description

      VALID

      INFO

      Auth module is valid

      LDAP_ERROR_CONNECTION_REFUSED

      WARN

      Host <Hostname> is not available

      LDAP_INVALID_SEARCHBASE

      ERROR

      User Search Base was not found

      LDAP_INVALID_USERBASE

      ERROR

      User Search Base was not found

      LDAP_ERROR_INVALID_CREDENTIALS

      ERROR

      Invalid credentials

      LDAP_ERROR_SEARCH_ATTRIBUTE

      ERROR

      Invalid User Search Attribute

      UNKNOWN_ERROR

      ERROR

      Error validating <Hostname> Settings

    2. Log Sample:

      Oct 9 15:53:05 example.myaccessgateway.com Access Gateway OAG_MONITOR MONITOR AUTH_MODULE INFO TEST_AUTHN_AD [STATUS="LDAP_VALID" UUID="a185d793-4538-4e5f-9deb-46eb40850aba" HOST="<Host IP Address>" PORT="389" USER_SEARCH_BASE_DN="cn=Users,dc=okta,dc=info" SEARCH_ATTRIBUTE="samaccountname"] Auth module is valid

Access Log

Jump_to_top_↑

Access Log

Field Description

Hostname

Hostname of Access Gateway appliance

Tag

Tag to identify Access Gateway component

Application Hostname

Hostname of the application (public domain of application)

Client IP

User’s IP address

Timestamp

Date and time when request was processed

Request

HTTP request

HTTP Status Code

HTTP status code

Request size

Size of request body in bytes

HTTP Referrer

 -

User Agent

Browser information

X-Forwarded-For

X-Forwarded-For header received

Request Time

Time in seconds to receive request

Response Time

Time in seconds to send a response

Log Sample:

Mar 28 13:13:57 example.myaccessgateway.com sampleheaderapptest <App Domain URL> <User's IP Address> - - [28/Mar/2018:13:13:57 -0500] "GET / HTTP/1.1" 200 4828 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36" "<User's IP Address>" 0.006 0.001 .

The following table identifies the data contained in the log sample:

Access log sample

Field Value

Hostname

<Access Gateway hostname>

Tag

sampleheaderapptest

Application Hostname

<App Domain URL>

Client IP

<User’s IP Address>

Timestamp

28/Mar/2018:13:13:57 -0500

Request

GET /HTTP/1.1

HTTP Status Code

200

Request size

4821

HTTP Referrer

-

User Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36

X-Forwarded-For

<User’s IP Address>

Request Time

0.006

Response Time

0.001

HTTP Status Codes

Jump_to_top_↑

Access Gateway returns the following status codes to the browser for each event. They're also captured in the access log, which can be used to help troubleshoot any issues.

HTTP Status Codes

Status Code Description

200

Successful response

400

Application is being called using IP address or the hostname is not being served by Access Gateway

401

Session does not exist

403

Access Gateway policy rule denied access to resource

404

Unknown page/content/resource

405

Session integrity failure

500

Server side error

502

Backend application not available

503

Application is in maintenance, inactive, or offline mode

504

Request to backend application timed out