Today we are pleased to announce the release of the AdminUI Event Sink for IdentityServer.
Following from the success of the new Audit feature available for AdminUI we are providing you with the ability to create audit records from your IdentityServer instance.
IdentityServer Events
In addition to the logging system within IdentityServer, there are also a number of predefined events. Events provide a higher level of information beyond that of log output. The information raised from events provide structured information about success and failures in a way that allows enhanced querying, this is were the Audit feature in AdminUI comes to help.
How do I get this?
To start feeding the events raised from your IdentityServer into the Audit process within AdminUI all you need to do is add a reference to the AdminUI Audit Provider for EF and the AdminUI Audit Sink. You can find these packages at;
RSK.IdentityServer4.AuditEventSink
As I said earlier IdentityServer has a number of events built into it however they are not automatically surfaced. To enable them you need to add the following options in the Startup file;
services.AddIdentityServer(options => {
options.Events.RaiseSuccessEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseErrorEvents = true; });
Now you can use the event sink structure within IdentityServer and funnel the events into the AdminUI Audit process. We do this in the following way;
var dbContextOptionsBuilder = new DbContextOptionsBuilder< AuditDatabaseContext >();
RSK.Audit.AuditProviderFactory auditFactory = new AuditProviderFactory(dbContextOptionsBuilder.UseSqlServer(connectionString).Options);
var auditRecorder = auditFactory.CreateAuditSource("IdentityServer");
services.AddSingleton< IEventSink >(provider => new AuditSink(auditRecorder));
Let's review what the code actually does. The initial section of code sets up the AdminUI Audit recorder, this acts as our funnel, and it directs the events into the audit tables used by AdminUI.
The AuditSink acts as our conduit between the two by, accepting the events raised by IdentityServer and funnelling them over to the AdminUI Audit process through the AdminUI Audit recorder.
Event Sink Aggregator
One of the small things missing from the event sink process within IdentityServer is the ability to use more than one sink. As we always like to go that little further we have also created a sink aggregator, which you can use in the following way;
services.AddSingleton(provider => new EventSinkAggregator(_loggerFactory.CreateLogger("EventSinkAggregator")) { EventSinks = new List () { new AuditSink(auditRecorder), new MySecondSink() } });
As you can see from this code our EventSinkAggreator allows you to have more than one event sink, we also separate them to ensure that one cannot affect the others. So, if for any reason, an event sink raises and exception we log that information and ensure the remaining event sinks in the aggregator still get notified of the IdentityServer events.
AuditSink Events
When you review the documentation for the existing events raised by IdentityServer (here) you will see that there are a number of useful events which are a great addition to the AdminUI Audit records, however there are a few which don’t fit in the audit process. The AuditSink will only handle the following events;
- TokenIssuedSuccessEvent and TokenIssuedFailureEvent
- UserLoginSuccessEvent and UserLoginFailureEvent
- UserLogoutSuccessEvent
- ConsentGrantedEvent and ConsentDeniedEvent
- GrantsRevokedEvent If you need to ensure that all events are handled, then we have already seen how easy it is to use the EventSinkAggregator
