In ThingWorx 9.3.4, it appears that session timeouts are finally now audited (audit.AuditCategory.Authorization category) but there is no localization token for the actual message. I assume the token and value should be:name: com.thingworx.things.security.SecurityMonitorThing.SessionExpired.Auditvalue: Session timed out for user: __user__Can anyone confirm this? Are there other fields available in the data shape to the audit message that can be used or just the user field?

14-Alexandrite

Solved

Localization Token Missing for Session Timeout Audit Message

Forum|Forum|3 years ago
September 7, 2022
2 replies
1726 views

In ThingWorx 9.3.4, it appears that session timeouts are finally now audited (audit.AuditCategory.Authorization category) but there is no localization token for the actual message. I assume the token and value should be:

name: com.thingworx.things.security.SecurityMonitorThing.SessionExpired.Audit
value: Session timed out for user: __user__

Can anyone confirm this? Are there other fields available in the data shape to the audit message that can be used or just the user field?

Security

Best answer by rattmice

Yes, I did that to create the tokens from the original post. However, I was wondering if those are the correct ones to set since 9.3.3 does not ship with those defined. Doesn't matter really to me because the ones I created will suffice for my customer but if it is the wrong tokens then I'd like to correct my implementation.

On a side note, the current Help Center now has Release Notes for 9.3.5 and the reference to this new feature is no longer listed in the 9.3.4 notes and the Security Monitor sections also does not list this new capability.

S

slangley

Community Manager

Hi @rattmice.

Take a look at this information from the ThingWorx Help Center to see if it offers guidance. If you're not able to make any headway on it, let us know.

Regards.

--Sharon

R

rattmice

AuthorAnswer

14-Alexandrite

Yes, I did that to create the tokens from the original post. However, I was wondering if those are the correct ones to set since 9.3.3 does not ship with those defined. Doesn't matter really to me because the ones I created will suffice for my customer but if it is the wrong tokens then I'd like to correct my implementation.

On a side note, the current Help Center now has Release Notes for 9.3.5 and the reference to this new feature is no longer listed in the 9.3.4 notes and the Security Monitor sections also does not list this new capability.

S

slangley

Community Manager

Hi @rattmice

Custom, by definition, would allow you to create your own as long as they are unique.

That's an interesting observation regarding the Session Timeout Audit message being removed from the 9.3.4 Release Notes. I'll see if I can find out more on this.

Regards.

--Sharon

S

slangley

Community Manager

Hi @rattmice.

Our documentation team investigated regarding the Session Timeout Audit message being removed from the 9.3.4 Release Notes, but from our investigation, it doesn't appear that the Session Timeout Audit message info was ever included in the 9.3.4 release notes. It's possible they missed adding it to the 9.3.4 release notes, which is why it's now in the 9.3.5 release notes.

Please let us know if you have further questions.

Regards.

--Sharon

Sign up

Please use your PTC eSupport account.

Welcome to the PTC Community

Please use your PTC eSupport account.

Scanning file for viruses.

This file cannot be downloaded