API Key User Collection for Self-Hosted Customers

JFrog Platform Administration Documentation

Content Type
Administration / Platform
ft:sourceType
Paligo

Artifactory version 7.47.10 includes the ability to collect information regarding how your users are logging in to the system. Using this function, you can detect and notify all users/clients who are using an API Key authentication method that they need to change their authentication method. The collection feature of the authentication method is enabled by default.

Enable User Collection for Self-Hosted Customers

Run the following command to collect the API Key authentication method in the var/log/artifactory-access.log:

bash-4.4$ cat var/log/artifactory-access.log | grep "\\[ACCEPTED LOGIN\\].*\\[apiKey\\]$"

For example:

2022-11-03T10:26:00.944Z [64f8d13a96f81f10] [ACCEPTED LOGIN] for client : admin / 172.17.0.1. [apiKey]
2022-11-03T10:26:15.252Z [7beab97bfa421337] [ACCEPTED LOGIN] for client : admin / 172.17.0.1. [token]

Obtain the Realm and Authentication Attempts

In cases where simply the username and authentication method is not enough information (for example, if you are trying to track where the API Key is being used), do the following:

  1. Go to this file var/etc/artifactory/logback.xml.

  2. Add the following to the file:

    <logger name="org.artifactory.security" level="debug" additivity="false"> <appender-ref ref="FILE"/>
    </logger>
  3. Then, search for the following in the var/log/artifactory-service.log: "Trying to authenticate user:"

    For example: 'Trying to authenticate user: 'user1' via ldap.'

Collect the Data

  1. JFrog recommends allowing the system to run with the logs enabled for some time (recommended is 3 months).

  2. Run a grep command on the logs you collected (or parse it with your tools) to get all the usernames who used API Keys in the last 3 months. For example:

    bash-4.4$ cat var/log/artifactory-access.log | grep "\\[ACCEPTED LOGIN\\].*\\[apiKey\\]$"
     
    2022-11-08T13:43:33.208Z [1c8a8e6db8a35b8e] [ACCEPTED LOGIN] for client : admin / 172.17.0.1. [apiKey]
     
    2022-11-08T13:43:52.290Z [2d1cefa1c521a36 ] [ACCEPTED LOGIN] for client : admin / 172.17.0.1. [apiKey]
  3. Notify the users detected by the log that they need to change their application keys to Access Tokens or to another authentication method.