This event is generated when you select the
option under on the Logging page of an Identity Server configuration. Use the field and the field to determine whether the failure came from a contract, SAML 1.1, SAML 2.0, or Liberty.Description: NIDS: User session authentication failed. This string plus one of the following phrases: for a contract failure, Contract Execution; for a SAML 1.1 failure, SAML Assertion; for a SAML 2.0 failure, SAML2 SSO; for a Liberty failure, Liberty SSO.
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: Authentication Contract Name Data Description: Contract URI
SubTarget (Y): null
Text1 (S): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:)
Text2 (T): Schema Title: Reason Data Description: Reason Message
Text3 (F): Schema Title: Authentication Source Data Description: For a contract, contains the authentication method name; for Liberty, contains the service provider IP; for SAML 1.1, contains the SAML assertion issuer; for SAML 2.0, contains the service provider IP.
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): null