Logging Client IP Address instead of Load Balancer IP Address
If <ahref="http://www.sun.com/software/products/identity_mgr/index.xml">SunIdentity Manager version 8.1 is deployed with a Load Balancer or Reverse HTTP Proxy server in frontof it and you need to log the IP address of the actual client in Auditlogs then you need toconfigure Identity Manager (IdM) to pick the client IP address from theHTTP requestheaders. For example, if the Load Balancer sends the actual client IPaddress in the "[URL="http://en.wikipedia.org/wiki/X-Forwarded-For"]X-Forwarded-For[/URL]"HTTP request header then you wouldhave to modify the IdM ?<ahref="http://docs.sun.com/app/docs/doc/820-5823/giels?a=view">Waveset.properties?file to make it read thisheader and log the client IP address from this header. To do this, editthe "Waveset.properties" file and set "client.headerIPVariable" as follows:
Save the ?Waveset.properties? file and restart IdM server. Now when auser logs in to IdM, you should see the actual IP address of the actualclient rather than the Load Balancer IP address being logged in IdMAudit logs. Some times the "X-Forwarded header" of an incoming HTTPrequest can contain multiple IP addresses like ",, ". In this case, I noticedthat IdM 8.1 logs all three IP addresses, which is nice.