FaultDomainRedirect
Does anyone know what this means when an alert comes through?
Log entry raw data:
{"CreationTime":"2020-06-04T05:26:02","Id":"b0b1b3d9-9475-450e-b29e-1e62b5a51be8","Operation":"UserLoggedIn","OrganizationId":"5c52dcca-c284-4cf2-9ab3-ba48840d808a","RecordType":15,"ResultStatus":"Succeeded","UserKey":"Not Available","UserType":0,"Version":1,"Workload":"AzureActiveDirectory","ClientIP":"40.101.**","ObjectId":"Unknown","UserId":"***********","AzureActiveDirectoryEventType":1,"ExtendedProperties":[{"Name":"UserAgent","Value":"BAV2ROPC"},{"Name":"RequestType","Value":"OAuth2:Token"},{"Name":"ResultStatusDetail","Value":"Redirect"}],"ModifiedProperties":[],"Actor":[{"ID":"Unknown","Type":0},{"ID":"************","Type":5}],"ActorContextId":"5c52dcca-c284-4cf2-9ab3-ba48840d808a","ActorIpAddress":"40.101.**","InterSystemsId":"3146ad89-faee-4cf7-b0f9-e9a00b0a0b0a","IntraSystemId":"93f9f8a6-3344-4a3c-90a4-4e8cbfcc0b00","SupportTicketId":"","Target":[{"ID":"Unknown","Type":0}],"TargetContextId":"5c52dcca-c284-4cf2-9ab3-ba48840d808a","ApplicationId":"00000002-0000-0ff1-ce00-000000000000","LogonError":"FaultDomainRedirect"}
-
I'm doing this research right now. From what I gather (and it's not documented in MS at all) is that this is a attempt to access a sharepoint site using a non-company username / password. The login is re-directed to federated SSO, where they are then denied.
So, what i think is happening is that the initial login works, but the user doesn't not have permission per federated rules. I'm not 100% sure though.
Please sign in to leave a comment.
Comments
1 comment