audit improvements

src/main/java/password/pwm/PwmApplication.java

@@ -259,8 +259,10 @@ public class PwmApplication {
                 LOGGER.warn("configuration checksum does not match previously seen checksum, configuration has been modified since last startup");
                 if (this.getAuditManager() != null) {
                     final String modifyMessage = "configuration was modified directly (not using ConfigEditor UI)";
-                    this.getAuditManager().submit(new AuditRecordFactory(this).createSystemAuditRecord(
+                    this.getAuditManager().submit(new AuditRecordFactory(this).createUserAuditRecord(
                             AuditEvent.MODIFY_CONFIGURATION,
+                            null,
+                            null,
                             modifyMessage
                     ));
                 }

src/main/java/password/pwm/config/stored/ConfigurationReader.java

@@ -33,9 +33,6 @@ import password.pwm.error.ErrorInformation;
 import password.pwm.error.PwmError;
 import password.pwm.error.PwmOperationalException;
 import password.pwm.error.PwmUnrecoverableException;
-import password.pwm.svc.event.AuditEvent;
-import password.pwm.svc.event.AuditRecord;
-import password.pwm.svc.event.AuditRecordFactory;
 import password.pwm.util.FileSystemUtility;
 import password.pwm.util.Helper;
 import password.pwm.util.JsonUtil;
@@ -161,7 +158,7 @@ public class ConfigurationReader {
             final StoredConfigurationImpl storedConfiguration,
             final PwmApplication pwmApplication,
             final SessionLabel sessionLabel
-    )
+            )
             throws IOException, PwmUnrecoverableException, PwmOperationalException
     {
         File backupDirectory = null;
@@ -206,18 +203,6 @@ public class ConfigurationReader {
                 pwmApplication.writeAppAttribute(PwmApplication.AppAttribute.CONFIG_HASH, actualChecksum);
             }
 
-            if (pwmApplication != null && pwmApplication.getAuditManager() != null) {
-                String modifyMessage = storedConfiguration.changeLogAsDebugString(PwmConstants.DEFAULT_LOCALE, false);
-                if (sessionLabel != null && sessionLabel.getUserIdentity() != null) {
-                    modifyMessage += " by " + sessionLabel.getUserIdentity().toDisplayString();
-                }
-                final AuditRecord auditRecord = new AuditRecordFactory(pwmApplication).createSystemAuditRecord(
-                        AuditEvent.MODIFY_CONFIGURATION,
-                        modifyMessage
-                );
-                pwmApplication.getAuditManager().submit(auditRecord);
-            }
-
             if (backupDirectory != null) {
                 final String configFileName = configFile.getName();
                 final String backupFilePath = backupDirectory.getAbsolutePath() + File.separatorChar + configFileName + "-backup";

src/main/java/password/pwm/http/servlet/configmanager/ConfigManagerServlet.java

@@ -43,6 +43,10 @@ import password.pwm.http.servlet.configguide.ConfigGuideServlet;
 import password.pwm.i18n.Admin;
 import password.pwm.i18n.Config;
 import password.pwm.i18n.Display;
+import password.pwm.svc.PwmService;
+import password.pwm.svc.event.AuditEvent;
+import password.pwm.svc.event.AuditRecord;
+import password.pwm.svc.event.AuditRecordFactory;
 import password.pwm.util.Helper;
 import password.pwm.util.LDAPPermissionCalculator;
 import password.pwm.util.LocaleHelper;
@@ -251,7 +255,24 @@ public class ConfigManagerServlet extends AbstractPwmServlet {
 
         try {
             ContextManager contextManager = ContextManager.getContextManager(pwmRequest.getHttpServletRequest().getSession().getServletContext());
-            contextManager.getConfigReader().saveConfiguration(storedConfiguration, contextManager.getPwmApplication(), pwmRequest.getSessionLabel());
+            contextManager.getConfigReader().saveConfiguration(
+                    storedConfiguration,
+                    contextManager.getPwmApplication(),
+                    pwmRequest.getSessionLabel()
+            );
+
+            final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
+            if (pwmApplication.getAuditManager() != null && pwmApplication.getAuditManager().status() == PwmService.STATUS.OPEN) {
+                final String modifyMessage = "Configuration Changes: " + storedConfiguration.changeLogAsDebugString(PwmConstants.DEFAULT_LOCALE, false);
+                final AuditRecord auditRecord = new AuditRecordFactory(pwmApplication).createUserAuditRecord(
+                        AuditEvent.MODIFY_CONFIGURATION,
+                        pwmRequest.getUserInfoIfLoggedIn(),
+                        pwmRequest.getSessionLabel(),
+                        modifyMessage
+                );
+                pwmApplication.getAuditManager().submit(auditRecord);
+            }
+
             contextManager.requestPwmApplicationRestart();
         } catch (Exception e) {
             final String errorString = "error saving file: " + e.getMessage();

src/main/java/password/pwm/http/servlet/helpdesk/HelpdeskServlet.java

@@ -366,6 +366,14 @@ public class HelpdeskServlet extends AbstractPwmServlet {
         // check if user should be seen by actor
         checkIfUserIdentityViewable(pwmRequest, helpdeskProfile, userIdentity);
 
+        // read the userID for later logging.
+        String userID = null;
+        try {
+            userID = LdapOperationsHelper.readLdapUsernameValue(pwmApplication, userIdentity);
+        } catch (ChaiOperationException e) {
+            LOGGER.warn(pwmSession, "unable to read username of deleted user while creating audit record");
+        }
+
         // execute user delete operation
         ChaiProvider provider = helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_USE_PROXY)
                 ? pwmApplication.getProxyChaiProvider(userIdentity.getLdapProfileID())
@@ -384,11 +392,18 @@ public class HelpdeskServlet extends AbstractPwmServlet {
 
         // mark the event log
         {
+            //normally the audit record builder reads the userID while constructing the record, but because the target user is already deleted,
+            //it will be included here explicitly.
+            final AuditRecordFactory.AuditUserDefinition auditUserDefinition = new AuditRecordFactory.AuditUserDefinition(
+                    userID,
+                    userIdentity.getUserDN(),
+                    userIdentity.getLdapProfileID()
+            );
             final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(
                     AuditEvent.HELPDESK_DELETE_USER,
                     pwmSession.getUserInfoBean().getUserIdentity(),
                     null,
-                    userIdentity,
+                    auditUserDefinition,
                     pwmSession.getSessionStateBean().getSrcAddress(),
                     pwmSession.getSessionStateBean().getSrcHostname()
             );

src/main/java/password/pwm/svc/event/AuditEvent.java

@@ -26,8 +26,9 @@ import password.pwm.config.Configuration;
 import password.pwm.i18n.Admin;
 import password.pwm.i18n.Message;
 import password.pwm.i18n.PwmDisplayBundle;
+import password.pwm.util.JsonUtil;
 
-import java.util.Locale;
+import java.util.*;
 
 public enum AuditEvent {
 
@@ -35,11 +36,11 @@ public enum AuditEvent {
     STARTUP(                        Message.EventLog_Startup,                           Admin.EventLog_Narrative_Startup,                          Type.SYSTEM),
     SHUTDOWN(                       Message.EventLog_Shutdown,                          Admin.EventLog_Narrative_Shutdown,                         Type.SYSTEM),
     FATAL_EVENT(                    Message.EventLog_FatalEvent,                        Admin.EventLog_Narrative_FatalEvent,                       Type.SYSTEM),
-    MODIFY_CONFIGURATION(           Message.EventLog_ModifyConfiguration,               Admin.EventLog_Narrative_ModifyConfiguration,              Type.SYSTEM),
     INTRUDER_LOCK(                  Message.EventLog_IntruderLockout,                   Admin.EventLog_Narrative_IntruderLockout,                  Type.SYSTEM),
     INTRUDER_ATTEMPT(               Message.EventLog_IntruderAttempt,                   Admin.EventLog_Narrative_IntruderAttempt,                  Type.SYSTEM),
 
     // user events not stored in user event history
+    MODIFY_CONFIGURATION(           Message.EventLog_ModifyConfiguration,               Admin.EventLog_Narrative_ModifyConfiguration,              Type.USER),
     AUTHENTICATE(                   Message.EventLog_Authenticate,                      Admin.EventLog_Narrative_Authenticate,                     Type.USER),
     AGREEMENT_PASSED(               Message.EventLog_AgreementPassed,                   Admin.EventLog_Narrative_AgreementPassed,                  Type.USER),
     TOKEN_ISSUED(                   Message.EventLog_TokenIssued,                       Admin.EventLog_Narrative_TokenIssued,                      Type.USER),
@@ -76,14 +77,24 @@ public enum AuditEvent {
 
     ;
 
+    private static final String JSON_KEY_XDAS_TAXONOMY = "xdasTaxonomy";
+    private static final String JSON_KEY_XDAS_OUTCOME = "xdasOutcome";
+
+
     final private Message message;
     final private PwmDisplayBundle narrative;
+
+    private String xdasTaxonomy;
+    private String xdasOutcome;
+
     private Type type;
 
     AuditEvent(final Message message, final PwmDisplayBundle narrative, final Type type) {
         this.message = message;
         this.type = type;
         this.narrative = narrative;
+        this.xdasTaxonomy = getResourceData().get(JSON_KEY_XDAS_TAXONOMY);
+        this.xdasOutcome = getResourceData().get(JSON_KEY_XDAS_OUTCOME);
     }
 
     public Message getMessage() {
@@ -124,4 +135,18 @@ public enum AuditEvent {
         SYSTEM,
         HELPDESK,
     }
+
+    public String getXdasTaxonomy() {
+        return xdasTaxonomy;
+    }
+
+    public String getXdasOutcome() {
+        return xdasOutcome;
+    }
+
+    private Map<String,String> getResourceData() {
+        final ResourceBundle resourceBundle = ResourceBundle.getBundle(AuditEvent.class.getName());
+        final String jsonObj = resourceBundle.getString(this.toString());
+        return JsonUtil.deserializeStringMap(jsonObj);
+    }
 }

src/main/java/password/pwm/svc/event/AuditRecord.java

@@ -34,6 +34,9 @@ public abstract class AuditRecord implements Serializable {
     protected Date timestamp = new Date();
     protected String message;
     protected String narrative;
+    protected String xdasTaxonomy;
+    protected String xdasOutcome;
+
 
     protected AuditRecord(
             final Date timestamp,
@@ -51,6 +54,8 @@ public abstract class AuditRecord implements Serializable {
 
     protected AuditRecord(final AuditEvent eventCode, final String message) {
         this(new Date(), eventCode, message);
+        this.xdasOutcome = eventCode.getXdasOutcome();
+        this.xdasTaxonomy = eventCode.getXdasTaxonomy();
     }
 
     public AuditEvent.Type getType() {
@@ -76,4 +81,12 @@ public abstract class AuditRecord implements Serializable {
     public String getNarrative() {
         return narrative;
     }
+
+    public String getXdasTaxonomy() {
+        return xdasTaxonomy;
+    }
+
+    public String getXdasOutcome() {
+        return xdasOutcome;
+    }
 }

src/main/java/password/pwm/svc/event/AuditRecordFactory.java

@@ -52,28 +52,42 @@ public class AuditRecordFactory {
             final String sourceHost
     )
     {
-        String perpUserDN = null, perpUserID = null, perpLdapProfile = null, targetUserDN = null, targetUserID = null, targetLdapProfile = null;
-        if (perpetrator != null) {
-            perpUserDN = perpetrator.getUserDN();
-            perpLdapProfile = perpetrator.getLdapProfileID();
-            try {
-                perpUserID = LdapOperationsHelper.readLdapUsernameValue(pwmApplication,perpetrator);
-            } catch (Exception e) {
-                LOGGER.error("unable to read userID for " + perpetrator + ", error: " + e.getMessage());
-            }
-        }
-        if (target != null) {
-            targetUserDN = target.getUserDN();
-            targetLdapProfile = target.getLdapProfileID();
-            try {
-                targetUserID = LdapOperationsHelper.readLdapUsernameValue(pwmApplication,target);
-            } catch (Exception e) {
-                LOGGER.error("unable to read userID for " + perpetrator + ", error: " + e.getMessage());
-            }
-        }
 
-        final HelpdeskAuditRecord record = new HelpdeskAuditRecord(new Date(), eventCode, perpUserID, perpUserDN, perpLdapProfile, message, targetUserID, targetUserDN,
-                targetLdapProfile, sourceAddress, sourceHost);
+        final AuditUserDefinition targetAuditUserDefintition = userIdentityToUserDefinition(target);
+        return createHelpdeskAuditRecord(
+                eventCode,
+                perpetrator,
+                message,
+                targetAuditUserDefintition,
+                sourceAddress,
+                sourceHost
+        );
+    }
+
+    public HelpdeskAuditRecord createHelpdeskAuditRecord(
+            final AuditEvent eventCode,
+            final UserIdentity perpetrator,
+            final String message,
+            final AuditUserDefinition target,
+            final String sourceAddress,
+            final String sourceHost
+    )
+    {
+        final AuditUserDefinition perpAuditUserDefintition = userIdentityToUserDefinition(perpetrator);
+
+        final HelpdeskAuditRecord record = new HelpdeskAuditRecord(
+                new Date(),
+                eventCode,
+                perpAuditUserDefintition.getUserID(),
+                perpAuditUserDefintition.getUserDN(),
+                perpAuditUserDefintition.getLdapProfile(),
+                message,
+                target.getUserID(),
+                target.getUserDN(),
+                target.getLdapProfile(),
+                sourceAddress,
+                sourceHost
+        );
         record.narrative = makeNarrativeString(record);
         return record;
     }
@@ -86,18 +100,18 @@ public class AuditRecordFactory {
             final String sourceHost
     )
     {
-        String perpUserDN = null, perpUserID = null, perpLdapProfile = null;
-        if (perpetrator != null) {
-            perpUserDN = perpetrator.getUserDN();
-            perpLdapProfile = perpetrator.getLdapProfileID();
-            try {
-                perpUserID = LdapOperationsHelper.readLdapUsernameValue(pwmApplication,perpetrator);
-            } catch (Exception e) {
-                LOGGER.error("unable to read userID for " + perpetrator + ", error: " + e.getMessage());
-            }
-        }
+        final AuditUserDefinition perpAuditUserDefintition = userIdentityToUserDefinition(perpetrator);
 
-        final UserAuditRecord record = new UserAuditRecord(new Date(), eventCode, perpUserID, perpUserDN, perpLdapProfile, message, sourceAddress, sourceHost);
+        final UserAuditRecord record = new UserAuditRecord(
+                new Date(),
+                eventCode,
+                perpAuditUserDefintition.getUserID(),
+                perpAuditUserDefintition.getUserDN(),
+                perpAuditUserDefintition.getLdapProfile(),
+                message,
+                sourceAddress,
+                sourceHost
+        );
         record.narrative = this.makeNarrativeString(record);
         return record;
     }
@@ -176,4 +190,44 @@ public class AuditRecordFactory {
 
         return outputString;
     }
+
+    private AuditUserDefinition userIdentityToUserDefinition(final UserIdentity userIdentity) {
+        String userDN = null, userID = null, ldapProfile = null;
+
+        if (userIdentity != null) {
+            userDN = userIdentity.getUserDN();
+            ldapProfile = userIdentity.getLdapProfileID();
+            try {
+                userID = LdapOperationsHelper.readLdapUsernameValue(pwmApplication,userIdentity);
+            } catch (Exception e) {
+                LOGGER.warn("unable to read userID for " + userIdentity + ", error: " + e.getMessage() );
+            }
+        }
+
+        return new AuditUserDefinition(userID, userDN, ldapProfile);
+    }
+
+    public static class AuditUserDefinition {
+        private String userID;
+        private String userDN;
+        private String ldapProfile;
+
+        public AuditUserDefinition(final String userID, final String userDN, final String ldapProfile) {
+            this.userID = userID;
+            this.userDN = userDN;
+            this.ldapProfile = ldapProfile;
+        }
+
+        public String getUserID() {
+            return userID;
+        }
+
+        public String getUserDN() {
+            return userDN;
+        }
+
+        public String getLdapProfile() {
+            return ldapProfile;
+        }
+    }
 }

src/main/java/password/pwm/svc/event/SyslogAuditService.java

@@ -174,7 +174,7 @@ public class SyslogAuditService {
     }
 
     private WorkQueueProcessor.ProcessResult processEvent(final AuditRecord auditRecord) {
-        final String syslogEventString = JsonUtil.serialize(auditRecord);
+        final String syslogEventString = PwmConstants.PWM_APP_NAME + " " + JsonUtil.serialize(auditRecord);
 
         final SyslogIF syslogIF = syslogInstance;
         try {

src/main/resources/password/pwm/i18n/Admin.properties

@@ -311,7 +311,7 @@ Field_ChaiAPIVersion=Chai API Version
 EventLog_Narrative_Startup=@PwmAppName@ has started up
 EventLog_Narrative_Shutdown=@PwmAppName@ has been shutdown
 EventLog_Narrative_FatalEvent=A fatal event has occurred; data: %message%
-EventLog_Narrative_ModifyConfiguration=%perpetratorID% (%perpetratorDN%) has modified the configuration
+EventLog_Narrative_ModifyConfiguration=Configuration has been modified, changes: %message%
 EventLog_Narrative_IntruderAttempt=Non user-specific intruder attempt (Details: %message%)
 EventLog_Narrative_IntruderLockout=Non user-specific intruder lockout (Details: %message%)
 EventLog_Narrative_ActivateUser=%perpetratorID% (%perpetratorDN%) has activated their account

src/main/resources/password/pwm/svc/event/AuditEvent.properties

@@ -0,0 +1,56 @@
+#
+# Password Management Servlets (PWM)
+# http://www.pwm-project.org
+#
+# Copyright (c) 2006-2009 Novell, Inc.
+# Copyright (c) 2009-2016 The PWM Project
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+STARTUP={"xdasTaxonomy":"XDAS_AE_INVOKE_SERVICE","xdasOutcome":"XDAS_OUT_SUCCESS"}
+SHUTDOWN={"xdasTaxonomy":"XDAS_AE_TERMINATE_SERVICE","xdasOutcome":"XDAS_OUT_SUCCESS"}
+FATAL_EVENT={"xdasTaxonomy":"XDAS_AE_WF_FINISH","xdasOutcome":"XDAS_OUT_SERVICE_FAILURE"}
+MODIFY_CONFIGURATION={"xdasTaxonomy":"XDAS_AE_CONFUPDATE","xdasOutcome":"XDAS_OUT_SUCCESS"}
+INTRUDER_LOCK={"xdasTaxonomy":"XDAS_AE_DISABLE_ACCOUNT","xdasOutcome":"XDAS_OUT_SUCCESS"}
+INTRUDER_ATTEMPT={"xdasTaxonomy":"XDAS_AE_IDS_SUSPICIOUS","xdasOutcome":"XDAS_OUT_SUCCESS"}
+AUTHENTICATE={"xdasTaxonomy":"XDAS_AE_AUTHENTICATE_ACCOUNT","xdasOutcome":"XDAS_OUT_SUCCESS"}
+AGREEMENT_PASSED={"xdasTaxonomy":"XDAS_AE_ASSOC_TRUST","xdasOutcome":"XDAS_OUT_SUCCESS"}
+TOKEN_ISSUED={"xdasTaxonomy":"XDAS_AE_SET_CRED_ACCOUNT","xdasOutcome":"XDAS_OUT_PRIV_GRANTED"}
+TOKEN_CLAIMED={"xdasTaxonomy":"XDAS_AE_GRANT_ACCOUNT_ACCESS","xdasOutcome":"XDAS_OUT_PRIV_USED"}
+CLEAR_RESPONSES={"xdasTaxonomy":"XDAS_AE_DELETE_DATA_ITEM","xdasOutcome":"XDAS_OUT_SUCCESS"}
+CHANGE_PASSWORD={"xdasTaxonomy":"XDAS_AE_SET_CRED_ACCOUNT","xdasOutcome":"XDAS_OUT_SUCCESS"}
+UNLOCK_PASSWORD={"xdasTaxonomy":"XDAS_AE_GRANT_ACCOUNT_ACCESS","xdasOutcome":"XDAS_OUT_SUCCESS"}
+RECOVER_PASSWORD={"xdasTaxonomy":"XDAS_AE_GRANT_ACCOUNT_ACCESS","xdasOutcome":"XDAS_OUT_SUCCESS"}
+SET_RESPONSES={"xdasTaxonomy":"XDAS_AE_CREATE_TRUST","xdasOutcome":"XDAS_OUT_THRESHOLDS_SET"}
+SET_OTP_SECRET={"xdasTaxonomy":"XDAS_AE_CREATE_TRUST","xdasOutcome":"XDAS_OUT_THRESHOLDS_SET"}
+ACTIVATE_USER={"xdasTaxonomy":"XDAS_AE_CREATE_SESSION","xdasOutcome":"XDAS_OUT_SUCCESS"}
+CREATE_USER={"xdasTaxonomy":"XDAS_AE_CREATE_ACCOUNT","xdasOutcome":"XDAS_OUT_SUCCESS"}
+UPDATE_PROFILE={"xdasTaxonomy":"XDAS_AE_MODIFY_ACCOUNT","xdasOutcome":"XDAS_OUT_SUCCESS"}
+INTRUDER_USER_LOCK={"xdasTaxonomy":"XDAS_AE_DISABLE_ACCOUNT","xdasOutcome":"XDAS_OUT_INVALID_USER_CREDENTIALS"}
+INTRUDER_USER_ATTEMPT={"xdasTaxonomy":"XDAS_AE_IDS_SUSPICIOUS","xdasOutcome":"XDAS_OUT_SUCCESS"}
+HELPDESK_SET_PASSWORD={"xdasTaxonomy":"XDAS_AE_SET_CRED_ACCOUNT","xdasOutcome":"XDAS_OUT_THRESHOLDS_SET"}
+HELPDESK_UNLOCK_PASSWORD={"xdasTaxonomy":"XDAS_AE_SET_CRED_ACCOUNT","xdasOutcome":"XDAS_OUT_SUCCESS"}
+HELPDESK_CLEAR_RESPONSES={"xdasTaxonomy":"XDAS_AE_DELETE_TRUST","xdasOutcome":"XDAS_OUT_SUCCESS"}
+HELPDESK_CLEAR_OTP_SECRET={"xdasTaxonomy":"XDAS_AE_DELETE_TRUST","xdasOutcome":"XDAS_OUT_SUCCESS"}
+HELPDESK_ACTION={"xdasTaxonomy":"XDAS_AE_INSTALL_SERVICE","xdasOutcome":"XDAS_OUT_ACTIONS_SET"}
+HELPDESK_DELETE_USER={"xdasTaxonomy":"XDAS_AE_DELETE_ACCOUNT","xdasOutcome":"XDAS_OUT_SUCCESS"}
+HELPDESK_VIEW_DETAIL={"xdasTaxonomy":"XDAS_AE_QUERY_ACCOUNT","xdasOutcome":"XDAS_OUT_SUCCESS"}
+HELPDESK_VERIFY_OTP={"xdasTaxonomy":"XDAS_AE_QUERY_TRUST","xdasOutcome":"XDAS_OUT_SUCCESS"}
+HELPDESK_VERIFY_OTP_INCORRECT={"xdasTaxonomy":"XDAS_AE_QUERY_TRUST","xdasOutcome":"XDAS_OUT_DENIAL"}
+HELPDESK_VERIFY_ATTRIBUTES={"xdasTaxonomy":"XDAS_AE_QUERY_TRUST","xdasOutcome":"XDAS_OUT_SUCCESS"}
+HELPDESK_VERIFY_ATTRIBUTES_INCORRECT={"xdasTaxonomy":"XDAS_AE_QUERY_TRUST","xdasOutcome":"XDAS_OUT_DENIAL"}
+HELPDESK_VERIFY_TOKEN={"xdasTaxonomy":"XDAS_AE_QUERY_TRUST","xdasOutcome":"XDAS_OUT_SUCCESS"}
+HELPDESK_VERIFY_TOKEN_INCORRECT={"xdasTaxonomy":"XDAS_AE_QUERY_TRUST","xdasOutcome":"XDAS_OUT_DENIAL"}

src/main/webapp/public/resources/themes/pwm/configStyle.css

@@ -111,7 +111,7 @@ html {
 .centerbody-config {
     bottom: 0;
     left: 0;
-    margin-left: auto;
+    margin-left: 0;
     margin-right: auto;
     min-width: 870px;
     position: absolute;
@@ -128,8 +128,8 @@ html {
 }
 
 #header-center-wide {
-    width: 850px;
-    margin: 0 auto;
+    width: 100%;
+    ;
     position:relative;
     padding:4px;
 }