[
https://issues.jboss.org/browse/ELY-972?page=com.atlassian.jira.plugin.sy...
]
Darran Lofthouse commented on ELY-972:
--------------------------------------
There may be a few things to think about this one.
Although some mechanisms use evidence verification many don't - we may want to look at
the AuthenticationCompleteCallback carrying a message that can be used here.
Also the HTTP mechanisms call the CallbackHandler but also need to call
authenticationFailed on the request - as the mechanisms already report their outcome we
may want to automate the call to the CBH so the mech doesn't need to perform two
notifications.
Elytron Audit Logging does not log failed authentication
--------------------------------------------------------
Key: ELY-972
URL:
https://issues.jboss.org/browse/ELY-972
Project: WildFly Elytron
Issue Type: Bug
Reporter: Jan Tymel
Assignee: Jan Kalina
Priority: Blocker
Successful authentication is correctly handled by Elytron Audit Logging. However, if user
provides incorrect password (~ authentication fails) there is no such record in audit log
file.
Logging of failed authentication is one of the requirements for this Elytron Audit
Logging feature. Therefore setting blocker priority.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)