[JBoss JIRA] (ELY-972) Elytron Audit Logging does not log failed authentication

Tuesday, 21 February 2017

    [
https://issues.jboss.org/browse/ELY-972?page=com.atlassian.jira.plugin.sy...
] 

Jan Kalina commented on ELY-972:
--------------------------------

The only problem is, SecurityAuthenticationFailedEvent accept SecurityIdentity, which is
anonymous in captureIdentity - if we want to see who is unsuccessfuly trying to log in, we
need to use RealmIdentity - should not it be used in SecurityAuthenticationFailedEvent
instead?

...
 Elytron Audit Logging does not log failed authentication
 --------------------------------------------------------

                 Key: ELY-972
                 URL: https://issues.jboss.org/browse/ELY-972
             Project: WildFly Elytron
          Issue Type: Bug
            Reporter: Jan Tymel
            Assignee: Jan Kalina
            Priority: Blocker

 Successful authentication is correctly handled by Elytron Audit Logging. However, if user
provides incorrect password (~ authentication fails) there is no such record in audit log
file.
 Logging of failed authentication is one of the requirements for this Elytron Audit
Logging feature. Therefore setting blocker priority. 

--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006