[jboss-jira] [JBoss JIRA] (ELY-972) Elytron Audit Logging does not log failed authentication

[Darran Lofthouse (JIRA)]

    [ https://issues.jboss.org/browse/ELY-972?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13366506#comment-13366506 ] 

Darran Lofthouse commented on ELY-972:
--------------------------------------

There may be a few things to think about this one.

Although some mechanisms use evidence verification many don't - we may want to look at the AuthenticationCompleteCallback carrying a message that can be used here.

Also the HTTP mechanisms call the CallbackHandler but also need to call authenticationFailed on the request - as the mechanisms already report their outcome we may want to automate the call to the CBH so the mech doesn't need to perform two notifications.



> Elytron Audit Logging does not log failed authentication
> --------------------------------------------------------
>
>                 Key: ELY-972
>                 URL: https://issues.jboss.org/browse/ELY-972
>             Project: WildFly Elytron
>          Issue Type: Bug
>            Reporter: Jan Tymel
>            Assignee: Jan Kalina
>            Priority: Blocker
>
> Successful authentication is correctly handled by Elytron Audit Logging. However, if user provides incorrect password (~ authentication fails) there is no such record in audit log file.
> Logging of failed authentication is one of the requirements for this Elytron Audit Logging feature. Therefore setting blocker priority.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)