[jboss-jira] [JBoss JIRA] (ELY-972) Elytron Audit Logging does not log failed authentication

Jan Kalina (JIRA) issues at jboss.org
Tue Feb 21 08:27:00 EST 2017 

     [ https://issues.jboss.org/browse/ELY-972?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jan Kalina updated ELY-972:
---------------------------
    Steps to Reproduce: 
* Follow steps _Configure Elytron (default profile)_ in [blog post|http://javlog.cacek.cz/2017/01/enable-elytron-in-wildfly.html] in order to change default configuration to Elytron
* Add user via add-user.sh (as Application User)
* Deploy attached war (containing servlet secured with BASIC HTTP auth)
* Access http://127.0.0.1:8080/protected/printRoles in a browser
* Fill in username and *incorrect* password
* Check that _JBOSS_HOME/standalone/log/audit.log_ is empty
* Open browser in private mode
* Fill username and correct password
* Check that _JBOSS_HOME/standalone/log/audit.log_ has a few inputs


  was:
* Follow steps _Configure Elytron (default profile)_ in [blog post|http://javlog.cacek.cz/2017/01/enable-elytron-in-wildfly.html] in order to change default configuration to Elytron
* Add user via add-user.sh (as Application User)
* Deploy attached war (containing servlet secured with BASIC HTTP auth)
* Access http://127.0.0.1:8080/protected/printroles in a browser
* Fill in username and *incorrect* password
* Check that _JBOSS_HOME/standalone/log/audit.log_ is empty
* Open browser in private mode
* Fill username and correct password
* Check that _JBOSS_HOME/standalone/log/audit.log_ has a few inputs




> Elytron Audit Logging does not log failed authentication
> --------------------------------------------------------
>
>                 Key: ELY-972
>                 URL: https://issues.jboss.org/browse/ELY-972
>             Project: WildFly Elytron
>          Issue Type: Bug
>            Reporter: Jan Tymel
>            Assignee: Jan Kalina
>            Priority: Blocker
>
> Successful authentication is correctly handled by Elytron Audit Logging. However, if user provides incorrect password (~ authentication fails) there is no such record in audit log file.
> Logging of failed authentication is one of the requirements for this Elytron Audit Logging feature. Therefore setting blocker priority.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list