[jboss-jira] [JBoss JIRA] (ELY-972) Elytron Audit Logging does not log failed authentication
Jan Kalina (JIRA)
issues at jboss.org
Tue Feb 21 11:04:00 EST 2017
[ https://issues.jboss.org/browse/ELY-972?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13367029#comment-13367029 ]
Jan Kalina commented on ELY-972:
--------------------------------
As the existing audit logging messages are logged under control of ServerAuthenticationContext, I believe we should emit authentication fail messages also here, as part of fail() of approriate States.
Or what is to think here, [~dlofthouse]?
> Elytron Audit Logging does not log failed authentication
> --------------------------------------------------------
>
> Key: ELY-972
> URL: https://issues.jboss.org/browse/ELY-972
> Project: WildFly Elytron
> Issue Type: Bug
> Reporter: Jan Tymel
> Assignee: Jan Kalina
> Priority: Blocker
>
> Successful authentication is correctly handled by Elytron Audit Logging. However, if user provides incorrect password (~ authentication fails) there is no such record in audit log file.
> Logging of failed authentication is one of the requirements for this Elytron Audit Logging feature. Therefore setting blocker priority.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list