[jboss-jira] [JBoss JIRA] (ELY-972) Elytron Audit Logging does not log failed authentication
Jan Kalina (JIRA)
issues at jboss.org
Tue Feb 21 12:12:01 EST 2017
[ https://issues.jboss.org/browse/ELY-972?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13367094#comment-13367094 ]
Jan Kalina commented on ELY-972:
--------------------------------
The only problem is, SecurityAuthenticationFailedEvent accept SecurityIdentity, which is anonymous in captureIdentity - if we want to see who is unsuccessfuly trying to log in, we need to use RealmIdentity - should not it be used in SecurityAuthenticationFailedEvent instead?
> Elytron Audit Logging does not log failed authentication
> --------------------------------------------------------
>
> Key: ELY-972
> URL: https://issues.jboss.org/browse/ELY-972
> Project: WildFly Elytron
> Issue Type: Bug
> Reporter: Jan Tymel
> Assignee: Jan Kalina
> Priority: Blocker
>
> Successful authentication is correctly handled by Elytron Audit Logging. However, if user provides incorrect password (~ authentication fails) there is no such record in audit log file.
> Logging of failed authentication is one of the requirements for this Elytron Audit Logging feature. Therefore setting blocker priority.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list