Hello everybody,
I submitted a pull request for that, here it
is: https://github.com/apereo/cas/pull/2667
Could someone from the developers have a look, please?
Thank you in advance,
Jarda
Dne úterý 23. května 2017 10:52:07 UTC+2 Jaroslav Kačer napsal(a):
>
> Dear CAS user/developers,
>
> We are using CAS 5.0.4 with the Inspektr library for storing audit logs
> into a database. We are using it together with login throttling, which
> depends on the data in the audit table.
>
> Everything works just fine, I just spotted a little surprising thing: It
> seems that authentication failures (i.e. input data for the throttling
> mechanism) are reported as actual throttling. CAS works fine, no actual
> throttling occurs (yet), just the audit log contains little misleading
> information.
>
> In a text log file, it looks like this:
>
> 2017-05-23T10:05:02,992 [http-nio-8443-exec-7] DEBUG org.apereo.cas.web.
> support.
> InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter
> - Recording submission failure for /cas/login
> 2017-05-23T10:05:02,992 [http-nio-8443-exec-7] WARN org.apereo.cas.web.
> support.
> InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter
> - Throttling submission from 0:0:0:0:0:0:0:1. More than 5 failed login
> attempts within 60 seconds. Authentication attempt exceeds the failure
> threshold 5
>
>
> The first line looks OK to me, while the second one does not; no actual
> throttling occurred and this was the 1st failed login attempt.
>
> In the database, it looks like this:
> [email protected] 0:0:0:0:0:0:0:1 0:0:0:0:0:0:0:1 Supplied credentials: [
> [email protected]] AUTHENTICATION_FAILED CAS 22-MAY-17 05.15.13.086000000 PM
> [email protected] 0:0:0:0:0:0:0:1 0:0:0:0:0:0:0:1 [email protected]
> THROTTLED_LOGIN_ATTEMPT CAS 22-MAY-17 05.15.35.079000000 PM
>
>
> (The time difference results from debugging, please ignore it.) Again, the
> first row looks OK, the 2nd one is misleading.
>
> When I look into the source code,
> class
> InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter,
> I can see this method:
> @Override
> public void recordSubmissionFailure(final HttpServletRequest request) {
> recordThrottle(request);
> }
>
>
>
> Calling recordThrottle(record) here is probably the source of the behavior
> I've just described. I think something else should be called instead. Do
> you agree? Or do I understand it wrong and this behavior is OK?
>
> Thank you!
>
> Best Regards,
> Jarda
>
>
>
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4e6479bd-9cd8-4e58-ad6d-2a45bfbe4c18%40apereo.org.
