Yes, the configuration is there in log4j2 but the audit log is only providing entries for users who are authorized, not for those who are denied access. I am attaching an annotated copy of my cas_audit.log, and also copies of my service's JSON file and log4j2.xml file.
My goals:
- To log attempts of a user to gain a service ticket, both when:
- the user is authorized (and therefore successful) and,
- unauthorized (and therefore denied access).
- To keep the log verbosity reasonably trim (I do not want to set debug
for the entire log)
On Thursday, February 8, 2018 at 4:35:22 PM UTC-5, rbon wrote:
>
> Carl,
>
> This already should be in log4j2:
>
> <!-- Log audit to all root appenders, and also to audit log
> (additivity is not false) -->
> <AsyncLogger name="org.apereo.inspektr.audit.support" level="info"
> includeLocation="true" >
> <AppenderRef ref="casAudit"/>
> <AppenderRef ref="syslog"/>
> </AsyncLogger>
>
> Ray
>
> On Thu, 2018-02-08 at 13:06 -0800, crdaudt wrote:
>
> For one of my services, I have the following accessStrategy defined in my
> JSON file:
>
> ---begin---
> "accessStrategy" :
> {
> "@class" :
> "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
> "enabled" : true,
> "unauthorizedRedirectUrl" : "
> https://ssohost.mydomain.edu/cas_nowayjose/";,
> "requireAllAttributes" : false,
> "ssoEnabled" : true,
> "requiredAttributes" :
> {
> "@class" : "java.util.HashMap",
> "memberOf" : [ "java.util.HashSet", [
> "CN=some_cn,OU=some_subgroup,OU=some_group,DC=my_subdomain,DC=my_domain,DC=edu","CN=some_other_cn,OU=some_subgroup,OU=some_group,DC=my_subdomain,DC=mydomain,DC=edu"
>
> ] ]
> }
> }
> ---end---
>
> This works nicely to redirect unauthorized users who do not belong to
> either of the memberOf AD groups. However, the default log settings in
> log4j2.xml do not provide any indication that an unauthorized user
> attempted to obtain a service ticket.
>
> How can I set up my CAS (v5.2.2) instance to log failed attempts by
> unauthorized users to obtain a service ticket?
>
> Carl
>
> --
> Ray Bon
> Programmer analyst
> Development Services, University Systems
> 2507218831 | CLE 019 | [email protected] <javascript:>
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4b2b2c3f-34c2-4c8a-acf3-8bc5a9a34e98%40apereo.org.
## User joe_shmo_unauthorized attempts to go to https://ssotest.myuniversity.edu/cas/login?service=https://junktest.com . ## Joe has a valid AD account, but is not authorized to use the service at junktest.com (based on accessStrategy restrictions in the service's JSON configuration). ## Once he authenticates, he is redirected to the unauthorizedRedirectUrl . 2018-02-09 08:28:50,537 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Fri Feb 09 08:28:50 EST 2018|CAS|[event=success,timestamp=Fri Feb 09 08:28:50 EST 2018,source=RankedAuthenticationProviderWebflowEventResolver]|AUTHENTICATION_EVENT_TRIGGERED|audit:unknown|10.10.50.11|10.2.100.100 2018-02-09 08:29:24,868 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Fri Feb 09 08:29:24 EST 2018|CAS|Supplied credentials: [joe_shmo_unauthorized]|AUTHENTICATION_SUCCESS|joe_shmo_unauthorized|10.10.50.11|10.2.100.100 ## Contrast the log entries above with those for user jhonny_good_authorized. ## Johnny is authorized to use the service provided at junktest.com, so he is successful in gaining a service ticket. 2018-02-09 08:31:50,358 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Fri Feb 09 08:31:50 EST 2018|CAS|[event=success,timestamp=Fri Feb 09 08:31:50 EST 2018,source=RankedAuthenticationProviderWebflowEventResolver]|AUTHENTICATION_EVENT_TRIGGERED|audit:unknown|10.10.50.12|10.2.100.100 2018-02-09 08:32:00,285 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Fri Feb 09 08:32:00 EST 2018|CAS|Supplied credentials: [jhonny_good_authorized]|AUTHENTICATION_SUCCESS|jhonny_good_authorized|10.10.50.12|10.2.100.100 2018-02-09 08:32:00,295 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Fri Feb 09 08:32:00 EST 2018|CAS|TGT-*******************************************************1bzJUQBD9l-a7RdWFk-ssotest.myuniversity.edu|TICKET_GRANTING_TICKET_CREATED|jhonny_good_authorized|10.10.50.12|10.2.100.100 2018-02-09 08:32:00,304 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Fri Feb 09 08:32:00 EST 2018|CAS|ST-5-KotmLKRwu7tOn7YCvlJvOkyM5gs-ssotest.myuniversity.edu for https://junktest.com|SERVICE_TICKET_CREATED|jhonny_good_authorized|10.10.50.12|10.2.100.100
junktest-14004001.json
Description: application/json
log4j2.xml
Description: XML document
