Dear CAS user/developers,
We are using CAS 5.0.4 with the Inspektr library for storing audit logs
into a database. We are using it together with login throttling, which
depends on the data in the audit table.
Everything works just fine, I just spotted a little surprising thing: It
seems that authentication failures (i.e. input data for the throttling
mechanism) are reported as actual throttling. CAS works fine, no actual
throttling occurs (yet), just the audit log contains little misleading
information.
In a text log file, it looks like this:
2017-05-23T10:05:02,992 [http-nio-8443-exec-7] DEBUG org.apereo.cas.web.
support.
InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter -
Recording submission failure for /cas/login
2017-05-23T10:05:02,992 [http-nio-8443-exec-7] WARN org.apereo.cas.web.
support.
InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter -
Throttling submission from 0:0:0:0:0:0:0:1. More than 5 failed login
attempts within 60 seconds. Authentication attempt exceeds the failure
threshold 5
The first line looks OK to me, while the second one does not; no actual
throttling occurred and this was the 1st failed login attempt.
In the database, it looks like this:
xx...@xxx.com 0:0:0:0:0:0:0:1 0:0:0:0:0:0:0:1 Supplied credentials: [
xx...@xxx.com] AUTHENTICATION_FAILED CAS 22-MAY-17 05.15.13.086000000 PM
xx...@xxx.com 0:0:0:0:0:0:0:1 0:0:0:0:0:0:0:1 xx...@xxx.com
THROTTLED_LOGIN_ATTEMPT CAS 22-MAY-17 05.15.35.079000000 PM
(The time difference results from debugging, please ignore it.) Again, the
first row looks OK, the 2nd one is misleading.
When I look into the source code,
class
InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter,
I can see this method:
@Override
public void recordSubmissionFailure(final HttpServletRequest request) {
recordThrottle(request);
}
Calling recordThrottle(record) here is probably the source of the behavior
I've just described. I think something else should be called instead. Do
you agree? Or do I understand it wrong and this behavior is OK?
Thank you!
Best Regards,
Jarda
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/faf74be0-eaba-4db1-bce8-85060159fcd8%40apereo.org.
