Dear CAS user/developers, We are using CAS 5.0.4 with the Inspektr library for storing audit logs into a database. We are using it together with login throttling, which depends on the data in the audit table.
Everything works just fine, I just spotted a little surprising thing: It seems that authentication failures (i.e. input data for the throttling mechanism) are reported as actual throttling. CAS works fine, no actual throttling occurs (yet), just the audit log contains little misleading information. In a text log file, it looks like this: 2017-05-23T10:05:02,992 [http-nio-8443-exec-7] DEBUG org.apereo.cas.web. support. InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter - Recording submission failure for /cas/login 2017-05-23T10:05:02,992 [http-nio-8443-exec-7] WARN org.apereo.cas.web. support. InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter - Throttling submission from 0:0:0:0:0:0:0:1. More than 5 failed login attempts within 60 seconds. Authentication attempt exceeds the failure threshold 5 The first line looks OK to me, while the second one does not; no actual throttling occurred and this was the 1st failed login attempt. In the database, it looks like this: xx...@xxx.com 0:0:0:0:0:0:0:1 0:0:0:0:0:0:0:1 Supplied credentials: [ xx...@xxx.com] AUTHENTICATION_FAILED CAS 22-MAY-17 05.15.13.086000000 PM xx...@xxx.com 0:0:0:0:0:0:0:1 0:0:0:0:0:0:0:1 xx...@xxx.com THROTTLED_LOGIN_ATTEMPT CAS 22-MAY-17 05.15.35.079000000 PM (The time difference results from debugging, please ignore it.) Again, the first row looks OK, the 2nd one is misleading. When I look into the source code, class InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter, I can see this method: @Override public void recordSubmissionFailure(final HttpServletRequest request) { recordThrottle(request); } Calling recordThrottle(record) here is probably the source of the behavior I've just described. I think something else should be called instead. Do you agree? Or do I understand it wrong and this behavior is OK? Thank you! Best Regards, Jarda -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/faf74be0-eaba-4db1-bce8-85060159fcd8%40apereo.org.