Re: [cas-user] how do I capture audit log trail for unauthorized users who are denied access to a service in an accessStrategy configuration of one of my JSON files?

Fri, 09 Feb 2018 07:01:01 -0800 

Yes, the configuration is there in log4j2 but the audit log is only 
providing entries for users who are authorized, not for those who are 
denied access.
I am attaching an annotated copy of my cas_audit.log, and also copies of my 
service's JSON file and log4j2.xml file.

My goals:

   - To log attempts of a user to gain a service ticket, both when:
      - the user is authorized (and therefore successful) and,
      - unauthorized (and therefore denied access).
   - To keep the log verbosity reasonably trim (I do not want to set debug 
   for the entire log) 
   

On Thursday, February 8, 2018 at 4:35:22 PM UTC-5, rbon wrote:
>
> Carl,
>
> This already should be in log4j2:
>
>         <!-- Log audit to all root appenders, and also to audit log 
> (additivity is not false) -->
>         <AsyncLogger name="org.apereo.inspektr.audit.support" level="info" 
> includeLocation="true" >
>             <AppenderRef ref="casAudit"/>
>             <AppenderRef ref="syslog"/>
>         </AsyncLogger>
>
> Ray 
>
> On Thu, 2018-02-08 at 13:06 -0800, crdaudt wrote:
>
> For one of my services, I have the following accessStrategy defined in my 
> JSON file:
>
> ---begin---
>   "accessStrategy" :
>   {
>     "@class" : 
> "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
>     "enabled" : true,
>     "unauthorizedRedirectUrl" : "
> https://ssohost.mydomain.edu/cas_nowayjose/";,
>     "requireAllAttributes" : false,
>     "ssoEnabled" : true,
>     "requiredAttributes" :
>     {
>       "@class" : "java.util.HashMap",
>       "memberOf" : [ "java.util.HashSet", [ 
> "CN=some_cn,OU=some_subgroup,OU=some_group,DC=my_subdomain,DC=my_domain,DC=edu","CN=some_other_cn,OU=some_subgroup,OU=some_group,DC=my_subdomain,DC=mydomain,DC=edu"
>  
> ] ]
>     }
>   }
> ---end---
>
> This works nicely to redirect unauthorized users who do not belong to 
> either of the memberOf AD groups.  However, the default log settings in 
> log4j2.xml do not provide any indication that an unauthorized user 
> attempted to obtain a service ticket.
>
> How can I set up my CAS (v5.2.2) instance to log failed attempts by 
> unauthorized users to obtain a service ticket?
>
> Carl
>
> -- 
> Ray Bon
> Programmer analyst
> Development Services, University Systems
> 2507218831 | CLE 019 | rb...@uvic.ca <javascript:>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4b2b2c3f-34c2-4c8a-acf3-8bc5a9a34e98%40apereo.org.

## User joe_shmo_unauthorized attempts to go to 
https://ssotest.myuniversity.edu/cas/login?service=https://junktest.com .
## Joe has a valid AD account, but is not authorized to use the service at 
junktest.com (based on accessStrategy restrictions in the service's JSON 
configuration).
## Once he authenticates, he is redirected to the unauthorizedRedirectUrl .
2018-02-09 08:28:50,537 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Fri Feb 09 
08:28:50 EST 2018|CAS|[event=success,timestamp=Fri Feb 09 08:28:50 EST 
2018,source=RankedAuthenticationProviderWebflowEventResolver]|AUTHENTICATION_EVENT_TRIGGERED|audit:unknown|10.10.50.11|10.2.100.100
2018-02-09 08:29:24,868 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Fri Feb 09 
08:29:24 EST 2018|CAS|Supplied credentials: 
[joe_shmo_unauthorized]|AUTHENTICATION_SUCCESS|joe_shmo_unauthorized|10.10.50.11|10.2.100.100

## Contrast the log entries above with those for user jhonny_good_authorized.
## Johnny is authorized to use the service provided at junktest.com, so he is 
successful in gaining a service ticket.
2018-02-09 08:31:50,358 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Fri Feb 09 
08:31:50 EST 2018|CAS|[event=success,timestamp=Fri Feb 09 08:31:50 EST 
2018,source=RankedAuthenticationProviderWebflowEventResolver]|AUTHENTICATION_EVENT_TRIGGERED|audit:unknown|10.10.50.12|10.2.100.100
2018-02-09 08:32:00,285 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Fri Feb 09 
08:32:00 EST 2018|CAS|Supplied credentials: 
[jhonny_good_authorized]|AUTHENTICATION_SUCCESS|jhonny_good_authorized|10.10.50.12|10.2.100.100
2018-02-09 08:32:00,295 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Fri Feb 09 
08:32:00 EST 
2018|CAS|TGT-*******************************************************1bzJUQBD9l-a7RdWFk-ssotest.myuniversity.edu|TICKET_GRANTING_TICKET_CREATED|jhonny_good_authorized|10.10.50.12|10.2.100.100
2018-02-09 08:32:00,304 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Fri Feb 09 
08:32:00 EST 2018|CAS|ST-5-KotmLKRwu7tOn7YCvlJvOkyM5gs-ssotest.myuniversity.edu 
for 
https://junktest.com|SERVICE_TICKET_CREATED|jhonny_good_authorized|10.10.50.12|10.2.100.100

Attachment: junktest-14004001.json
Description: application/json

Attachment: log4j2.xml
Description: XML document

Reply via email to