Hello,
We just noticed that the log files (cas_audit.log and cas-2019<date>.log)
are reporting authentication failures as successes. Below is a sniped
from cas-2019-06-04-10-2.log which shows it sees it as a failure on line
18436 but then reports it as a success in both cas_audit.log
and cas-2019-06-04-10-2.log (line 18441).
We know that failures were reporting correctly at some point but am unsure
what has changed.
Below are also the configs from log4j2.xml.
Any help or insight that you can offer would be greatly apprecited.
Thank you,
Chris Pasek
The College of St. Scholastica
Duluth, MN
cas-2019-06-04-10-2.log:
18436 2019-06-04 11:20:36,369 ERROR
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
<Authentication
has failed. Credentials may be incorrect or CAS cannot find authentication
handler that supports [wrossing] of type [UsernamePasswordCredential].
Exami ne the configuration to ensure a method of authentication is
defined and analyze CAS logs at DEBUG level to trace the authentication
event.>
18437 2019-06-04 11:20:36,370 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
trail record BEGIN
18438 =============================================================
18439 WHO: wrossing
18440 WHAT: Supplied credentials: [wrossing]
18441 ACTION: AUTHENTICATION_SUCCESS
18442 APPLICATION: CAS
18443 WHEN: Tue Jun 04 11:20:36 CDT 2019
18444 CLIENT IP ADDRESS: 143.110.2.42
18445 SERVER IP ADDRESS: 143.110.1.81
18446 =============================================================
18447
18448 >18449 2019-06-04 11:20:38,308 INFO
[org.apereo.cas.web.flow.authentication.RankedMultifactorAuthenticationProviderSelector]
- <here: [cn=casmfabanner,ou=Groups,o=vault, cn=students,ou=Google
Groups,ou=Groups,o=vault, cn=studentcommunity,ou=Google
Groups,ou=Groups,o=vaul t]>
18450 2019-06-04 11:20:38,309 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
trail record BEGIN
18451 =============================================================
18452 WHO: audit:unknown18453 WHAT: [event=mfa-gauth,timestamp=Tue Jun 04
11:20:38 CDT
2019,source=RegisteredServicePrincipalAttributeMultifactorAuthenticationPolicyEventResolver]
18454 ACTION: AUTHENTICATION_EVENT_TRIGGERED
18455 APPLICATION: CAS
18456 WHEN: Tue Jun 04 11:20:38 CDT 2019
18457 CLIENT IP ADDRESS: 143.110.42.50
18458 SERVER IP ADDRESS: 143.110.1.81
18459 =============================================================
18460
log4j2.xml:
<RollingFile name="file" fileName="/var/log/cas/cas.log"
append="true"
filePattern="/var/log/cas/cas-%d{yyyy-MM-dd-HH}-%i.log">
<PatternLayout pattern="%d %p [%c] - <%m>%n"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10 MB"/>
<TimeBasedTriggeringPolicy />
</Policies>
</RollingFile>
<RollingFile name="auditlogfile"
fileName="/var/log/cas/cas_audit.log" append="true"
filePattern="/var/log/cas/cas_audit-%d{yyyy-MM-dd-HH}-%i.log">
<PatternLayout pattern="%d %p [%c] - %m%n"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10 MB"/>
<TimeBasedTriggeringPolicy />
</Policies>
</RollingFile>
<AsyncLogger name="org.apereo.inspektr.audit.support" level="info"
includeLocation="true" additivity="false">
<AppenderRef ref="casAudit"/>
<AppenderRef ref="casFile"/>
</AsyncLogger>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c7061b8a-a82f-4686-99d0-c2eaf8da054a%40apereo.org.
