Sorry, more questions:
I also tried setting the property *cas.authnofor throttle.failure.code* to
"AUTHENTICATION_FAILED_THROTTLED" in an attempt to make the cause for this
failure mode more apparent.
However, the string never shows up in the logs. I don't see any differences if I leave it
at the default(?) "AUTHENTICATION_FAILED" value.
Upon invoking throttling the UI presents the following in a somewhat funky font:
=====
YOU ARE NOT AUTHORIZED TO BE AUTHORIZED!
We are sorry. You do not have permission to view this page.
You thought you could just get to file you wanted, right?
Wrong.
In closing, go away.
=====
Since this is... not ideal... for our environment, we'll need to edit this. I
assume this should be done via an overlay? It looks like this content is found
in .../templates/error/403.html file. I believe long ago we previously modified
404.html, and I find it in our
cas-overlay/target/classes/templates/error/404.html dir. Should the overlay
version of 403.html also be placed in the same dir?
Since it's invoking a general 403.html, I don't suppose there is a way to get
it to display a more specific page for the Throttling condition rather than a
generic 403?
On Thu, Sep 10, 2020 at 07:56:54AM +0200, Jérôme LELEU wrote:
Hi,
The value of the *cas.authn.throttle.usernameParameter* property must be
the name of the request parameter holding the username (from the login
form), which is "username".
Thanks.
Best regards,
Jérôme
Le mer. 9 sept. 2020 à 19:37, Baron Fujimoto <[email protected]> a écrit :
Mahalo for the clarification! I'm assuming that the "username" value for
the cas.authn.throttle.usernameParameter is a general value for all users
and not a specific user, e.g. "alice" or "bob" (because that would be...
non-optimal)? Does it matter what the value for the
cas.authn.throttle.usernameParameter property is, or just that it has some
value? I.e., could it be set to a pseudo-boolean value, like "true" and
have the same effect?
It would be helpful if the documentation included this information.
On Wed, Sep 09, 2020 at 12:57:32PM +0200, Jérôme LELEU wrote:
>Hi,
>
>If you define something for the username, you'll use the throttling by IP
>and username.
>Thanks.
>Best regards,
>Jérôme
>
>
>Le mer. 9 sept. 2020 à 00:10, Baron Fujimoto <[email protected]> a écrit :
>
>> I'm seeking some clarification on Authentication Throttling. We're using
>> 5.0.x, but the documentation doesn't seem to differ much in subsequent
>> versions for this question.
>>
>> <
>>
https://apereo.github.io/cas/5.0.x/installation/Configuring-Authentication-Throttling.html
>> >
>>
>> The docs describe both throttling by IP address, and IP address and
>> username. How do we ensure the latter so the throttling is also per
>> username? The cas.properties documentation includes a
>> "cas.authn.throttle.usernameParameter=username" property, but doesn't
>> explain its purpose. I don't see anything else that looks like it may be
>> relevant?
>>
>> --
>> UH Information Technology Services : Identity & Access Mgmt, Middleware
>> minutas cantorum, minutas balorum, minutas carboratum desendus pantorum
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google
Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send
an
>> email to [email protected].
>> To view this discussion on the web visit
>>
https://groups.google.com/a/apereo.org/d/msgid/cas-user/20200908221042.immqr5tibuzxq44v%40MacBook-Pro.local
>> .
>>
>
>--
>- Website: https://apereo.github.io/cas
>- Gitter Chatroom: https://gitter.im/apereo/cas
>- List Guidelines: https://goo.gl/1VRrw7
>- Contributions: https://goo.gl/mh7qDG
>---
>You received this message because you are subscribed to the Google Groups
"CAS Community" group.
>To unsubscribe from this group and stop receiving emails from it, send an
email to [email protected].
>To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279Lwg_D%2BKQSN4%3DTGSQFRDnvNdouSZ5S441aawXkdb7wQk7g%40mail.gmail.com
.
--
UH Information Technology Services : Identity & Access Mgmt, Middleware
minutas cantorum, minutas balorum, minutas carboratum desendus pantorum
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/20200909173651.2pqnbpxmkvcq6gej%40MacBook-Pro.local
.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279Lw8Vh%3DzrnO07vDPd-NWVZiKp3mnzwNUD9mxgQ9bgzmOTQ%40mail.gmail.com.
--
UH Information Technology Services : Identity & Access Mgmt, Middleware
minutas cantorum, minutas balorum, minutas carboratum desendus pantorum
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/20200910210451.xv4bvifiz7q2lhbd%40MacBook-Pro.local.
