Hi, There is a bug with the bucket4j throttling. I submitted a fix: https://github.com/apereo/cas/pull/5458 I will be available in the next release 6.5.4 (and 6.6.0). Thanks. Best regards, Jérôme
Le ven. 6 mai 2022 à 15:55, qla3fa <[email protected]> a écrit : > Hi, > > No it still doesn't work in my 6.5.2 install. > > Like you, with 6.4.6.1 it work correctly. And in my 6.5.2 install, I > comment these 3 cas.authn.throttle.xxx directive too... > > Quentin. > > > Le 05/04/2022 à 18:47, Frédéric Lohier a écrit : > > Hello, > > I am experiencing the same issue in CAS 6.5.2. , the throttle failure > module triggers at the first login attempt even if I submit a good user > login/password. It was working fine in CAS 6.4.6.1. > I am only using the cas-server-support-throttle, and if I comment the > following failure-throttle configuration, authentication works again > > #cas.authn.throttle.failure.threshold=1 > #cas.authn.throttle.failure.code=AUTHENTICATION_FAILED > #cas.authn.throttle.failure.range-seconds=3 > > Did you manage to make it work in 6.5.x? > > -Frederic > > On Fri, Mar 25, 2022 at 10:24 AM qla3fa <[email protected]> wrote: > >> Hi, >> >> I try to upgrade my CAS from v6.4.6.1 to 6.5.1. The configuration who was >> ok with v6.4 don't work in 6.5.1... >> >> I load these modules : >> >> implementation >> "org.apereo.cas:cas-server-support-throttle-bucket4j:${project.'cas.version'}" >> implementation >> "org.apereo.cas:cas-server-support-throttle:${project.'cas.version'}" >> implementation >> "org.apereo.cas:cas-server-support-throttle-jdbc:${project.'cas.version'}" >> >> I load et configure the audit log in jdbc too. >> >> In my cas.properties my conf is: >> >> cas.authn.throttle.jdbc.user=xxxxxxx >> cas.authn.throttle.jdbc.password=xxxxxxxx >> cas.authn.throttle.jdbc.driver-class=com.mysql.cj.jdbc.Driver >> cas.authn.throttle.jdbc.url=xxxxxxxx >> cas.authn.throttle.jdbc.dialect=org.hibernate.dialect.MySQL8Dialect >> cas.authn.throttle.core.username-parameter=username >> cas.authn.throttle.core.app-code=CAS >> cas.authn.throttle.failure.threshold=1 >> cas.authn.throttle.failure.code=AUTHENTICATION_FAILED >> cas.authn.throttle.failure.range-seconds=3 >> cas.authn.throttle.bucket4j.blocking=true >> cas.authn.throttle.bucket4j.enabled=true >> cas.authn.throttle.bucket4j.bandwidth[0].duration=PT60S >> cas.authn.throttle.bucket4j.bandwidth[0].capacity=50 >> >> Authentication always fail with message : >> >> More than [0.3333333333333333] failed login attempts within [3] seconds. >> Authentication attempt exceeds the failure threshold [1] >> >> I Try with different values in treshold and range-seconds but the issue >> is same... >> >> In database for an authentication I had only two rows : >> >> MariaDB [DEVCAS]> select * from COM_AUDIT_TRAIL\G; >> *************************** 1. row *************************** id: 1 >> AUD_ACTION: AUTHENTICATION_EVENT_TRIGGERED APPLIC_CD: CAS AUD_CLIENT_IP: >> xxxxxxxxxxxx AUD_DATE: 2022-03-24 16:03:34.000000 AUD_RESOURCE: >> {source=RankedMultifactorAuthenticationProviderWebflowEventResolver, >> event=success, timestamp=Thu Ma AUD_SERVER_IP: xxxxxxxxxxxxxxxxxxx >> AUD_USER: audit:unknown AUD_USERAGENT: Mozilla/5.0 (Macintosh; Intel Mac OS >> X 10.15; rv:98.0) Gecko/20100101 Firefox/98.0 *************************** >> 2. row *************************** id: 2 AUD_ACTION: >> THROTTLED_LOGIN_ATTEMPT APPLIC_CD: CAS AUD_CLIENT_IP: xxxxxxxxxxx AUD_DATE: >> 2022-03-24 16:03:44.000000 AUD_RESOURCE: N/A AUD_SERVER_IP: xxxxxxxxxxxx >> AUD_USER: xxxxxxx AUD_USERAGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X >> 10.15; rv:98.0) Gecko/20100101 Firefox/98.0 2 rows in set (0.001 sec) >> >> If I unload modules >> "org.apereo.cas:cas-server-support-throttle:${project.'cas.version'}" and >> "org.apereo.cas:cas-server-support-throttle-jdbc:${project.'cas.version'}" >> the authnetication work properly. >> >> Is there un bug with throttling and v6.5.1 ? Or I miss something ? >> >> Best regards. >> >> Quentin. >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/8119db25-4120-5fd3-dceb-4286306826a8%40gmail.com >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/8119db25-4120-5fd3-dceb-4286306826a8%40gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALRGK0qspbjpOn0jbP6tjL0Y%3Dhu8%2BJ7VYj4hyihAViPPHLcH6A%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALRGK0qspbjpOn0jbP6tjL0Y%3Dhu8%2BJ7VYj4hyihAViPPHLcH6A%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/8b727949-b685-a84c-721e-96b521c97ff5%40gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/8b727949-b685-a84c-721e-96b521c97ff5%40gmail.com?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279Lyvbe4XUVsoAyEEcBYtR7X_cNv09az%2BxOdeB97kDF68gg%40mail.gmail.com.
