Hi,
Good news ! :-)
Thanks a lot. We will wait this fix.
Best regards.
Quentin.
Le 06/05/2022 à 16:03, Jérôme LELEU a écrit :
Hi,
There is a bug with the bucket4j throttling.
I submitted a fix: https://github.com/apereo/cas/pull/5458
I will be available in the next release 6.5.4 (and 6.6.0).
Thanks.
Best regards,
Jérôme
Le ven. 6 mai 2022 à 15:55, qla3fa <[email protected]> a écrit :
Hi,
No it still doesn't work in my 6.5.2 install.
Like you, with 6.4.6.1 it work correctly. And in my 6.5.2
install, I comment these 3 cas.authn.throttle.xxx directive too...
Quentin.
Le 05/04/2022 à 18:47, Frédéric Lohier a écrit :
Hello,
I am experiencing the same issue in CAS 6.5.2. , the throttle
failure module triggers at the first login attempt even if I
submit a good user login/password. It was working fine in CAS
6.4.6.1.
I am only using the cas-server-support-throttle, and if I comment
the following failure-throttle configuration, authentication
works again
#cas.authn.throttle.failure.threshold=1
#cas.authn.throttle.failure.code=AUTHENTICATION_FAILED
#cas.authn.throttle.failure.range-seconds=3
Did you manage to make it work in 6.5.x?
-Frederic
On Fri, Mar 25, 2022 at 10:24 AM qla3fa <[email protected]> wrote:
Hi,
I try to upgrade my CAS from v6.4.6.1 to 6.5.1. The
configuration who was ok with v6.4 don't work in 6.5.1...
I load these modules :
implementation
"org.apereo.cas:cas-server-support-throttle-bucket4j:${project.'cas.version'}"
implementation
"org.apereo.cas:cas-server-support-throttle:${project.'cas.version'}"
implementation
"org.apereo.cas:cas-server-support-throttle-jdbc:${project.'cas.version'}"
I load et configure the audit log in jdbc too.
In my cas.properties my conf is:
cas.authn.throttle.jdbc.user=xxxxxxx
cas.authn.throttle.jdbc.password=xxxxxxxx
cas.authn.throttle.jdbc.driver-class=com.mysql.cj.jdbc.Driver
cas.authn.throttle.jdbc.url=xxxxxxxx
cas.authn.throttle.jdbc.dialect=org.hibernate.dialect.MySQL8Dialect
cas.authn.throttle.core.username-parameter=username
cas.authn.throttle.core.app-code=CAS
cas.authn.throttle.failure.threshold=1
cas.authn.throttle.failure.code=AUTHENTICATION_FAILED
cas.authn.throttle.failure.range-seconds=3
cas.authn.throttle.bucket4j.blocking=true
cas.authn.throttle.bucket4j.enabled=true
cas.authn.throttle.bucket4j.bandwidth[0].duration=PT60S
cas.authn.throttle.bucket4j.bandwidth[0].capacity=50
Authentication always fail with message :
More than [0.3333333333333333] failed login attempts within
[3] seconds. Authentication attempt exceeds the failure
threshold [1]
I Try with different values in treshold and range-seconds but
the issue is same...
In database for an authentication I had only two rows :
MariaDB [DEVCAS]> select * from COM_AUDIT_TRAIL\G;
*************************** 1. row
*************************** id: 1 AUD_ACTION:
AUTHENTICATION_EVENT_TRIGGERED APPLIC_CD: CAS AUD_CLIENT_IP:
xxxxxxxxxxxx AUD_DATE: 2022-03-24 16:03:34.000000
AUD_RESOURCE:
{source=RankedMultifactorAuthenticationProviderWebflowEventResolver,
event=success, timestamp=Thu Ma AUD_SERVER_IP:
xxxxxxxxxxxxxxxxxxx AUD_USER: audit:unknown AUD_USERAGENT:
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:98.0)
Gecko/20100101 Firefox/98.0 *************************** 2.
row *************************** id: 2 AUD_ACTION:
THROTTLED_LOGIN_ATTEMPT APPLIC_CD: CAS AUD_CLIENT_IP:
xxxxxxxxxxx AUD_DATE: 2022-03-24 16:03:44.000000
AUD_RESOURCE: N/A AUD_SERVER_IP: xxxxxxxxxxxx AUD_USER:
xxxxxxx AUD_USERAGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X
10.15; rv:98.0) Gecko/20100101 Firefox/98.0 2 rows in set
(0.001 sec)
If I unload modules
"org.apereo.cas:cas-server-support-throttle:${project.'cas.version'}"
and
"org.apereo.cas:cas-server-support-throttle-jdbc:${project.'cas.version'}"
the authnetication work properly.
Is there un bug with throttling and v6.5.1 ? Or I miss
something ?
Best regards.
Quentin.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the
Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from
it, send an email to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8119db25-4120-5fd3-dceb-4286306826a8%40gmail.com
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/8119db25-4120-5fd3-dceb-4286306826a8%40gmail.com?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the
Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALRGK0qspbjpOn0jbP6tjL0Y%3Dhu8%2BJ7VYj4hyihAViPPHLcH6A%40mail.gmail.com
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALRGK0qspbjpOn0jbP6tjL0Y%3Dhu8%2BJ7VYj4hyihAViPPHLcH6A%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8b727949-b685-a84c-721e-96b521c97ff5%40gmail.com
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/8b727949-b685-a84c-721e-96b521c97ff5%40gmail.com?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279Lyvbe4XUVsoAyEEcBYtR7X_cNv09az%2BxOdeB97kDF68gg%40mail.gmail.com
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279Lyvbe4XUVsoAyEEcBYtR7X_cNv09az%2BxOdeB97kDF68gg%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/adf72fbc-fd4a-4664-6e03-ada438218b5c%40gmail.com.
