Reviewed: https://review.openstack.org/613455
Committed:
https://git.openstack.org/cgit/openstack/keystone/commit/?id=a02a47a65f2be3d80d8e05685d6001c91aaeef25
Submitter: Zuul
Branch: master
commit a02a47a65f2be3d80d8e05685d6001c91aaeef25
Author: Morgan Fainberg <morgan.fainb...@gmail.com>
Date: Thu Oct 25 17:41:13 2018 -0700
Emit CADF notifications on authentication for invalid users
Emit CADF notifications on authentication when the user_name or the
user_id is invalid (UserNotFound raised). This closes a minor security
gap in notifications.
Change-Id: If8b49b5dc49a4b0670fb81a493f50c77df7b4362
closes-bug: #1537963
** Changed in: keystone
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1537963
Title:
notification not generated for authentication failure with invalid
user name
Status in OpenStack Identity (keystone):
Fix Released
Bug description:
Enable event notification in log mode:
[DEFAULT]
notification_format = cadf
notification_driver = log
Test by "Create a token"
$ openstack token issue
1.[OK] Correct user name and password: an event notification was created
with "event_type": "identity.authenticate"
"outcome": "success"
2. [OK] Correct user name but invalid password: an event notification was
also created with "event_type": "identity.authenticate"
"outcome": "failure"
3. [BUG] Invalid user name: NO event notification was created.
This may cause a security issue.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1537963/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
