Audit Log - success/failed authentications

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Audit Log - success/failed authentications

Hugo Slavia
Can the audit log be configured to capture both successful and fail authentications?

v3.3.3

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Audit Log - success/failed authentications

Cantor, Scott E.
> Can the audit log be configured to capture both successful and fail
> authentications?

It logs neither, auditing records the results of completing profile requests. Authentication is not represented formally there, only completed requests. If a profile request completing successfully implies something about authentication, current or otherwise, that's as close as it gets.

-- Scott

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Audit Log - success/failed authentications

Christopher Bongaarts
On 7/10/2018 2:24 PM, Cantor, Scott wrote:
Can the audit log be configured to capture both successful and fail
authentications?
It logs neither, auditing records the results of completing profile requests. Authentication is not represented formally there, only completed requests. If a profile request completing successfully implies something about authentication, current or otherwise, that's as close as it gets.

If you are using LDAP authentication, you can get ldaptive to at least log some of this to the idp-process.log (or elsewhere with sufficient logback wizardry).  Easiest way is to set the ldap loglevel variable at the top of logback.xml to INFO or higher:

    <variable name="idp.loglevel.ldap" value="INFO" />

You'll get more than just the success and failure, and the logs will reflect the LDAP DN rather than the entered username.

It's possible other authn methods have similar logging that could be enabled.
-- 
%%  Christopher A. Bongaarts   %%  [hidden email]          %%
%%  OIT - Identity Management  %%  http://umn.edu/~cab  %%
%%  University of Minnesota    %%  +1 (612) 625-1809    %%

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Audit Log - success/failed authentications

Cantor, Scott E.
On 7/10/18, 6:07 PM, "users on behalf of Christopher Bongaarts" <[hidden email] on behalf of [hidden email]> wrote:

> It's possible other authn methods have similar logging that could be enabled.

All the validators log something generic now, though I can't recall what they did in 3.3.

-- Scott


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Audit Log - success/failed authentications

Peter Schober
In reply to this post by Hugo Slavia
* Hugo Slavia <[hidden email]> [2018-07-10 21:17]:
> Can the audit log be configured to capture both successful and fail
> authentications?

As Scott said, both are being logged already, just not to the audit log:

$ egrep 'succeeded|failed' idp-process.log

-peter
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]