[OPENAM-9983] Username not printed in Audit log for Failed Authentication Created: 09/Nov/16  Updated: 04/May/17  Resolved: 21/Nov/16

Status: Resolved
Project: OpenAM
Component/s: audit logging, authentication
Affects Version/s: 12.0.2
Fix Version/s: 12.0.5, 13.5.1, 14.0.0

Type: Bug Priority: Major
Reporter: sanjoy karmakar Assignee: Sachiko Wallace
Resolution: Fixed Votes: 0
Labels: Customer, EDISON
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Relates
relates to OPENAM-10042 Unsuccessful federation results in NPE Resolved
relates to OPENAM-10056 Failure reason was not printed in aud... Resolved
Sprint: AM Sustaining Sprint 31
Story Points: 3
QA Assignee: Filip Kubáň [X] (Inactive)
Verified Version/s:

 Description   

In amAuthentication.error [audit log] log of OpenAM, it does not log the UserID/LoginID if user is not found in the datastore. In other cases [invalid password/user locked] UserID/LoginID is being logged with proper message by OpenAM.

Current Behavior [ in case of "User not found"]

"2016-10-21 15:27:37" "Login Failed" "Not Available" "Not Available" 127.0.0.1 INFO o=bns,ou=services,dc=openam,dc=forgerock,dc=org AUTHENTICATION-200 "cn=dsameuser,ou=DSAME Users,dc=openam,dc=forgerock,dc=org" "Not Available" LDAP 127.0.0.1

Expected Behavior [in case of "User not found"] with proper message.

"2016-10-21 15:27:37" "User not found" "Not Available" "*Test*" 127.0.0.1 INFO o=bns,ou=services,dc=openam,dc=forgerock,dc=org AUTHENTICATION-200 "cn=dsameuser,ou=DSAME Users,dc=openam,dc=forgerock,dc=org" "Not Available" LDAP 127.0.0.1

In 13.x when new audit logging was introduced, non of the auth module will log username in failure case.
In 11.0.x and 12.0.x, LDAP auth module does not log the username in case user wasn't found.



 Comments   
Comment by Peter Major [X] (Inactive) [ 09/Nov/16 ]

You should raise a support ticket on backstage.forgerock.com..

Comment by sanjoy karmakar [ 09/Nov/16 ]

Opened a Support ticket on this issue but was suggested to open an RFE.

Comment by Phil Ostler [X] (Inactive) [ 17/Nov/16 ]

Commit has been reverted due to failing functional tests. See PR https://stash.forgerock.org/projects/TEMPER/repos/temper/pull-requests/939/overview

Authenticate end-point was returning 500 upon attempting to address a chain that does not exist.

Comment by Filip Kubáň [X] (Inactive) [ 04/May/17 ]

Verified on OpenAM 13.5.1-RC2 Build 149fc42dac (2017-April-20 08:29)

username is visible in csv audit log for failed auth (see below)

"885bdf70-fb07-445d-84a2-adab683dc013-67730","2017-05-04T08:09:06.228Z","AM-LOGIN-COMPLETED","885bdf70-fb07-445d-84a2-adab683dc013-67726","id=demo,ou=user,dc=openam,dc=forgerock,dc=org","[""f5018873d59403fa01""]","FAILED","[""demo""]",,"[{""moduleId"":""DataStore"",""info"":{""failureReason"":""INVALID_PASSWORD"",""ipAddress"":""172.25.1.71"",""authLevel"":""0""}}]","Authentication","/"
Generated at Mon Nov 30 01:30:52 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.