You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@guacamole.apache.org by "Florian Obradovic (Jira)" <ji...@apache.org> on 2021/04/20 20:17:00 UTC
[jira] [Commented] (GUACAMOLE-1329) Clarify authentication log
messages with respect to MFA
[ https://issues.apache.org/jira/browse/GUACAMOLE-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17326083#comment-17326083 ]
Florian Obradovic commented on GUACAMOLE-1329:
----------------------------------------------
Hey [~vnick] and [~mjumper].
Thx for your thoughts.
Mike's suggestions would perfectly fit for us!
Thanks a lot and best regards, Flo.
> Clarify authentication log messages with respect to MFA
> -------------------------------------------------------
>
> Key: GUACAMOLE-1329
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1329
> Project: Guacamole
> Issue Type: Improvement
> Components: guacamole
> Affects Versions: 1.2.0
> Environment: Package: tomcat8
> Versions: 8.5.39-1ubuntu1~18.04.3
> Reporter: Florian Obradovic
> Priority: Minor
> Attachments: image-2021-04-19-19-24-57-999.png
>
>
> Dear Team
> Today I created a dashboard in Graylog to monitor failed and successful Guacamole logins and noticed this behaviour with logging and user sign in events.
> h2. A user with TOTP enabled
> * a user signs in one single time
> * there appear three lines in catalina.out log file
> * two lines appear after entering username & password
> * you enter TOTP challenge
> * third line appears
>
> {code:java}
> After Login:
> 19:13:08.869 [http-nio-8080-exec-8] INFO o.a.g.r.auth.AuthenticationService - User "guac-admin" successfully authenticated from [111.222.333.4, 127.0.0.1].
> 19:13:09.424 [http-nio-8080-exec-4] INFO o.a.g.r.auth.AuthenticationService - User "guac-admin" successfully authenticated from [111.222.333.4, 127.0.0.1].
> After entering TOTP challenge:
> 19:13:11.490 [http-nio-8080-exec-6] INFO o.a.g.r.auth.AuthenticationService - User "guac-admin" successfully authenticated from [111.222.333.4, 127.0.0.1]
> {code}
>
>
>
> h1. A user with TOTP fails to enter TOTP codes
> * a user signs in one single time
> * first *two* after entering username & password
> * {color:#ff0000}*after failing to enter the TOTP codes / entering wrong challenges there appear a new line:*
> _INFO o.a.g.r.auth.AuthenticationService - User "guac-admin" successfully authenticated from [111.222.333.4, 127.0.0.1]_{color}**
> h1. A user with DUO enabled
> * a user signs in one single time
> * first line after entering username & password
> * second line after DUO challenge response successfully
> * third line appears after you enter TOTP challenge
> ----
>
> !image-2021-04-19-19-24-57-999.png|width=446,height=475!
>
> Best regards, Flo.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)