Log failed authentications
Cantor, Scott
cantor.2 at osu.edu
Wed May 13 13:55:37 UTC 2020
On 5/13/20, 9:49 AM, "users on behalf of Ignacio Amoeiro Bosch" <users-bounces at shibboleth.net on behalf of ignacio.amoeiro at extern.ibsalut.es> wrote:
> Is possible to audit failed login authentications in audit-event logger?
No. That's impossible in general because most of them end up back on the login page waiting for another attempt. Auditing is at the request/response level of the overall profile attempt. Failed logins are a diagnostic logging use case. Failed authentication overall in the cases that a flow actually terminates in some way are audited with various event signals and/or SAML status results.
Failed logins are also tracked numerically with metrics via counters.
-- Scott
More information about the users
mailing list