Log failed authentications

Cantor, Scott cantor.2 at osu.edu
Wed May 13 13:55:37 UTC 2020

On 5/13/20, 9:49 AM, "users on behalf of Ignacio Amoeiro Bosch" <users-bounces at shibboleth.net on behalf of ignacio.amoeiro at extern.ibsalut.es> wrote:

> Is possible to audit failed login authentications in audit-event logger?

No. That's impossible in general because most of them end up back on the login page waiting for another attempt. Auditing is at the request/response level of the overall profile attempt. Failed logins are a diagnostic logging use case. Failed authentication overall in the cases that a flow actually terminates in some way are audited with various event signals and/or SAML status results.

Failed logins are also tracked numerically with metrics via counters.

-- Scott

More information about the users mailing list