• Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Major Major
    • core, ldap-plugin
    • None
    • Platform: All, OS: All

      Hello,

      It would be helpful to have the user name of a failed login attempt output to
      the Hudson log. This way, we can see if someone is trying to use various user
      names to login (unsuccessfully) to a Hudson instance.

      Currently, the log only shows:
      INFO: Login attempt failed
      ...

      I would like something like this:
      INFO: Login attempt failed for user "imahacker"
      ...

      Thanks & Regards,
      Andrew

          [JENKINS-2131] Log user names of failed login attempts

          awalters added a comment -

          Created an attachment (id=341)
          Modified line 61

          awalters added a comment - Created an attachment (id=341) Modified line 61

          Oleg Nenashev added a comment -

          A case for audit trail plugin

          Oleg Nenashev added a comment - A case for audit trail plugin

          Daniel Beck added a comment -

          Oleg it'd be much more helpful if you checked whether issues are actually still valid (instead of just changing a bit of metadata).

          Which this one isn't.

          Daniel Beck added a comment - Oleg it'd be much more helpful if you checked whether issues are actually still valid (instead of just changing a bit of metadata). Which this one isn't.

          Daniel Beck added a comment -

          Fixed in the mean time by logging jenkins.security.SecurityListener:

          Oct 08, 2014 7:42:44 PM FINE jenkins.security.SecurityListener
          failed to authenticate: baduser
          Oct 08, 2014 7:42:44 PM FINE jenkins.security.SecurityListener
          failed to log in: baduser

          Daniel Beck added a comment - Fixed in the mean time by logging jenkins.security.SecurityListener: Oct 08, 2014 7:42:44 PM FINE jenkins.security.SecurityListener failed to authenticate: baduser Oct 08, 2014 7:42:44 PM FINE jenkins.security.SecurityListener failed to log in: baduser

          Oleg Nenashev added a comment -

          Hmm... I have checked it, but seems the log level was not fine enough.
          My bad,, I should inspect the code next time

          Oleg Nenashev added a comment - Hmm... I have checked it, but seems the log level was not fine enough. My bad,, I should inspect the code next time

          Daniel Beck added a comment -

          Okay, I can only see what you change in the end, so it looked like robot work and not searching. Sorry about that.

          Daniel Beck added a comment - Okay, I can only see what you change in the end, so it looked like robot work and not searching. Sorry about that.

          Oleg Nenashev added a comment -

          I would hire IRC Bot to do a robot work
          In any case, thanks for properly closing the case

          Oleg Nenashev added a comment - I would hire IRC Bot to do a robot work In any case, thanks for properly closing the case

          Igor Rondarev added a comment -

          Probably there are some issues again here. jenkins.security.SecurityListener configured with FINEST level shows neither "failed to authenticate" nor "failed to login" messages, only "logged in" and "logged out" ones (we're using LDAP authentication plugin).

          Audit Trail, in its turn, shows corresponding failed login attempts, e.g.

          > Audit request /loginError by user 192.168.10.104

          Current config:

          Jenkins 2.283
          Audit Trail 3.8
          LDAP Plugin 2.4

          Doesn't look like misconfiguration, but trying to dig deeper anyway.

          Igor Rondarev added a comment - Probably there are some issues again here. jenkins.security.SecurityListener configured with FINEST level shows neither "failed to authenticate" nor "failed to login" messages, only "logged in" and "logged out" ones (we're using LDAP authentication plugin). Audit Trail, in its turn, shows corresponding failed login attempts, e.g. > Audit request /loginError by user 192.168.10.104 Current config: Jenkins 2.283 Audit Trail 3.8 LDAP Plugin 2.4 Doesn't look like misconfiguration, but trying to dig deeper anyway.

          Igor Rondarev added a comment - - edited

          Igor Rondarev added a comment - - edited (was using  https://support.cloudbees.com/hc/en-us/articles/360055861391-Create-a-logger-to-log-login-attempts?mobile_site=true  as a reference guide)

          Igor Rondarev added a comment - - edited

          Good news: works prefectly with default "Jenkins’ own user database" security realm (i see "failed to authenticate" messages for both non-existent user and existing user with wrong password PLUS "authenticated" and "logged in" messages for successful login attempts).

          Bad news: doesn't work with "LDAP" security realm at all (again, only "logged in" and "logged out" messages for successful login attempts, and no "authenticated" or "failed to ..." messages at all).

          Igor Rondarev added a comment - - edited Good news: works prefectly with default "Jenkins’ own user database" security realm (i see "failed to authenticate" messages for both non-existent user and existing user with wrong password PLUS "authenticated" and "logged in" messages for successful login attempts). Bad news: doesn't work with "LDAP" security realm at all (again, only "logged in" and "logged out" messages for successful login attempts, and no "authenticated" or "failed to ..." messages at all).

            Unassigned Unassigned
            awalters awalters
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: