Failed login count information does not get recorded should user access Confluence via SSO

Summary

Failed login count in Confluence (User's details page) does not show failed login attempts when user tried to login to Confluence via Okta chiclet
However, the same behavior is not observed (failed login counts work as per expected) when user accessed confluence directly via Confluence default login page (with a wrong password).

Expected Results

Failed login attempt should be recorded on the User's details page.

Actual Results

Failed login attempts do not get recorded on the User's details page.

Additional information

1. When SSO via SAML is used, Confluence is not informed about users' failed login attempts because in this case browser is not redirected from SSO provider back to Confluence. As a result, SSO via SAML does not allow to record all unsuccessful logins to the Confluence's database.

2.  In some cases Confluence be aware the failures:

• Invalid SAML: unsigned, wrong signed or otherwise malformed
• user does not exists or it is not allowed to authenticate

Unfortunately, these specific cases do not reflect the original "failed counter" idea.

3. SSO providers could provide reports with detailed access logs (it depends on the provider)