Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-1496

Improve logging for Invalid authenticate requests from apps that utilize seraph cookies

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Unresolved
    • None
    • Core features
    • None

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      It is currently difficult to determine if invalid authentication requests are coming from applications like Confluence when "Remember Me" is checked.

      For example, if a user changes their Crowd password, then they open a browser with multiple tabs to Confuence, it will register multiple invalid password attempts.

      All that is logged in Crowd Debug logging is:

       DEBUG [crowd.manager.application.ApplicationServiceGeneric] authenticate: user dyu
 DEBUG [crowd.model.principal.PrincipalDAOHibernate] Updating Principal: com.atlassian.crowd.integration.model.RemotePrincipal@17bf658[ID=-1,name=dyu,directoryID=98306,active=true,conception=2009-02-20 16:08:33.0,lastModified=2009-04-09 08:15:22.0]
 DEBUG [util.persistence.hibernate.HibernateDao] Updating object: com.atlassian.crowd.integration.model.RemotePrincipal@17bf658[ID=-1,name=dyu,directoryID=98306,active=true,conception=2009-02-20 16:08:33.0,lastModified=2009-04-09 08:15:22.0]
 DEBUG [crowd.console.filter.CrowdOpenSessionInViewFilter] Closing single Hibernate Session in OpenSessionInViewFilter

      There is no indication that the login failed. This can cause supportability issues if they have Maximum Password Attempts enabled. An account can become locked and it would be difficult to determine why.

            Unassigned Unassigned
            davidyu David Yu
            Votes:
            5 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: