-
Suggestion
-
Resolution: Unresolved
-
None
-
None
It is currently difficult to determine if invalid authentication requests are coming from applications like Confluence when "Remember Me" is checked.
For example, if a user changes their Crowd password, then they open a browser with multiple tabs to Confuence, it will register multiple invalid password attempts.
All that is logged in Crowd Debug logging is:
DEBUG [crowd.manager.application.ApplicationServiceGeneric] authenticate: user dyu DEBUG [crowd.model.principal.PrincipalDAOHibernate] Updating Principal: com.atlassian.crowd.integration.model.RemotePrincipal@17bf658[ID=-1,name=dyu,directoryID=98306,active=true,conception=2009-02-20 16:08:33.0,lastModified=2009-04-09 08:15:22.0] DEBUG [util.persistence.hibernate.HibernateDao] Updating object: com.atlassian.crowd.integration.model.RemotePrincipal@17bf658[ID=-1,name=dyu,directoryID=98306,active=true,conception=2009-02-20 16:08:33.0,lastModified=2009-04-09 08:15:22.0] DEBUG [crowd.console.filter.CrowdOpenSessionInViewFilter] Closing single Hibernate Session in OpenSessionInViewFilter
There is no indication that the login failed. This can cause supportability issues if they have Maximum Password Attempts enabled. An account can become locked and it would be difficult to determine why.