Details
-
Improvement
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
1.2.0
-
None
-
None
-
Package: tomcat8
Versions: 8.5.39-1ubuntu1~18.04.3
Description
Dear Team
Today I created a dashboard in Graylog to monitor failed and successful Guacamole logins and noticed this behaviour with logging and user sign in events.
A user with TOTP enabled
- a user signs in one single time
- there appear three lines in catalina.out log file
- two lines appear after entering username & password
- you enter TOTP challenge
- third line appears
After Login: 19:13:08.869 [http-nio-8080-exec-8] INFO o.a.g.r.auth.AuthenticationService - User "guac-admin" successfully authenticated from [111.222.333.4, 127.0.0.1]. 19:13:09.424 [http-nio-8080-exec-4] INFO o.a.g.r.auth.AuthenticationService - User "guac-admin" successfully authenticated from [111.222.333.4, 127.0.0.1]. After entering TOTP challenge: 19:13:11.490 [http-nio-8080-exec-6] INFO o.a.g.r.auth.AuthenticationService - User "guac-admin" successfully authenticated from [111.222.333.4, 127.0.0.1]
A user with TOTP fails to enter TOTP codes
- a user signs in one single time
- first two after entering username & password
- after failing to enter the TOTP codes / entering wrong challenges there appear a new line:
INFO o.a.g.r.auth.AuthenticationService - User "guac-admin" successfully authenticated from [111.222.333.4, 127.0.0.1]**
A user with DUO enabled
- a user signs in one single time
- first line after entering username & password
- second line after DUO challenge response successfully
- third line appears after you enter TOTP challenge
Best regards, Flo.