Uploaded image for project: 'Guacamole'
  1. Guacamole
  2. GUACAMOLE-1329

Clarify authentication log messages with respect to MFA

Attach filesAttach ScreenshotAdd voteVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 1.2.0
    • Fix Version/s: None
    • Component/s: guacamole
    • Labels:
      None
    • Environment:
      Package: tomcat8
      Versions: 8.5.39-1ubuntu1~18.04.3

      Description

      Dear Team

      Today I created a dashboard in Graylog to monitor failed and successful Guacamole logins and noticed this behaviour with logging and user sign in events.

      A user with TOTP enabled

      • a user signs in one single time
      • there appear three lines in catalina.out log file 
      • two lines appear after entering username & password
      • you enter TOTP challenge
      • third line appears

       

      After Login:
      19:13:08.869 [http-nio-8080-exec-8] INFO o.a.g.r.auth.AuthenticationService - User "guac-admin" successfully authenticated from [111.222.333.4, 127.0.0.1].
      19:13:09.424 [http-nio-8080-exec-4] INFO o.a.g.r.auth.AuthenticationService - User "guac-admin" successfully authenticated from [111.222.333.4, 127.0.0.1].
      
      After entering TOTP challenge:
      
      19:13:11.490 [http-nio-8080-exec-6] INFO o.a.g.r.auth.AuthenticationService - User "guac-admin" successfully authenticated from [111.222.333.4, 127.0.0.1]
      

       

       

       

      A user with TOTP fails to enter TOTP codes

      • a user signs in one single time
      • first two after entering username & password
      • after failing to enter the TOTP codes / entering wrong challenges there appear a new line:
        INFO o.a.g.r.auth.AuthenticationService - User "guac-admin" successfully authenticated from [111.222.333.4, 127.0.0.1]
        **

      A user with DUO enabled

      • a user signs in one single time
      • first line after entering username & password
      • second line after DUO challenge response successfully
      • third line appears after you enter TOTP challenge

       

       

      Best regards, Flo.

       

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              florianotpg Florian Obradovic

              Dates

              • Created:
                Updated:

                Issue deployment