Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Audit Log publish Incorrect FAILED_LOGIN event for Successful login attempt by SAML user on SAML enabled Domain #4608

Open
niravpi opened this issue Jul 30, 2024 · 2 comments · May be fixed by #4762
Open

[BUG] Audit Log publish Incorrect FAILED_LOGIN event for Successful login attempt by SAML user on SAML enabled Domain #4608

niravpi opened this issue Jul 30, 2024 · 2 comments · May be fixed by #4762
Labels
bug Something isn't working triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.

Comments

@niravpi
Copy link

niravpi commented Jul 30, 2024

What is the bug?
For SAML enabled domain, audit log publishes FAILED_LOGIN event for successful login attempt of SAML user.

How can one reproduce the bug?
Steps to reproduce the behavior:

  • Create any SAML enabled domain
  • Enable Audit log for that domain
  • Now try to lg in to dashboard via valid SAML user creds
  • You can see in the audit logs event there will be FAILED_LOGIN

What is the expected behavior?
For SAML enabled domain, there should be no FAILED_LOGIN audit log event for successful login attempt of SAML user

What is your host/environment?

  • OS: Linux
  • Plugins: Security

Do you have any screenshots?
Screenshot 2024-07-30 at 1 07 04 PM

Do you have any additional context?
NA
@niravpi niravpi added bug Something isn't working untriaged Require the attention of the repository maintainers and may need to be prioritized labels Jul 30, 2024
@expani
Copy link

expani commented Jul 30, 2024

The code path that likely triggers https://github.com/opensearch-project/security/blob/main/src/main/java/org/opensearch/security/auth/BackendRegistry.java#L296-L299

@cwperks
Copy link
Member

cwperks commented Aug 5, 2024

[Triage] Thank you for filing this issue @niravpi. That auditlog entry corresponds to this line and it will always be hit on SAML login because the SAML login flow requires challenge to be set to true to enter the reRequestAuthentication flow. This line will always be hit on successful login for SAML and it is confusing since the overall login is successful. I am in favor of removing this audit log entry for the SAML login flow.

@cwperks cwperks added triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable. and removed untriaged Require the attention of the repository maintainers and may need to be prioritized labels Aug 5, 2024
@derek-ho derek-ho linked a pull request Sep 30, 2024 that will close this issue
Open
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove failed login attempt for saml authenticator derek-ho/security
3 participants
@cwperks @niravpi @expani