MFA audit events
39 views
Skip to first unread message
Agus Santosa
Jul 15, 2025, 12:08:14 AM7/15/25
to CAS Community
Hi,
CAS is currently sending AUTHENTICATION_SUCESS and AUTHENTICATION_FAILED events for MFA.
Is there a way to differentiate these events from the same events generated during initial (username/password) authentication?
The principal logged is the MFA token, which is not very useful as there is no way to link it to the principal's user.
=============================================================
WHEN: 2025-07-14T21:28:16.731959400
WHO: 208850
WHAT: {credential=****************()]}
ACTION: AUTHENTICATION_SUCCESS
CLIENT_IP: 127.0.0.1
SERVER_IP: 127.0.0.1
=============================================================
WHO: 208850
WHAT: {credential=****************()]}
ACTION: AUTHENTICATION_SUCCESS
CLIENT_IP: 127.0.0.1
SERVER_IP: 127.0.0.1
=============================================================
We are required to log MFA events as well regular username/password events and I have no idea if it can be done with current implementation.
Any advise is appreciated.
Thanks
Reply all
Reply to author
Forward
0 new messages