CAS 6.2.X audit log incorrectly logs one-time token value instead of username/userid in the WHO field when the supplied one-time token is incorrect

28 views

Skip to first unread message

George Papakyriakopoulos

unread,

Dec 18, 2020, 10:01:13 AM12/18/20

to CAS Community

As the title says, the default audit log entry in CAS 6.2.X for submission of a one-time token by a user incorrectly logs the one-time token value under the "WHO :" field when the one-time token provided by the user is incorrect.

Example log entry :

Audit trail record BEGIN =============================================================

WHO: 039328

WHAT: Supplied credentials: [OneTimeTokenCredential(token=039328)]

ACTION: AUTHENTICATION_FAILED

APPLICATION: CAS

WHEN: Fri Dec 18 10:10:48 EET 2020

CLIENT IP ADDRESS: [redacted]

SERVER IP ADDRESS: [redacted]

=============================================================

George Papakyriakopoulos

unread,

Jan 5, 2021, 5:39:48 AM1/5/21

to CAS Community, George Papakyriakopoulos

Bumping it up in case it was missed.

Reply all

Reply to author

Forward

0 new messages