Understanding and customising audit log output

[George Papakyriakopoulos]

Hello everyone,

In the process of investigating an issue where some of our CAS users report their OneTimeToken getting rejected although they are supplying the correct ones from their Google Authenticator output (we have verified as much), I was trying to look into how I could potentially edit the CAS code to alter the audit log being emitted on a failed authentication attempt when providing an incorrect OneTimeToken.

I have spent a lot of time trying to understand how CAS and the Inspektr framework are intertwined and how information is passed from one to the other, but I'll admit I am a bit lost between the abstraction layers. Can any of you point me towards how I should approach this ? Ideally the end goal is to be able to edit the "WHO" or "WHAT" audit log field, specifically for an AUTHENTICATION_FAILED action during OTP submission and add custom information there.

Thank you very much in advance,

George