Throttling not blocking [CAS 6.0.0]

[Baso Dupond]

Hi,

I have implemented CAS 6.0.0 with succes so far.

I have difficulties with 'Throttling Authentication Attempts'

After doing connexion attempts with a wrong password, I am happy to see the page "Too many attempts ...."
However I am NOT blocked. I can immediatly perform a succesfull connexion with the correct password with the same browser on a new page.

##  extract of cas.properties ##
cas.authn.throttle.usernameParameter=
cas.authn.throttle.schedule.startDelay=PT10S
cas.authn.throttle.schedule.repeatInterval=PT120S
cas.authn.throttle.appCode=CAS
cas.authn.throttle.failure.threshold=30
cas.authn.throttle.failure.code=AUTHENTICATION_FAILED
cas.authn.throttle.failure.rangeSeconds=60

cas.authn.throttle.bucket4j.rangeInSeconds=60
cas.authn.throttle.bucket4j.capacity=120
cas.authn.throttle.bucket4j.blocking=true
cas.authn.throttle.bucket4j.overdraft=0


## Logs ####
2019-04-05 18:33:28,139 ERROR [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication has failed. Credentials may be incorrect or CAS cannot find authentication handler that supports [UsernamePasswordCredential(username=XXXXXXX, source=null)] of type [UsernamePasswordCredential]. Examine the configuration to ensure a method of authentication is defined and analyze CAS logs at DEBUG level to trace the authentication event.>
2019-04-05 18:33:28,141 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: XXXXXXXXX
WHAT: Supplied credentials: [UsernamePasswordCredential(username=XXXXXXXXXXX, source=null)]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Fri Apr 05 18:33:28 CEST 2019
CLIENT IP ADDRESS: 92.170.234.118
SERVER IP ADDRESS: 127.0.0.1
=============================================================

>
2019-04-05 18:33:30,072 WARN [org.apereo.cas.web.support.AbstractThrottledSubmissionHandlerInterceptorAdapter] - <Throttling submission from [92.170.234.118]. More than [30] failed login attempts within [60] seconds. Authentication attempt exceeds the failure threshold [30]>
2019-04-05 18:33:38,814 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: [event=success,timestamp=Fri Apr 05 18:33:38 CEST 2019,source=RankedMultifactorAuthenticationProviderWebflowEventResolver]
ACTION: AUTHENTICATION_EVENT_TRIGGERED
APPLICATION: CAS
WHEN: Fri Apr 05 18:33:38 CEST 2019
CLIENT IP ADDRESS: 92.170.234.118
SERVER IP ADDRESS: 127.0.0.1
=============================================================

  ==> Do you have ant suggestion how to have my IP (here 92.170.234.118) blocked ?

Thks,

Rgds

[Ray Bon]

Baso,

AUTHENTICATION_EVENT_TRIGGERED happens any time cas/login is accessed.

What happens when you try to log in?

Ray

[Baso Dupond]

Ray,

Scenario I have done :

1/ After serveral attempts with a wrong password, I obtain the page "Too many attempts ...." 

2/ Then I open a new window https://xxxxx/cas/login (I am NOT blocked) and make another attemps with a wrong password.

3/ Once again after several attemps I obtain the page "Too many attempts ...." 

4/ Then I open a new window https://xxxxx/cas/login (I am NOT blocked) and make another attemps with a correct password.

5/ I am granted access

Here below the trace

2019-04-06 04:12:22,939 ERROR [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication has failed. Credentials may be incorrect or CAS cannot find authentication handler that supports [UsernamePasswordCredential(username=basile.test@XXXXXXXX, source=null)] of type [UsernamePasswordCredential]. Examine the configuration to ensure a method of authentication is defined and analyze CAS logs at DEBUG level to trace the authentication event.>

2019-04-06 04:12:22,940 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN

=============================================================

WHO: basile.test@XXXXXXXX

WHAT: Supplied credentials: [UsernamePasswordCredential(username=basile.test@XXXXXXXX, source=null)]

ACTION: AUTHENTICATION_FAILED

APPLICATION: CAS

WHEN: Sat Apr 06 04:12:22 CEST 2019

CLIENT IP ADDRESS: 92.170.234.118

SERVER IP ADDRESS: 127.0.0.1

=============================================================

>

2019-04-06 04:12:24,543 WARN [org.apereo.cas.web.support.AbstractThrottledSubmissionHandlerInterceptorAdapter] - <Throttling submission from [92.170.234.118]. More than [30] failed login attempts within [60] seconds. Authentication attempt exceeds the failure threshold [30]>

2019-04-06 04:12:32,020 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN

=============================================================

WHO: audit:unknown

WHAT: [event=success,timestamp=Sat Apr 06 04:12:32 CEST 2019,source=RankedMultifactorAuthenticationProviderWebflowEventResolver]

ACTION: AUTHENTICATION_EVENT_TRIGGERED

APPLICATION: CAS

WHEN: Sat Apr 06 04:12:32 CEST 2019

CLIENT IP ADDRESS: 92.170.234.118

SERVER IP ADDRESS: 127.0.0.1

=============================================================

>

2019-04-06 04:12:36,231 WARN [org.ldaptive.AbstractOperation$ReopenOperationExceptionHandler] - <Operation exception encountered, reopening connection>

2019-04-06 04:12:36,642 ERROR [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication has failed. Credentials may be incorrect or CAS cannot find authentication handler that supports [UsernamePasswordCredential(username=basile.test@XXXXXXXX, source=null)] of type [UsernamePasswordCredential]. Examine the configuration to ensure a method of authentication is defined and analyze CAS logs at DEBUG level to trace the authentication event.>

2019-04-06 04:12:36,643 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN

=============================================================

WHO: basile.test@XXXXXXXX

WHAT: Supplied credentials: [UsernamePasswordCredential(username=basile.test@XXXXXXXX, source=null)]

ACTION: AUTHENTICATION_FAILED

APPLICATION: CAS

WHEN: Sat Apr 06 04:12:36 CEST 2019

CLIENT IP ADDRESS: 92.170.234.118

SERVER IP ADDRESS: 127.0.0.1

=============================================================

>

2019-04-06 04:12:38,827 WARN [org.ldaptive.AbstractOperation$ReopenOperationExceptionHandler] - <Operation exception encountered, reopening connection>

2019-04-06 04:12:39,293 ERROR [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication has failed. Credentials may be incorrect or CAS cannot find authentication handler that supports [UsernamePasswordCredential(username=basile.test@XXXXXXXX, source=null)] of type [UsernamePasswordCredential]. Examine the configuration to ensure a method of authentication is defined and analyze CAS logs at DEBUG level to trace the authentication event.>

2019-04-06 04:12:39,294 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN

=============================================================

WHO: basile.test@XXXXXXXX

WHAT: Supplied credentials: [UsernamePasswordCredential(username=basile.test@XXXXXXXX, source=null)]

ACTION: AUTHENTICATION_FAILED

APPLICATION: CAS

WHEN: Sat Apr 06 04:12:39 CEST 2019

CLIENT IP ADDRESS: 92.170.234.118

SERVER IP ADDRESS: 127.0.0.1

=============================================================

>

2019-04-06 04:12:41,267 WARN [org.apereo.cas.web.support.AbstractThrottledSubmissionHandlerInterceptorAdapter] - <Throttling submission from [92.170.234.118]. More than [30] failed login attempts within [60] seconds. Authentication attempt exceeds the failure threshold [30]>

2019-04-06 04:12:44,896 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN

=============================================================

WHO: audit:unknown

WHAT: [event=success,timestamp=Sat Apr 06 04:12:44 CEST 2019,source=RankedMultifactorAuthenticationProviderWebflowEventResolver]

ACTION: AUTHENTICATION_EVENT_TRIGGERED

APPLICATION: CAS

WHEN: Sat Apr 06 04:12:44 CEST 2019

CLIENT IP ADDRESS: 92.170.234.118

SERVER IP ADDRESS: 127.0.0.1

=============================================================

>

2019-04-06 04:12:50,200 WARN [org.ldaptive.AbstractOperation$ReopenOperationExceptionHandler] - <Operation exception encountered, reopening connection>

2019-04-06 04:12:50,767 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN

=============================================================

WHO: basile.test@XXXXXXXX

WHAT: Supplied credentials: [UsernamePasswordCredential(username=basile.test@XXXXXXXX, source=null)]

ACTION: AUTHENTICATION_SUCCESS

APPLICATION: CAS

WHEN: Sat Apr 06 04:12:50 CEST 2019

CLIENT IP ADDRESS: 92.170.234.118

SERVER IP ADDRESS: 127.0.0.1

=============================================================

>

2019-04-06 04:12:54,763 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN

=============================================================

WHO: basile.test@XXXXXXXX

WHAT: TGT-1-*****QC3w0hi2ieEvps641230

ACTION: TICKET_GRANTING_TICKET_CREATED

APPLICATION: CAS

WHEN: Sat Apr 06 04:12:54 CEST 2019

CLIENT IP ADDRESS: 92.170.234.118

SERVER IP ADDRESS: 127.0.0.1

=============================================================

 ==> Do you have ant suggestion how to have my IP (here 92.170.234.118) blocked ?

Thks,

Rgds

[Baso Dupond]

Hi,

As a workound, I have implemented google reCaptcha

Thanks for the help,

Rgds