Enhance logging when configured realms are not available in current license #45728
Labels
>enhancement
:Security/Authentication
Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc)
Team:Security
Meta label for security team
We generally handle this case well and print relevant logs in
AuthenticationService#consumeUser
:There are however cases when the
AuthenticationToken
extraction fails and we end up with a null token for the configured realms, in which cases we don't enter inconsumeUser
and never log this information.An example of this is when only the PKI realm is configured on a license that doesn't allow it ( i.e. Basic ) where we won't print anything in the logs, making it harder for users to troubleshoot the authentication error they get.
I believe that the case with PKI is unique, as SAML and OIDC have relevant logging on the REST layer, but we should verify that adequate information is logged in all cases.
The text was updated successfully, but these errors were encountered: