-
Notifications
You must be signed in to change notification settings - Fork 846
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
wrong password attempt via webui is not logged #5525
Comments
@pivotal-jamie-klassen Can you help ? |
It's nice to log wrong password attempts, but it's never a feature that concourse has advertised - in fact the only reason you see a log for All this to say, I don't think I would consider this a bug - the fact is that dex itself doesn't even log wrong password attempts: However, I think logging wrong password attempts would be a nice feature. But it might not be feasible. In fact, dexidp/dex#1671 suggests that username/password logins are generally not production-ready. They might accept a PR adding the kind of logging you're requesting, but they might also not want to take on the maintenance burden of "production-ready username/password logins" - which is a bit of an oxymoron 😆. Also if you wanted to submit a PR to concourse which implemented this feature without touching the dex codebase, I'm sure we'd consider it, but I can imagine the implementation being pretty tricky. Now that I've said all that - why do you want this logging? I could imagine it being some security policy in your company, but if you've got a security mandate you probably shouldn't have local users at all. If you need local users it's probably because you're doing some exotic automation, and that takes us back to #3208 which is a whole can of worms! |
Hello @jamieklassen, This issue is still valid for us, for Bosh deployment as well. I will try to provide more info: Setup:
Use case:
Here is the:
Questions: Discussions in this context: |
Hi @g-fusion I'm no longer a maintainer of Concourse; best of luck with your automation! |
Hey people, based on Jamie's initial analysis it sounds like before anything happens in Concourse a PR would need to be made to dex to support logging failed login attempts. 90% of the code Concourse has for login/auth is setting up the dex server and configured auth providers. Everything else is handed off to dex. Overall, it sounds like this needs to be a feature request to dex. |
Hello @taylorsilva, @jamieklassen. There was a PR towards dex upstream, which was merged in v2.39.0. Since Concourse is using a forк, can I ask if this can be adopted in a new Concourse release as well? As I can see the latest dex in the forked repo is v2.37.0. Thanks for the information! Edit: I validated the change successfully following this documentation |
Guess someone needs to update our fork then: https://github.com/concourse/dex |
Hello Colleagues,
Moving the issue from concourse-chart to here.
I get the log entry if I do failed login via fly commands but Not via concourse web ui.
This seems to be an issue.
More details.
concourse/concourse-chart#65
BRs, gowrisankar
The text was updated successfully, but these errors were encountered: