Hello,
I am experiencing the same issue in CAS 6.5.2. , the throttle failure
module triggers at the first login attempt even if I submit a good user
login/password. It was working fine in CAS 6.4.6.1.
I am only using the cas-server-support-throttle, and if I comment the
following failure-throttle configuration, authentication works again
#cas.authn.throttle.failure.threshold=1
#cas.authn.throttle.failure.code=AUTHENTICATION_FAILED
#cas.authn.throttle.failure.range-seconds=3
Did you manage to make it work in 6.5.x?
-Frederic
On Fri, Mar 25, 2022 at 10:24 AM qla3fa <qla...@gmail.com> wrote:
> Hi,
>
> I try to upgrade my CAS from v6.4.6.1 to 6.5.1. The configuration who was
> ok with v6.4 don't work in 6.5.1...
>
> I load these modules :
>
> implementation
> "org.apereo.cas:cas-server-support-throttle-bucket4j:${project.'cas.version'}"
> implementation
> "org.apereo.cas:cas-server-support-throttle:${project.'cas.version'}"
> implementation
> "org.apereo.cas:cas-server-support-throttle-jdbc:${project.'cas.version'}"
>
> I load et configure the audit log in jdbc too.
>
> In my cas.properties my conf is:
>
> cas.authn.throttle.jdbc.user=xxxxxxx
> cas.authn.throttle.jdbc.password=xxxxxxxx
> cas.authn.throttle.jdbc.driver-class=com.mysql.cj.jdbc.Driver
> cas.authn.throttle.jdbc.url=xxxxxxxx
> cas.authn.throttle.jdbc.dialect=org.hibernate.dialect.MySQL8Dialect
> cas.authn.throttle.core.username-parameter=username
> cas.authn.throttle.core.app-code=CAS
> cas.authn.throttle.failure.threshold=1
> cas.authn.throttle.failure.code=AUTHENTICATION_FAILED
> cas.authn.throttle.failure.range-seconds=3
> cas.authn.throttle.bucket4j.blocking=true
> cas.authn.throttle.bucket4j.enabled=true
> cas.authn.throttle.bucket4j.bandwidth[0].duration=PT60S
> cas.authn.throttle.bucket4j.bandwidth[0].capacity=50
>
> Authentication always fail with message :
>
> More than [0.3333333333333333] failed login attempts within [3] seconds.
> Authentication attempt exceeds the failure threshold [1]
>
> I Try with different values in treshold and range-seconds but the issue is
> same...
>
> In database for an authentication I had only two rows :
>
> MariaDB [DEVCAS]> select * from COM_AUDIT_TRAIL\G;
> *************************** 1. row *************************** id: 1
> AUD_ACTION: AUTHENTICATION_EVENT_TRIGGERED APPLIC_CD: CAS AUD_CLIENT_IP:
> xxxxxxxxxxxx AUD_DATE: 2022-03-24 16:03:34.000000 AUD_RESOURCE:
> {source=RankedMultifactorAuthenticationProviderWebflowEventResolver,
> event=success, timestamp=Thu Ma AUD_SERVER_IP: xxxxxxxxxxxxxxxxxxx
> AUD_USER: audit:unknown AUD_USERAGENT: Mozilla/5.0 (Macintosh; Intel Mac OS
> X 10.15; rv:98.0) Gecko/20100101 Firefox/98.0 ***************************
> 2. row *************************** id: 2 AUD_ACTION:
> THROTTLED_LOGIN_ATTEMPT APPLIC_CD: CAS AUD_CLIENT_IP: xxxxxxxxxxx AUD_DATE:
> 2022-03-24 16:03:44.000000 AUD_RESOURCE: N/A AUD_SERVER_IP: xxxxxxxxxxxx
> AUD_USER: xxxxxxx AUD_USERAGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10.15; rv:98.0) Gecko/20100101 Firefox/98.0 2 rows in set (0.001 sec)
>
> If I unload modules
> "org.apereo.cas:cas-server-support-throttle:${project.'cas.version'}" and
> "org.apereo.cas:cas-server-support-throttle-jdbc:${project.'cas.version'}"
> the authnetication work properly.
>
> Is there un bug with throttling and v6.5.1 ? Or I miss something ?
>
> Best regards.
>
> Quentin.
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/8119db25-4120-5fd3-dceb-4286306826a8%40gmail.com
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/8119db25-4120-5fd3-dceb-4286306826a8%40gmail.com?utm_medium=email&utm_source=footer>
> .
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALRGK0qspbjpOn0jbP6tjL0Y%3Dhu8%2BJ7VYj4hyihAViPPHLcH6A%40mail.gmail.com.
