Hi,
Good news ! :-)
Thanks a lot. We will wait this fix.
Best regards.
Quentin.
Le 06/05/2022 à 16:03, Jérôme LELEU a écrit :
Hi,
There is a bug with the bucket4j throttling.
I submitted a fix: https://github.com/apereo/cas/pull/5458
I will be available in the next release 6.5.4 (and 6.6.0).
Thanks.
Best regards,
Jérôme
Le ven. 6 mai 2022 à 15:55, qla3fa <qla...@gmail.com> a écrit :
Hi,
No it still doesn't work in my 6.5.2 install.
Like you, with 6.4.6.1 it work correctly. And in my 6.5.2
install, I comment these 3 cas.authn.throttle.xxx directive too...
Quentin.
Le 05/04/2022 à 18:47, Frédéric Lohier a écrit :
Hello,
I am experiencing the same issue in CAS 6.5.2. , the throttle
failure module triggers at the first login attempt even if I
submit a good user login/password. It was working fine in CAS
6.4.6.1.
I am only using the cas-server-support-throttle, and if I comment
the following failure-throttle configuration, authentication
works again
#cas.authn.throttle.failure.threshold=1
#cas.authn.throttle.failure.code=AUTHENTICATION_FAILED
#cas.authn.throttle.failure.range-seconds=3
Did you manage to make it work in 6.5.x?
-Frederic
On Fri, Mar 25, 2022 at 10:24 AM qla3fa <qla...@gmail.com> wrote:
Hi,
I try to upgrade my CAS from v6.4.6.1 to 6.5.1. The
configuration who was ok with v6.4 don't work in 6.5.1...
I load these modules :
implementation
"org.apereo.cas:cas-server-support-throttle-bucket4j:${project.'cas.version'}"
implementation
"org.apereo.cas:cas-server-support-throttle:${project.'cas.version'}"
implementation
"org.apereo.cas:cas-server-support-throttle-jdbc:${project.'cas.version'}"
I load et configure the audit log in jdbc too.
In my cas.properties my conf is:
cas.authn.throttle.jdbc.user=xxxxxxx
cas.authn.throttle.jdbc.password=xxxxxxxx
cas.authn.throttle.jdbc.driver-class=com.mysql.cj.jdbc.Driver
cas.authn.throttle.jdbc.url=xxxxxxxx
cas.authn.throttle.jdbc.dialect=org.hibernate.dialect.MySQL8Dialect
cas.authn.throttle.core.username-parameter=username
cas.authn.throttle.core.app-code=CAS
cas.authn.throttle.failure.threshold=1
cas.authn.throttle.failure.code=AUTHENTICATION_FAILED
cas.authn.throttle.failure.range-seconds=3
cas.authn.throttle.bucket4j.blocking=true
cas.authn.throttle.bucket4j.enabled=true
cas.authn.throttle.bucket4j.bandwidth[0].duration=PT60S
cas.authn.throttle.bucket4j.bandwidth[0].capacity=50
Authentication always fail with message :
More than [0.3333333333333333] failed login attempts within
[3] seconds. Authentication attempt exceeds the failure
threshold [1]
I Try with different values in treshold and range-seconds but
the issue is same...
In database for an authentication I had only two rows :
MariaDB [DEVCAS]> select * from COM_AUDIT_TRAIL\G;
*************************** 1. row
*************************** id: 1 AUD_ACTION:
AUTHENTICATION_EVENT_TRIGGERED APPLIC_CD: CAS AUD_CLIENT_IP:
xxxxxxxxxxxx AUD_DATE: 2022-03-24 16:03:34.000000
AUD_RESOURCE:
{source=RankedMultifactorAuthenticationProviderWebflowEventResolver,
event=success, timestamp=Thu Ma AUD_SERVER_IP:
xxxxxxxxxxxxxxxxxxx AUD_USER: audit:unknown AUD_USERAGENT:
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:98.0)
Gecko/20100101 Firefox/98.0 *************************** 2.
row *************************** id: 2 AUD_ACTION:
THROTTLED_LOGIN_ATTEMPT APPLIC_CD: CAS AUD_CLIENT_IP:
xxxxxxxxxxx AUD_DATE: 2022-03-24 16:03:44.000000
AUD_RESOURCE: N/A AUD_SERVER_IP: xxxxxxxxxxxx AUD_USER:
xxxxxxx AUD_USERAGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X
10.15; rv:98.0) Gecko/20100101 Firefox/98.0 2 rows in set
(0.001 sec)
If I unload modules
"org.apereo.cas:cas-server-support-throttle:${project.'cas.version'}"
and
"org.apereo.cas:cas-server-support-throttle-jdbc:${project.'cas.version'}"
the authnetication work properly.
Is there un bug with throttling and v6.5.1 ? Or I miss
something ?
Best regards.
Quentin.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the
Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from
it, send an email to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8119db25-4120-5fd3-dceb-4286306826a8%40gmail.com
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/8119db25-4120-5fd3-dceb-4286306826a8%40gmail.com?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the
Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALRGK0qspbjpOn0jbP6tjL0Y%3Dhu8%2BJ7VYj4hyihAViPPHLcH6A%40mail.gmail.com
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALRGK0qspbjpOn0jbP6tjL0Y%3Dhu8%2BJ7VYj4hyihAViPPHLcH6A%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8b727949-b685-a84c-721e-96b521c97ff5%40gmail.com
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/8b727949-b685-a84c-721e-96b521c97ff5%40gmail.com?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279Lyvbe4XUVsoAyEEcBYtR7X_cNv09az%2BxOdeB97kDF68gg%40mail.gmail.com
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279Lyvbe4XUVsoAyEEcBYtR7X_cNv09az%2BxOdeB97kDF68gg%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/adf72fbc-fd4a-4664-6e03-ada438218b5c%40gmail.com.
