Reviewed: https://review.openstack.org/613455 Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=a02a47a65f2be3d80d8e05685d6001c91aaeef25 Submitter: Zuul Branch: master
commit a02a47a65f2be3d80d8e05685d6001c91aaeef25 Author: Morgan Fainberg <morgan.fainb...@gmail.com> Date: Thu Oct 25 17:41:13 2018 -0700 Emit CADF notifications on authentication for invalid users Emit CADF notifications on authentication when the user_name or the user_id is invalid (UserNotFound raised). This closes a minor security gap in notifications. Change-Id: If8b49b5dc49a4b0670fb81a493f50c77df7b4362 closes-bug: #1537963 ** Changed in: keystone Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1537963 Title: notification not generated for authentication failure with invalid user name Status in OpenStack Identity (keystone): Fix Released Bug description: Enable event notification in log mode: [DEFAULT] notification_format = cadf notification_driver = log Test by "Create a token" $ openstack token issue 1.[OK] Correct user name and password: an event notification was created with "event_type": "identity.authenticate" "outcome": "success" 2. [OK] Correct user name but invalid password: an event notification was also created with "event_type": "identity.authenticate" "outcome": "failure" 3. [BUG] Invalid user name: NO event notification was created. This may cause a security issue. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1537963/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp