Feature request: include remote IP address in success and failed authentication attempts

[ssivy]

We are using dex as part of our Open OnDemand installation. I would like to used fail2ban to monitor for excessive failed login attempts and block the IP address they are originating from. Currently dex outputs failed authentications like this...

Aug 2 15:30:20 hpc-ondemand-dev ondemand-dex: time=“2021-08-02T19:30:20Z” level=error msg=“ldap: invalid password for user “uid=hpcguest,ou=People,dc=example,dc=com””

It does not include the remote IP address of the client trying to authenticate. I think it would be helpful not only for fail2ban but other log aggregation and analysis tools like Splunk, etc.

[nabokihms]

As for now, we do not have the feature to show remote IP addresses. There is an issue about it here #1788.

In my opinion, it is good to add optional support for showing client addresses in logs, but it would be better to write a design doc first to start with.