Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Log all cause exception when authc fails #111534

Merged
merged 2 commits into from
Aug 8, 2024
Merged

Log all cause exception when authc fails #111534

merged 2 commits into from
Aug 8, 2024

Conversation

tvernum
Copy link
Contributor

@tvernum tvernum commented Aug 2, 2024

In RealmsAuthenticator, if a realm fails to authenticate the token, log the whole chain of exception causes.

@tvernum
Log all cause exception when authc fails
64b22b4 
In RealmsAuthenticator, if a realm fails to authenticate the token,
log the whole chain of exception causes.
@tvernum tvernum added >non-issue :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) labels Aug 2, 2024
@tvernum tvernum requested a review from n1v0lg August 2, 2024 08:16
@elasticsearchmachine elasticsearchmachine added the Team:Security Meta label for security team label Aug 2, 2024
@elasticsearchmachine
Copy link
Collaborator

Pinging @elastic/es-security (Team:Security)

@tvernum
Copy link
Contributor Author

tvernum commented Aug 2, 2024
edited
Loading

I ran into this while trying to diagnose

The log there says

[2024-07-23T13:27:17,226][WARN ][o.e.x.s.a.RealmsAuthenticator] [test-cluster-0] Authentication to realm c2id-implicit failed - Failed to authenticate user with OpenID Connect (Caused by org.elasticsearch.ElasticsearchSecurityException: Failed to get claims from the Userinfo Endpoint.)

But it loses the root cause which is captured here

but not logged.

n1v0lg
n1v0lg approved these changes Aug 8, 2024
View reviewed changes
Copy link
Contributor

@n1v0lg n1v0lg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM -- apologies I missed the notification.

@tvernum
Copy link
Contributor Author

tvernum commented Aug 8, 2024

@elasticmachine update branch

@tvernum tvernum added the auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) label Aug 8, 2024
@elasticsearchmachine elasticsearchmachine merged commit f02be07 into elastic:main Aug 8, 2024
20 checks passed
@tvernum tvernum deleted the RealmsAuthenticator-log-all-causes branch August 8, 2024 12:25
cbuescher pushed a commit to cbuescher/elasticsearch that referenced this pull request Sep 4, 2024
@tvernum @cbuescher
Log all cause exception when authc fails (elastic#111534)
fffd57b 
In RealmsAuthenticator, if a realm fails to authenticate the token, log
the whole chain of exception causes.
davidkyle pushed a commit to davidkyle/elasticsearch that referenced this pull request Sep 5, 2024
@tvernum @davidkyle
Log all cause exception when authc fails (elastic#111534)
da24517 
In RealmsAuthenticator, if a realm fails to authenticate the token, log
the whole chain of exception causes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@n1v0lg n1v0lg n1v0lg approved these changes

Assignees
No one assigned
Labels
auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) >non-issue :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) Team:Security Meta label for security team v8.16.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@tvernum @elasticsearchmachine @n1v0lg @elasticmachine