Description of problem: A customer had locked admin@internal accounts and support team was asking what was doing incorrect login to the account. My investigation shows there's no info about src IP for failed logins. 2017-11-10 14:21:10,538+01 TRACE [org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace."ovirt-engin e-extension-aaa-jdbc".authn.internal-authn] (default task-29) [] Invoke Output BEGIN 2017-11-10 14:21:10,538+01 TRACE [org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace."ovirt-engin e-extension-aaa-jdbc".authn.internal-authn] (default task-29) [] {Extkey[name=EXTENSION_INVOKE_MESSAGE;type =class java.lang.String;uuid=EXTENSION_INVOKE_MESSAGE[b7b053de-dc73-4bf7-9d26-b8bdb72f5893];]=credentials i ncorrect, Extkey[name=EXTENSION_INVOKE_RESULT;type=class java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[090 9d91d-8bde-40fb-b6c0-099c772ddd4e];]=0, Extkey[name=AAA_AUTHN_RESULT;type=class java.lang.Integer;uuid=AAA_ AUTHN_RESULT[af9771dc-a0bb-417d-a700-277616aedd85];]=11, Extkey[name=AAA_AUTHN_PRINCIPAL;type=class java.la ng.String;uuid=AAA_AUTHN_PRINCIPAL[bc637d1d-f93f-45e1-bd04-646c6dc38279];]=admin} 2017-11-10 14:21:10,538+01 TRACE [org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace."ovirt-engine-extension-aaa-jdbc".authn.internal-authn] (default task-29) [] Invoke Output END 2017-11-10 14:21:10,538+01 DEBUG [org.ovirt.engine.core.sso.utils.AuthenticationUtils] (default task-29) [] AuthenticationUtils.handleCredentials AUTHENTICATE_CREDENTIALS on authn failed 2017-11-10 14:21:10,538+01 ERROR [org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet] (default task-29) [] Cannot authenticate user 'admin@internal': The username or password is incorrect. 2017-11-10 14:21:10,538+01 DEBUG [org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet] (default task-29) [] Exception: org.ovirt.engine.core.sso.utils.AuthenticationException: The username or password is incorrect. 2017-11-10 14:21:10,540+01 DEBUG [org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet] (default task-29) [] Redirecting to LoginPage please add logging to print IP so it is possible to track a human/tool doing incorrect logging. Version-Release number of selected component (if applicable): ovirt-engine-4.1.7.6-0.1.el7.noarch How reproducible: 100% Steps to Reproduce: 1. login as admin@internal with bad password 2. check logs if there is any log message with src IP for this failed login 3. Actual results: no IP in logs Expected results: failed loging log message should have IP to better investigation Additional info:
We have added source IP and session ID to log when user is succesfully logged in or logged out. So let's add source IP also to unsuccessful logins
Veified with: ovirt-engine-4.2.0-0.0.master.20171119135709.git6d448d3.el7.centos.noarch 2017-11-22 09:37:44,542+02 ERROR [org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet] (default task-23) [] Cannot authenticate user 'admin@internal' connecting from 'xx.xx.xx.xx': The username or password is incorrect.
This bugzilla is included in oVirt 4.2.0 release, published on Dec 20th 2017. Since the problem described in this bug report should be resolved in oVirt 4.2.0 release, published on Dec 20th 2017, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report.