diff --git a/src/main/java/com/amazon/dlic/auth/http/saml/HTTPSamlAuthenticator.java b/src/main/java/com/amazon/dlic/auth/http/saml/HTTPSamlAuthenticator.java index ae3d1c9128..20e0b25b5c 100644 --- a/src/main/java/com/amazon/dlic/auth/http/saml/HTTPSamlAuthenticator.java +++ b/src/main/java/com/amazon/dlic/auth/http/saml/HTTPSamlAuthenticator.java @@ -88,6 +88,7 @@ public class HTTPSamlAuthenticator implements HTTPAuthenticator, Destroyable { private static final Pattern PATTERN_PATH_PREFIX = Pattern.compile(REGEX_PATH_PREFIX); private static boolean openSamlInitialized = false; + public static final String SAML_TYPE = "saml"; private String subjectKey; private String rolesKey; @@ -175,7 +176,7 @@ public AuthCredentials extractCredentials(final SecurityRequest request, final T @Override public String getType() { - return "saml"; + return SAML_TYPE; } @Override diff --git a/src/main/java/org/opensearch/security/auth/BackendRegistry.java b/src/main/java/org/opensearch/security/auth/BackendRegistry.java index 0e39acf59e..032d48a9c4 100644 --- a/src/main/java/org/opensearch/security/auth/BackendRegistry.java +++ b/src/main/java/org/opensearch/security/auth/BackendRegistry.java @@ -75,6 +75,7 @@ import static org.apache.http.HttpStatus.SC_FORBIDDEN; import static org.apache.http.HttpStatus.SC_SERVICE_UNAVAILABLE; import static org.apache.http.HttpStatus.SC_UNAUTHORIZED; +import static com.amazon.dlic.auth.http.saml.HTTPSamlAuthenticator.SAML_TYPE; public class BackendRegistry { @@ -303,7 +304,9 @@ public boolean authenticate(final SecurityRequestChannel request) { if (authDomain.isChallenge()) { final Optional restResponse = httpAuthenticator.reRequestAuthentication(request, null); if (restResponse.isPresent()) { - auditLog.logFailedLogin("", false, null, request); + if (!authDomain.getHttpAuthenticator().getType().equals(SAML_TYPE)) { + auditLog.logFailedLogin("", false, null, request); + } if (isTraceEnabled) { log.trace("No 'Authorization' header, send 401 and 'WWW-Authenticate Basic'"); }