Skip to content

Commit

Permalink
[Backport 2.x] Remove failed login attempt for saml authenticator (#4770
Browse files Browse the repository at this point in the history
)

Signed-off-by: Derek Ho <dxho@amazon.com>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
  • Loading branch information
1 parent 777fb59 commit 3d7d716
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,7 @@ public class HTTPSamlAuthenticator implements HTTPAuthenticator, Destroyable {
private static final Pattern PATTERN_PATH_PREFIX = Pattern.compile(REGEX_PATH_PREFIX);

private static boolean openSamlInitialized = false;
public static final String SAML_TYPE = "saml";

private String subjectKey;
private String rolesKey;
Expand Down Expand Up @@ -175,7 +176,7 @@ public AuthCredentials extractCredentials(final SecurityRequest request, final T

@Override
public String getType() {
return "saml";
return SAML_TYPE;
}

@Override
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,7 @@
import static org.apache.http.HttpStatus.SC_FORBIDDEN;
import static org.apache.http.HttpStatus.SC_SERVICE_UNAVAILABLE;
import static org.apache.http.HttpStatus.SC_UNAUTHORIZED;
import static com.amazon.dlic.auth.http.saml.HTTPSamlAuthenticator.SAML_TYPE;

public class BackendRegistry {

Expand Down Expand Up @@ -303,7 +304,10 @@ public boolean authenticate(final SecurityRequestChannel request) {
if (authDomain.isChallenge()) {
final Optional<SecurityResponse> restResponse = httpAuthenticator.reRequestAuthentication(request, null);
if (restResponse.isPresent()) {
auditLog.logFailedLogin("<NONE>", false, null, request);
// saml will always hit this to re-request authentication
if (!authDomain.getHttpAuthenticator().getType().equals(SAML_TYPE)) {
auditLog.logFailedLogin("<NONE>", false, null, request);
}
if (isTraceEnabled) {
log.trace("No 'Authorization' header, send 401 and 'WWW-Authenticate Basic'");
}
Expand Down

0 comments on commit 3d7d716

Please sign in to comment.