Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to log all authentication?

MattS
MattS
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 9, 2015

I've had a request to be able to see all authentication attempts for JIRA: date, userid, AD server if appropriate and the result. I suspect there is a log area and level somewhere for this but didn't see it after five minutes in the source. Does anyone have the right string for this kind of information

Answer
Watch
Like Be the first to like this
1904 views

1 answer

2 votes
crf
crf
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 9, 2015

Does the atlassian-jira-security.log file not have what you need?  I'm not sure it says which AD server was used when that is relevant, but it should have everything else.

What goes into that log is controlled by log4j.properties.  The relevant log messages are partially generated by seraph and partly by LoginManagerImpl.

View More Comments
MattS
MattS
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 13, 2015

Thanks, Chris. It does except for the AD info. I poked around the source but didn't see what log name to use to show that AD info anywhere

Like
crf
crf
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 13, 2015

Anything specific to the implementation, like the fact that it's talking to AD, would be logged by embedded crowd rather than JIRA itself. Unfortunately, it looks like they don't log a whole lot of information about that. The only log line I see offhand with enough information to work out what happened is probably this debug line from SpringLDAPConnector: logger.debug("Authenticating user '{}' with DN '{}'", name, user.getDn()); (I assume you would probably be able to work backwards from the DN to the directory that owns it). Turning debug logging on for that class would be an unacceptable amount of log spam.

Like
MattS
MattS
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 14, 2015

Yeah, saw that. I think the easiest though annoying thing to do is to change LoginManagerImpl so that the log message "The user 'mdoar' has PASSED authentication." includes the user.getDirectoryId() info as well. It seems to work in a local test instance. Actually, it seems like that info would be useful in the atlassian-jira-security.log file anyway

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events