I've had a request to be able to see all authentication attempts for JIRA: date, userid, AD server if appropriate and the result. I suspect there is a log area and level somewhere for this but didn't see it after five minutes in the source. Does anyone have the right string for this kind of information
Does the atlassian-jira-security.log file not have what you need? I'm not sure it says which AD server was used when that is relevant, but it should have everything else.
What goes into that log is controlled by log4j.properties. The relevant log messages are partially generated by seraph and partly by LoginManagerImpl.
Thanks, Chris. It does except for the AD info. I poked around the source but didn't see what log name to use to show that AD info anywhere
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Anything specific to the implementation, like the fact that it's talking to AD, would be logged by embedded crowd rather than JIRA itself. Unfortunately, it looks like they don't log a whole lot of information about that. The only log line I see offhand with enough information to work out what happened is probably this debug line from SpringLDAPConnector: logger.debug("Authenticating user '{}' with DN '{}'", name, user.getDn()); (I assume you would probably be able to work backwards from the DN to the directory that owns it). Turning debug logging on for that class would be an unacceptable amount of log spam.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Yeah, saw that. I think the easiest though annoying thing to do is to change LoginManagerImpl so that the log message "The user 'mdoar' has PASSED authentication." includes the user.getDirectoryId() info as well. It seems to work in a local test instance. Actually, it seems like that info would be useful in the atlassian-jira-security.log file anyway
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.