View Login Attempts

[Grunticus03]

Is there a way to configure the provider to log login attempts somewhere. I'd like to be able to see success/fail login attempts and the reason for the failure.

I'm currently running Server 2012 R2 with ADFS Auditing enabled and ADFSProvider 1.3.4.0, but in my testing, if I incorrectly enter my PIN+OTP combination after successfully authenticating with my username/password, I don't see a log of it anywhere. No entries in PrivacyIDEA Audit logs(3.2), no entries in PrivacyIDEA server logs (/var/log/privacyidea), and no entries in Windows Event Logs anywhere.

[sbidy]

The provider normally doesn't log any action regarding the login flow. Normally the privacyIDEA log should show a "login fails" or "wrong token". But please have a look I to the docs.

I onyl log failure regarding the provider itself to lower the log overhead and for security reasons.

[Grunticus03]

I asked about logging config over on the privacyIDEA forums and got a similar response, at least if I am understanding what @cornelinux said. It seems PrivacyIDEA doesn't necessarily log those events. Which, again if I'm understanding correctly, PrivacyIDEA-ADFS authentication attempts are flying under the radar.

What security concerns do you have about logging the request and result? If you enable ADFS Auditing, ADFS generates a massive amount of information regarding authentication attempts and their result. In fact, in regards to authentications that use PrivacyIDEA, log entries show ADFS passing the authentication off to an external authenticator.

[cornelinux]

@wwalker0307 if the plugins sends a correctly formatted authentication request to privacyIDEA, privacyIDEA will log this request in the audit log and in the log file.