在(成功的)身份验证循环中进行CAS限制

时间:2018-12-18 01:39:02

标签: cas

我们最近有一个配置错误的应用程序,导致CAS中的重定向循环。在很短的时间内,该单个应用程序为单个用户/ ip授予了大量服务票证。

CAS日志摘要,删除了敏感信息:

2018-11-20 07:54:30,867 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-(UNIQUEID_01)-rmitcas] for service [(PROBLEM_URL)] for user [(USERNAME)]
2018-11-20 07:54:30,902 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-(UNIQUEID_02)-rmitcas] for service [(PROBLEM_URL)] for user [(USERNAME)]
2018-11-20 07:54:30,950 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-(UNIQUEID_03)-rmitcas] for service [(PROBLEM_URL)] for user [(USERNAME)]
2018-11-20 07:54:30,985 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-(UNIQUEID_04)-rmitcas] for service [(PROBLEM_URL)] for user [(USERNAME)]
2018-11-20 07:54:31,018 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-(UNIQUEID_05)-rmitcas] for service [(PROBLEM_URL)] for user [(USERNAME)]
2018-11-20 07:54:31,051 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-(UNIQUEID_06)-rmitcas] for service [(PROBLEM_URL)] for user [(USERNAME)]
2018-11-20 07:54:31,086 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-(UNIQUEID_07)-rmitcas] for service [(PROBLEM_URL)] for user [(USERNAME)]

Localhost访问日志摘要,删除了敏感信息:

(USER_IP) - - [20/Nov/2018:07:54:30 +1100] "GET /rmitcas/login?service=(PROBLEM_URL) HTTP/1.1" 302 -
(USER_IP) - - [20/Nov/2018:07:54:30 +1100] "GET /rmitcas/login?service=(PROBLEM_URL) HTTP/1.1" 302 -
(USER_IP) - - [20/Nov/2018:07:54:30 +1100] "GET /rmitcas/login?service=(PROBLEM_URL) HTTP/1.1" 302 -
(USER_IP) - - [20/Nov/2018:07:54:30 +1100] "GET /rmitcas/login?service=(PROBLEM_URL) HTTP/1.1" 302 -
(USER_IP) - - [20/Nov/2018:07:54:31 +1100] "GET /rmitcas/login?service=(PROBLEM_URL) HTTP/1.1" 302 -
(USER_IP) - - [20/Nov/2018:07:54:31 +1100] "GET /rmitcas/login?service=(PROBLEM_URL) HTTP/1.1" 302 -
(USER_IP) - - [20/Nov/2018:07:54:31 +1100] "GET /rmitcas/login?service=(PROBLEM_URL) HTTP/1.1" 302 -

我找到了在过多的失败登录上限制CAS的引用: https://apereo.atlassian.net/wiki/spaces/CASUM/pages/103261369/Throttling+Login+Attempts

是否有任何方法可以限制向单个用户/ ip /服务组合授予过多服务票证的情况? (我们正在使用CAS 3.5.2。)

0 个答案:

没有答案
相关问题
最新问题