Adaptative Authentication rule triggered several times
Concerned version
Version: %2.0.10
Platform: Nginx
Summary
We have a single rule checking env address, and if the rule is matched it is triggered several times, resulting in very high auth level. The number of times the rule is triggered changes each time.
Logs
Example:
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Processing setPersistentSessionInfo
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Persistent session found for jnfohr
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Restore persistent parameter _loginHistory
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Restore persistent parameter _updateTime
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Processing setLocalGroups
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Processing store
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Launching ::Plugins::AdaptativeAuthenticationLevel::adaptAuthenticationLevel instead of store
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Check adaptative authentication rules for jnfohr
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Current authentication level for jnfohr is 2
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Check adaptativeAuthenticationLevelRules -> ($env->{REMOTE_ADDR} =~ /^10\./ or $env->{REMOTE_ADDR} =~ /^192\.168\.19\./)
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] User jnfohr match rule, apply +2 on authentication level
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Authentication level for jnfohr is now 4
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Authentication level has changed for jnfohr
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Launching ::Plugins::AdaptativeAuthenticationLevel::adaptAuthenticationLevel instead of store
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Check adaptative authentication rules for jnfohr
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Current authentication level for jnfohr is 4
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Check adaptativeAuthenticationLevelRules -> ($env->{REMOTE_ADDR} =~ /^10\./ or $env->{REMOTE_ADDR} =~ /^192\.168\.19\./)
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] User jnfohr match rule, apply +2 on authentication level
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Authentication level for jnfohr is now 6
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Authentication level has changed for jnfohr
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Launching ::Plugins::AdaptativeAuthenticationLevel::adaptAuthenticationLevel instead of store
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Check adaptative authentication rules for jnfohr
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Current authentication level for jnfohr is 6
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Check adaptativeAuthenticationLevelRules -> ($env->{REMOTE_ADDR} =~ /^10\./ or $env->{REMOTE_ADDR} =~ /^192\.168\.19\./)
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] User jnfohr match rule, apply +2 on authentication level
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Authentication level for jnfohr is now 8
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Authentication level has changed for jnfohr
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] store launched inside ::Plugins::AdaptativeAuthenticationLevel::adaptAuthenticationLevel
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Store **** in session key _password
Backends used
AD authentication Redis sessions
Possible fixes
None found yet