SSO doesn't add audit logs when auto-suspending accounts
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Canonical SSO provider |
Triaged
|
Medium
|
Unassigned | ||
Bug Description
I discovered today that SSO will sometimes mark an account as "Suspended (by admin)" when a user has too many failed 2F attempts. This makes it appear as if someone manually changed the status, which happens only when a user did something pretty bad.
So, I went to look up who suspended an account in order to find out why (and if they could be re-enabled), and there were no entries in the audit logs about it.
Could we change this so that SSO either sets the status to a different type of suspension (perhaps a new "Suspended (by too many login failures)", or adds appropriate entries to the audit log?
In this case, there was a relevant server log entry, but that probably shouldn't be relied on. "2014-10-08 05:39:33,369 WARNING webui.views.ui Suspending account u'(omitted)', (omitted) due to too many twofactor failures"
| tags: | added: canonical-losa-isd |
| Martin Albisetti (beuno) wrote | #1 |
| Changed in canonical-identity-provider: | |
| status: | Confirmed → Triaged |
| importance: | Undecided → Medium |
| Changed in canonical-identity-provider: | |
| status: | Triaged → Incomplete |
| Changed in canonical-identity-provider: | |
| status: | Incomplete → Triaged |
I'd suggest marking it as auto-suspended, rather than by "admin".