Would it be possible to have the audit log entry for a /auth where a challenge is required to be displayed differently than a failed auth?
Both the entry where the PIN was correct but a challenge is needed and an incorrect PIN both show up in the Audit Log as a generic “Wrong Credentials”. It would be helpful if the entry contained a flag if the PIN was correct but a challenge was needed.
Is there anything else that I might be able to utilize to get similar information? The goal would be when troubleshooting logon issues to be able to determine if the PIN is incorrect versus the OTP being incorrect.
I achieved results similar to the /validate by adding a couple lines to the error.py class.
class AuthError(privacyIDEAError):
def __init__(self, description, id=ERROR.AUTHENTICATE, details=None):
self.details = details
if details is not None and details.get('message') is not None:
description = details.get('message')
privacyIDEAError.__init__(self, description=description, id=id)