Eventdefinitions

AAuer · January 29, 2021, 11:27am

Hi,
I made an eventdefinition to notify admins if the failcounter of a token is at 8 from max 10.
This is working but there are mails sent, where the condition failcounter=8 is not met.
Def:
{"failcounter":"=8","realm":"myrealm","result_value":"False","tokenrealm":"myrealm"}

Sometimes there where notifications for users who tried to authenticate and had no token.

I tried to set the “user_token_number” to >1 and the authentication stopped working.
I think the error-handling could be improved…

cornelinux · January 29, 2021, 7:39pm

There is no error, so nothing to handle here.

If the user has not token, actually the failcounter check is not processed. So yes, this condition could computer to true.

Besides that, your information is very sparse.

AAuer · February 1, 2021, 12:50pm

I tested more:
Login without Token is not permitted in the authentication-policy

if there is no token for the user → there is no failcounter → event (=notification) is fired. I think, this is a strange behaviour…
It would be nice, if the user_token_number would accept operators like < and > so events could be like “notify if a user has more than 0 tokens”
if there is more than 1 token and PIN/password is not correct → event is fired even if the failcounter of every token was 0. After that, the failcounter of every token is increased by 1 (which is ok), but summed up not equal to the condition in the definition(=8). So I think there might be a little bug in the eventcomputing…

I hope you understand the problem