Record an audit log event which captures the userid,
realm, URL, requestor IP address, etc of a failed signon attempt which provided both userid and a password while accessing /repository content.
- a 401 response due to missing credentials MUST NOT be recorded because 401 is normal for non-preemptive auth scenarios typical of build tools
- only record the event, when isNotEmpty(username) && at least one realm authentication attempt was made without using a cached auth failure
- do not record the event if any ONE realm does successfully authenticate the user
- the event is not relevant to permissions ( 403 ), the event is for tracking credentials provided that could not be authenticated against all configured realms
- the userid recorded should be the same one that would have got recorded in the request.log if the request successfully authenticated
- would be helpful to capture in the event if the originating userid part of the credential was a user token or remote auth header value as this would aid tracking down the originator of the bad requests
1. A CI server uses the same credentials for 100s of builds. One build is misconfigured with the wrong password and has invalid credentials, but the same username as every other build job. The LDAP server connected to NXRM receives multiple failed login attempts through CI -> NXRM -> LDAP. LDAP server locks the LDAP account due to failed login attempts breaking 100s of CI jobs. NXRM administrator wants to track down the details of what requests are sending bad credentials.