search

wso2 / product-is

Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
743 stars 723 forks source link

User unavailable in the Authentication SMS Failure flow (2FA) in analytics event published #20561

Open Tiffany-silva opened 3 months ago

Tiffany-silva commented 3 months ago

Describe the issue: SMS OTP failure flow does not include the user in the Authentication flow [1]. As a result, the username is not included in the analytics event published[2] [3].

[1] https://github.com/wso2-extensions/identity-outbound-auth-sms-otp/blob/2.0.x/component/authenticator/src/main/java/org/wso2/carbon/identity/authenticator/smsotp/SMSOTPAuthenticator.java#L798

[2] https://github.com/wso2/carbon-identity-framework/blob/v5.14.147/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/AbstractApplicationAuthenticator.java#L159C20-L159C52

How to reproduce:

  1. Configure SMS OTP Authenticator [3].
  2. Enable Analytics [4].
  3. Configure SMS OTP Authenticator as a second factor.
  4. Register a user and attempt a login with invalid code for 2FA.
  5. Observe the published analytics event.

[3] https://is.docs.wso2.com/en/5.9.0/learn/configuring-sms-otp/#enable-smsotp [4] https://is.docs.wso2.com/en/5.9.0/learn/configuring-identity-analytics/#enable-analytics

Expected behavior: The username should be included in the published event in the SMS Failure flow.

Environment information (Please complete the following information; remove any unnecessary fields) :

Optional Fields

Related issues: https://github.com/wso2/product-is/issues/20434