Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remote IP is not set correctly in Github user.login events #53364

Open
webvictim opened this issue Mar 24, 2025 · 0 comments
Open

Remote IP is not set correctly in Github user.login events #53364

webvictim opened this issue Mar 24, 2025 · 0 comments
Labels
audit-log Issues related to Teleports Audit Log bug sso Used for single sign on related tasks. ux

Comments

@webvictim
Copy link
Contributor

Expected behavior

Logging in with Github should correctly populate the addr.remote value with the user's external IP as seen by Teleport. This works correctly for OIDC, SAML and local user logins.

Current behavior

Any logins with a Github connector always seem to have the IP shown as 127.0.0.1.

In addition, the Github user.login event for contains a port number in addr.remote, whereas this is not present for OIDC or SAML login events. It is present for local login events, however, which is a further inconsistency.

Logs

OIDC:

{
  "addr.remote": "1.2.3.4",
  "applied_login_rules": [
    "lowercase-all-groups"
  ],
  "attributes": {
    "amr": [
      "pwd"
    ],
    "at_hash": "k6-L4w11k812G3LvC_w1-g",
    "aud": "0oa5sbq2rzk1nVq7z1d7",
    "auth_time": 1742841803,
    "email": "[email protected]",
    "email_verified": true,
    "exp": 1742845404,
    "groups": [
...

SAML:

{
  "addr.remote": "1.2.3.4",
  "applied_login_rules": [
    "lowercase-all-groups"
  ],
  "attributes": {
    "firstname": [
      "Gus"
    ],
    "groups": [
...

Github:

{
  "addr.remote": "127.0.0.1:36742",
  "attributes": {
    "test-org": [
      "admins"
    ]
  },
  "cluster_name": "teleport.example.com",
  "code": "T1001I",
  "ei": 0,
  "event": "user.login",
  "method": "github",
  "success": true,
  "time": "2025-03-24T18:42:38.462Z",
  "uid": "c3e933a0-0804-41de-8505-8a5209f040aa",
  "user": "webvictim"
}

Local:

{
  "addr.remote": "1.2.3.4:56397",
  "cluster_name": "purple",
  "code": "T1000I",
  "ei": 0,
  "event": "user.login",
  "method": "local",
  "mfa_device": {
    "mfa_device_name": "icloud-keychain",
    "mfa_device_type": "WebAuthn",
    "mfa_device_uuid": "cce8d9ca-e486-471b-8cb7-aeef300b7a85"
  },
  "required_private_key_policy": "none",
  "success": true,
  "time": "2025-03-24T19:11:51.111Z",
  "uid": "67b791a0-d5c3-44a4-aadd-43195e0a5610",
  "user": "gus-tpm",
  "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36"
}

Bug details:

  • Teleport version: 17.3.4
@webvictim webvictim added bug ux sso Used for single sign on related tasks. audit-log Issues related to Teleports Audit Log labels Mar 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
audit-log Issues related to Teleports Audit Log bug sso Used for single sign on related tasks. ux
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@webvictim