diff --git a/apps/authentication/api/login_confirm.py b/apps/authentication/api/login_confirm.py
index 22594b88e..71613348c 100644
--- a/apps/authentication/api/login_confirm.py
+++ b/apps/authentication/api/login_confirm.py
@@ -17,8 +17,10 @@ class TicketStatusApi(mixins.AuthMixin, APIView):
     def get(self, request, *args, **kwargs):
         try:
             self.check_user_login_confirm()
+            self.request.session['auth_third_party_done'] = 1
             return Response({"msg": "ok"})
         except errors.NeedMoreInfoError as e:
+            self.send_auth_signal(success=False, reason=e.as_data().get('msg'))
             return Response(e.as_data(), status=200)
 
     def delete(self, request, *args, **kwargs):
diff --git a/apps/authentication/middleware.py b/apps/authentication/middleware.py
index 9411b09a6..9a55bdfa2 100644
--- a/apps/authentication/middleware.py
+++ b/apps/authentication/middleware.py
@@ -10,6 +10,7 @@ from django.contrib.auth import logout as auth_logout
 from apps.authentication import mixins
 from common.utils import gen_key_pair
 from common.utils import get_request_ip
+from .signals import post_auth_failed
 
 
 class MFAMiddleware:
@@ -62,8 +63,13 @@ class ThirdPartyLoginMiddleware(mixins.AuthMixin):
             return response
         ip = get_request_ip(request)
         try:
+            self.request = request
             self._check_login_acl(request.user, ip)
         except Exception as e:
+            post_auth_failed.send(
+                sender=self.__class__, username=request.user.username,
+                request=self.request, reason=e.msg
+            )
             auth_logout(request)
             context = {
                 'title': _('Authentication failed'),
@@ -72,7 +78,8 @@ class ThirdPartyLoginMiddleware(mixins.AuthMixin):
                 'redirect_url': reverse('authentication:login'),
                 'auto_redirect': True,
             }
-            response = render(request, 'authentication/auth_fail_flash_message_standalone.html', context)
+            response = render(
+                request, 'authentication/auth_fail_flash_message_standalone.html', context)
         else:
             guard_url = reverse('authentication:login-guard')
             args = request.META.get('QUERY_STRING', '')
diff --git a/apps/authentication/signal_handlers.py b/apps/authentication/signal_handlers.py
index 68d8c0531..e7be3465c 100644
--- a/apps/authentication/signal_handlers.py
+++ b/apps/authentication/signal_handlers.py
@@ -29,7 +29,7 @@ def on_user_auth_login_success(sender, user, request, **kwargs):
             and user.mfa_enabled \
             and not request.session.get('auth_mfa'):
         request.session['auth_mfa_required'] = 1
-    if request.session.get('auth_backend') in AUTHENTICATION_BACKENDS_THIRD_PARTY:
+    if not request.session.get("auth_third_party_done") and request.session.get('auth_backend') in AUTHENTICATION_BACKENDS_THIRD_PARTY:
         request.session['auth_third_party_required'] = 1
     # 单点登录，超过了自动退出
     if settings.USER_LOGIN_SINGLE_MACHINE_ENABLED: