[keycloak-dev] Integration with GuardianKey
Alexis Almeida
alexis.almeida at gmail.com
Sun Feb 3 14:46:55 EST 2019
Hi Paulo,
IMO the simplest way to do this is with an Authenticator Provider. Please
see here:
https://www.keycloak.org/docs/latest/server_development/index.html#implementing-an-authenticator
.
In the authenticate method you can call the GuardianKey and, depending on
the result, you call a context.success () or context.failure ().
Like this:
public void authenticate(AuthenticationFlowContext context) {
...
if(!GuardianKeyValidation){
Response challenge = context.form()
.setError("something")
.createForm("error_page.ftl");
context.failureChallenge(AuthenticationFlowError.INVALID_CREDENTIALS,
challenge);
return;
}
...
context.success();
}
Aléxis
Em dom, 3 de fev de 2019 às 15:38, Paulo Angelo <pa at pauloangelo.com>
escreveu:
> Hi all,
>
> We are trying to integrate KeyCloak with GuardianKey. However, we have
> doubts related to the best way to do this and the best point in the
> KeyCloak’s code for this integration.
>
> GuardianKey is a service to protect systems against authentication attacks.
> It uses Machine Learning and analyses the user's behavior, threat
> intelligence and psychometrics (or behavioral biometrics). The protected
> system (in the concrete case, KeyCloak) must send an event via REST for the
> GuardianKey on each login attempt. More info at https://guardiankey.io .
>
> The best way to integrate would be on having a hook in the procedure that
> process the user credentials submission in KeyCloak (the script that
> receives the POST), something such as:
>
> if(<POST IN AUTH FORM>) {
>
> boolean loginFailed = checkLoginInKeyCloak();
>
> GuardianKeyEvent event = createEventForGuardianKey(username,loginFailed);
>
> boolean GuardianKeyValidation = checkGuardianKeyViaREST(event);
>
> if(GuardianKeyValidation){
>
> // Allow access
>
> } else {
>
> // Deny access
>
> }
>
> }
>
> Where is the best place to create this integration? Is there a way to
> create a hook for this purpose? Should we create an extension?
>
> Any help is welcome.
>
> Thank you in advance.
>
> Best regards,
>
> Paulo Angelo
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
More information about the keycloak-dev
mailing list