[keycloak-dev] Integration with GuardianKey

Alexis Almeida alexis.almeida at gmail.com
Sun Feb 3 14:46:55 EST 2019 

Hi Paulo,

IMO the simplest way to do this is with an Authenticator Provider. Please
see here:

https://www.keycloak.org/docs/latest/server_development/index.html#implementing-an-authenticator
.

In the authenticate method you can call the GuardianKey and, depending on
the result, you call a context.success () or context.failure ().

Like this:

public void authenticate(AuthenticationFlowContext context) {
...
if(!GuardianKeyValidation){
   Response challenge = context.form()
                .setError("something")
                .createForm("error_page.ftl");

 context.failureChallenge(AuthenticationFlowError.INVALID_CREDENTIALS,
challenge);
   return;
}
...
context.success();
}

Aléxis


Em dom, 3 de fev de 2019 às 15:38, Paulo Angelo <pa at pauloangelo.com>
escreveu:

> Hi all,
>
> We are trying to integrate KeyCloak with GuardianKey. However, we have
> doubts related to the best way to do this and the best point in the
> KeyCloak’s code for this integration.
>
> GuardianKey is a service to protect systems against authentication attacks.
> It uses Machine Learning and analyses the user's behavior, threat
> intelligence and psychometrics (or behavioral biometrics). The protected
> system (in the concrete case, KeyCloak) must send an event via REST for the
> GuardianKey on each login attempt. More info at https://guardiankey.io .
>
> The best way to integrate would be on having a hook in the procedure that
> process the user credentials submission in KeyCloak (the script that
> receives the POST), something such as:
>
> if(<POST IN AUTH FORM>) {
>
>  boolean loginFailed =  checkLoginInKeyCloak();
>
>  GuardianKeyEvent event = createEventForGuardianKey(username,loginFailed);
>
>  boolean GuardianKeyValidation = checkGuardianKeyViaREST(event);
>
>  if(GuardianKeyValidation){
>
>     // Allow access
>
>  } else {
>
>     // Deny access
>
>  }
>
> }
>
> Where is the best place to create this integration? Is there a way to
> create a hook for this purpose? Should we create an extension?
>
> Any help is welcome.
>
> Thank you in advance.
>
> Best regards,
>
> Paulo Angelo
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev

More information about the keycloak-dev mailing list