Giters

mulesoft-labs / keycloak-duo-spi

Keycloak integration for Duo Security MFA

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

keycloak-duo-spi

Keycloak integration for Duo Security MFA. Provides an authentication execution for keycloak that presents a Duo iframe, to be used after primary authentication. (https://duo.com/)

Build

You may need to modify the keycloak versions in the pom.xml to correspond to yours. I'm using 3.4.3.Final.

$ mvn clean test install

Install

(assumes keycloak is installed to /opt/keycloak)

$ cp target/keycloak-duo-spi-jar-with-dependencies.jar /opt/keycloak/standalone/deployments/
$ cp src/main/duo-mfa.ftl /opt/keycloak/themes/base/login/duo-mfa.ftl
# restart keycloak

Configure

You need to add Duo as a trusted frame-able source to the Keycloak Content Security Policy. Content-Security-Policy: frame-src https://*.duosecurity.com/ 'self'; ...

csp-example

Since you can't modify the default Authentication Flows, make a copy of Browser. Add Duo MFA as an execution under Browser Forms.

flow-example

When you hit Config you can enter your Duo ikey, skey, and apihost (get these from duo.com by adding a Web SDK app).

Then make sure to bind your Copy of Browser flow to the Browser Flow (on the Bindings tab).

Contributing

If you are interested in contributing some code to this project, thanks! Please first read and accept the Contributors Agreement.

About

Keycloak integration for Duo Security MFA

License:Apache License 2.0

Languages

Language:Java 90.6%Language:FreeMarker 9.4%