GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → mulesoft-labs → keycloak-duo-spi

mulesoft-labs / keycloak-duo-spi

Licence: Apache-2.0 license
Keycloak integration for Duo Security MFA

Programming Languages

java
68154 projects - #9 most used programming language
FreeMarker
481 projects

keycloak-duo-spi

Keycloak integration for Duo Security MFA. Provides an authentication execution for keycloak that presents a Duo iframe, to be used after primary authentication. (https://duo.com/)

Build

You may need to modify the keycloak versions in the pom.xml to correspond to yours. I'm using 3.4.3.Final.

$ mvn clean test install

Install

(assumes keycloak is installed to /opt/keycloak)

$ cp target/keycloak-duo-spi-jar-with-dependencies.jar /opt/keycloak/standalone/deployments/
$ cp src/main/duo-mfa.ftl /opt/keycloak/themes/base/login/duo-mfa.ftl
# restart keycloak

Configure

You need to add Duo as a trusted frame-able source to the Keycloak Content Security Policy. Content-Security-Policy: frame-src https://*.duosecurity.com/ 'self'; ...

csp-example

Since you can't modify the default Authentication Flows, make a copy of Browser. Add Duo MFA as an execution under Browser Forms.

flow-example

When you hit Config you can enter your Duo ikey, skey, and apihost (get these from duo.com by adding a Web SDK app).

Then make sure to bind your Copy of Browser flow to the Browser Flow (on the Bindings tab).

Contributing

If you are interested in contributing some code to this project, thanks! Please first read and accept the Contributors Agreement.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].