Skip to content

mabartos/keycloak-adaptive-authn

BranchesTags

Repository files navigation

Keycloak

Keycloak Adaptive Authentication

  • Change authentication requirements in real-time based on wider context
  • Strengthen security - Require MORE factors when user attempt is suspicious or accessing sensitive resources
  • Better User Experience - Require LESS factors when risk of fraudulent user is low
  • Integration with remote services - For more information about the user or helping evaluating data via remote services
  • Gather more information about user in a secure way
  • Uses Risk-based authentication
  • Uses AI services for more complex risk evaluations

Risk Engine

Supported AI Engines

OpenAI ChatGPT

 IBM Granite (experimental)
OpenAI ChatGPT logo IBM Granite logo

It should work for all OpenAI ChatGPT compatible engines, but not verified. For more information, refer to the Start guide.

Connected Authentication Policies

NOTE: Authentication policies that were part of this Adaptive authentication initiative were moved to repository mabartos/keycloak-authn-policies.

Getting started

Building from Source

To build it from source, execute this command:

./mvnw clean install -DskipTests

If you want to try it out, execute this command:

./mvnw exec:exec@start-server

And access localhost:8080/realms/adaptive/account.

Container

NOTE: This is an old release with the authentication policies that are not part of this repository anymore. Recommended way is to build it from source for now.

You can use the container image by running:

podman run -p 8080:8080 quay.io/mabartos/keycloak-adaptive-all start

This command starts Keycloak exposed on the local port 8080 (localhost:8080).

In order to see the functionality in action, navigate to localhost:8080/realms/authn-policy-adaptive/account.

ℹ️ INFO: If you want to use the OpenAI capabilities, set the environment variables (by setting -e OPEN_AI_API_*) for the image described in the README of the adaptive module..

ℹ️ INFO: If you have installed Docker, use docker instead of podman.

Resources with more info

  1. Adaptive Authentication (most recent)
  2. Adaptive Authentication
  3. AI-powered Keycloak
    • OpenShiftAI Roadshow @ Bratislava, Slovakia 2024
    • Slides
  4. Adaptive Authentication
    • Master's thesis completed 2024
    • (Information might differ)
    • Document

About

Keycloak Adaptive Authentication Extension

Resources

Readme

License

Apache-2.0 license
Activity

Stars

28 stars

Watchers

3 watching

Forks

4 forks
Report repository

Releases

13 tags

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages