Skip to content

Trust1Team/keycloak-ocra-authenticator

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

74 Commits
src
src
 
 
templates
templates
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

keycloak-ocra-authenticator

To install the OCRA Authenticator one has to:

  • Add ocra config

    • $ mkdir /usr/local/ocra
    • $ touch ocra.conf
    • keycloak-ocra { apikey: "<your-api-key>", ocra-api-uri: "https://apim.t1t.be/trust1team/ocra-api/v1", sms-api-uri: "https://apim.t1t.be/trust1team/sms-api/v1", ocra: { seed: "<ora_seed>", algorithm: "<ocra_algo>", } } The config will be applicable to all realms using OCRA execution in a flow.

  • Add the jar to the Keycloak server:

    • $ cp target/keycloak-ocra-authenticator-*.jar _KEYCLOAK_HOME_/providers/

  • Add three templates to the Keycloak server:

    • $ cp templates/ocra-validation.ftl _KEYCLOAK_HOME_/themes/base/login/
    • $ cp templates/ocra-validation-error.ftl _KEYCLOAK_HOME_/themes/base/login/
    • $ cp templates/ocra-validation-mobile-number.ftl _KEYCLOAK_HOME_/themes/base/login/

If you want to retrieve the files from a repo, you can install wget (yum install wget).

Configure your REALM to use the OCRA Authentication. First create a new REALM (or select a previously created REALM).

Under Authentication > Flows:

  • Copy 'Browse' flow to 'Browser with OCRA' flow
  • Click on 'Actions > Add execution on the 'Browser with OCRA Forms' line and add the 'OCRA Authentication'
  • Set 'OCRA Authentication' to 'REQUIRED' or 'ALTERNATIVE'
  • To configure the OCRA Authenticator, click on Actions Config and fill in the attributes.

Under Authentication > Bindings:

  • Select 'Browser with OCRA' as the 'Browser Flow' for the REALM.

Under Authentication > Required Actions:

  • Click on Register and select 'OCRA Authentication' to add the Required Action to the REALM.
  • Make sure that for the 'OCRA Authentication' both the 'Enabled' and 'Default Action' check boxes are checked.
  • Click on Register and select 'Mobile Number' to add the Required Action to the REALM.
  • Make sure that for the 'Mobile Number' both the 'Enabled' and 'Default Action' check boxes are checked.

Additional tips

Run a docker jboss/keycloak (-p hostport:containerport):

docker run --name keycloak -p 9000:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin -e KEYCLOAK_LOGLEVEL=DEBUG jboss/keycloak:3.4.3.Final

The jboss/keycloak is a centos:7, if you want to login as root using docker (use user ID=0) and attach your terminal (in order to deploy the ear)

$ docker exec -u 0 -it keycloak bash

About

OCRA 2 Factor Authentication for Keycloak via Trust1Gateway

mkt.t1t.be

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

0 forks
Report repository

Releases 1

v0.1.0 Latest
Mar 1, 2018

Packages

No packages published

Languages

  • Java 92.7%
  • FreeMarker 7.3%