Skip to content

sknolin/keycloak-duo-spi

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

35 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

keycloak-duo-spi

Keycloak integration for Duo Security MFA. Provides an authentication execution for keycloak that presents a Duo iframe, to be used after primary authentication. (https://duo.com/)

Build

You may need to modify the keycloak versions in the pom.xml to correspond to yours. I'm using 3.4.3.Final.

$ mvn clean test install

Install

(assumes keycloak is installed to /opt/keycloak)

$ cp target/keycloak-duo-spi-jar-with-dependencies.jar /opt/keycloak/standalone/deployments/
$ cp src/main/duo-mfa.ftl /opt/keycloak/themes/base/login/duo-mfa.ftl
# restart keycloak

Configure

You need to add Duo as a trusted frame-able source to the Keycloak Content Security Policy. Content-Security-Policy: frame-src https://*.duosecurity.com/ 'self'; ...

csp-example

Since you can't modify the default Authentication Flows, make a copy of Browser. Add Duo MFA as an execution under Browser Forms.

flow-example

When you hit Config you can enter your Duo ikey, skey, and apihost (get these from duo.com by adding a Web SDK app).

Then make sure to bind your Copy of Browser flow to the Browser Flow (on the Bindings tab).

Contributing

If you are interested in contributing some code to this project, thanks! Please first read and accept the Contributors Agreement.

About

Keycloak integration for Duo Security MFA

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Java 88.3%
  • FreeMarker 8.0%
  • Makefile 2.3%
  • Dockerfile 1.4%