<div dir="ltr"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" id="gmail-m_-3313822709028109817gmail-docs-internal-guid-dacf6e3d-7fff-9657-7387-7805530324a9"><font size="2"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Hi all,</span></font></p><font size="2"><br></font><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font size="2"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">We are trying to integrate OpenStack (Horizon or Keystone) with <span class="gmail-il">GuardianKey</span>. However, we have doubts related to the best way to do this and the best point in the code for this integration.</span></font></p><font size="2"><br></font><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font size="2"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><span class="gmail-il">GuardianKey</span> is a solution to protect systems against authentication attacks. It uses Machine Learning and analyses the user's behavior, threat intelligence and psychometrics (or behavioral biometrics). The protected system (in the concrete case, OpenStack admin interface) must send an event via REST for the <span class="gmail-il">GuardianKey</span> on each login attempt. More info at </span><a href="https://guardiankey.io" style="text-decoration:none" target="_blank"><span style="font-family:Arial;color:rgb(17,85,204);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap">https://<span class="gmail-il">guardiankey</span>.io</span></a><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"> .</span></font></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font size="2"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"> </span></font></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font size="2"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">The best way to integrate would be on having a hook in the procedure that process the user credentials submission in OpenStack (the script that receives the POST), something such as:</span></font></p><font size="1"><br></font><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:40px"><font size="1"><span style="font-family:monospace,monospace"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">if(<POST IN AUTH FORM>) {</span></span></font></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:65.76pt"><font size="1"><span style="font-family:monospace,monospace"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">  boolean loginFailed =  checkLogin();</span></span></font></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:65.76pt"><font size="1"><span style="font-family:monospace,monospace"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">  GuardianKeyEvent event = createEventForGuardianKey(username,loginFailed);</span></span></font></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:65.76pt"><font size="1"><span style="font-family:monospace,monospace"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">  boolean GuardianKeyValidation = checkGuardianKeyViaREST(event);  </span></span></font></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:65.76pt"><font size="1"><span style="font-family:monospace,monospace"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">  if(GuardianKeyValidation){</span></span></font></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:65.76pt"><font size="1"><span style="font-family:monospace,monospace"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">     // Allow access</span></span></font></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:65.76pt"><font size="1"><span style="font-family:monospace,monospace"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">  } else {</span></span></font></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:65.76pt"><font size="1"><span style="font-family:monospace,monospace"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">     // Deny access</span></span></font></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:65.76pt"><font size="1"><span style="font-family:monospace,monospace"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">  }</span></span></font></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:40px"><font size="1"><span style="font-family:monospace,monospace"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">}</span></span></font></p><font size="2"><br></font><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font size="2"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Where is the best place to create this integration? Horizon or Keystone? Is there a way to create a hook for this purpose? Should we create an extension?</span></font></p><font size="2"><br></font><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font size="2"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Any help is welcome.</span></font></p><font size="2"><br></font><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font size="2"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Thank you in advance.</span></font></p><font size="2"><br></font><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font size="2"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Best regards,</span></font></p><div dir="ltr" class="gmail-m_-3313822709028109817gmail_signature"><div dir="ltr"><div><font size="2"><br></font></div><div><font size="2">Paulo Angelo</font></div></div></div></div>