[keystone][horizon] Integration with GuardianKey
Ben Nemec
openstack at nemebean.com
Fri Apr 5 13:37:56 UTC 2019
Tagging with relevant projects for visibility.
On 3/30/19 3:54 PM, Paulo Angelo wrote:
> Hi all,
>
>
> We are trying to integrate OpenStack (Horizon or Keystone) with
> GuardianKey. However, we have doubts related to the best way to do this
> and the best point in the code for this integration.
>
>
> GuardianKey is a solution to protect systems against authentication
> attacks. It uses Machine Learning and analyses the user's behavior,
> threat intelligence and psychometrics (or behavioral biometrics). The
> protected system (in the concrete case, OpenStack admin interface) must
> send an event via REST for the GuardianKey on each login attempt. More
> info at https://guardiankey.io <https://guardiankey.io>.
>
> The best way to integrate would be on having a hook in the procedure
> that process the user credentials submission in OpenStack (the script
> that receives the POST), something such as:
>
>
> if(<POST IN AUTH FORM>) {
>
> boolean loginFailed = checkLogin();
>
> GuardianKeyEvent event = createEventForGuardianKey(username,loginFailed);
>
> boolean GuardianKeyValidation = checkGuardianKeyViaREST(event);
>
> if(GuardianKeyValidation){
>
> // Allow access
>
> } else {
>
> // Deny access
>
> }
>
> }
>
>
> Where is the best place to create this integration? Horizon or Keystone?
> Is there a way to create a hook for this purpose? Should we create an
> extension?
>
>
> Any help is welcome.
>
>
> Thank you in advance.
>
>
> Best regards,
>
>
> Paulo Angelo
More information about the openstack-discuss
mailing list