Reliable notifications and chained authorizations?

By: Jason Pascucci user 10 May 2019 at 10:44 a.m. CDT

3 Responses
Jason Pascucci gravatar
I've glossed the APIs and docs, and didn't see quite what I was looking for. 1) Is there a possibility of getting more real-time, reliable notifications for when gluu authenticates someone and/or receives authorization info? Or is this more log4j to JMSAppender or Kafka Logging (as in the tutorial)? Basically, I'm looking to get a fairly consistent set of authorization data - preferrably json - no matter which method is being used under the hood, but it looks like it would pretty much be just log messages as coded, which need to be parsed & handled independently? (Okay - for the second, apparently I'm looking at interception scripts) > <s>2) Is there a way of chaining authorizations, such that even if so-and-so says the authentication was okay, one can call out to another mechanism to make sure it's consonant with other known information? Like, geofencing: Joe authorizes from a device, but we believe the device is in China, while Joe's cell phone is in NYC. In this case, we may reject and double-check.</s> Or would both of these require extensions to the core to enable (which is fine, I'm just looking for the starting point)?
Ubuntu 18.0
closed

Answers

By Aliaksandr Samuseu staff 15 May 2019 at 1:31 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi, Jason. 1. I believe you're talking about audit logging of authentication events? Such feature is in development, but it will be an exclusive offer for customers (not planned for CE) 2. Custom person authentication scripts allow you a lot of flexibility. The only caveat is that you'll have to implement this logic yourself. You can do whatever check you want in the script and interrupt auth flow if some criteria isn't met, or add an extra step to it, like engage some 2fa or other more secure method. You can find examples [here](https://github.com/GluuFederation/oxAuth/tree/master/Server/integrations), check "allowed_countries" script in particular; please keep in mind we don't usually provide help with any kind of development tasks to community users; all sources are open though

By Jason Pascucci user 15 May 2019 at 2:08 p.m. CDT

Copy
Jason Pascucci gravatar
Ok. We ourselves wouldn't be a customer, but might have mutual customers some day, so I'll be interested to learn more about the API as it gets closer to completion as a possible data source for integration. WRT the API itself, I might be able to provide some constructive feedback, and would be happy to do so. Thanks, JRP

By Aliaksandr Samuseu staff 15 May 2019 at 2:37 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
All Gluu products are open-source projects, so you are free to study the code behind those APIs. We are also open to suggestions, so feel free to submit your enhancement proposals at Github. Though we can't promise any ETA for requests like those, it can be adopted if it seems like a universally-needed feature. You can also submit pull requests if you'll decide to contribute to the project by implementing it yourself. We don't mind answering an in-depth question from time to time, and even sometimes assist with development if it seems like a useful experience we can put to use ourselves in the future. But as such questions usually require involvement of the dev team's members, we can't afford to do it too often. Developers' time is scarce and valuable resource :)

Post an answer