Hi everyone,
Has anyone been implementing user notifications for:
Implementation of the second one is probably on the easier side of things. The first one is more challenging, though. Perhaps someone knows a Java library that provides a framework doing such checks?
I don’t know about the former issue, as this is quite difficult to determine what “unusual locations” is for you. Probably, it’s different from what somebody else expects…
For the latter, there’s the email event listener already available, you just have to enable it in your realm, by selecting it as an event-listener.
By default, it is sending mails to users for login errors, changed credentials and removed credentials. You can also configure the events you want to listen and send an email to: All provider configuration - Keycloak
IP location is really up to where you are - it should be simple enough in any observability tool or data pipeline to send an alert for any access outside of a certain geo-located IP-range.
For the second, I think it’s a similar answer - use a logging/observability tool to do things like counting credential-resets (or failed logins!), grouping by ASN, IP address, and/or user to get an idea of unusual activity. YMMV.
This works very well, but admin initiated changes are excluded here. Is there something else to activate to get these?
As the admin events are not that specific (more like kind of CRUD events), this is not implemented. You would have to do this in a custom extension.
Hi,
To do some experiments with risk-based login, perhaps this extension GitHub - mabartos/keycloak-adaptive-authn: Keycloak Adaptive Authentication Extension is worth a look.’
A very simple approach can be a self-written authentifcator, that has a “learning phase” for each new user in which it protocals at login the typical IP addresses, bowser agents, time stamps, geo location etc… And then, after the learning phase it evaluates that collected data when the user does a login.
Yes, this is a great approach.
And additionally, on upcoming thursday (15th) the video from Martin’s talk about this topic at this year’s Keycloak DevDay will be released: https://youtu.be/TjanummQn7U