Skip to content

ebondu/keycloak-sms-authenticator-sns

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

74 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

sms-authenticator-validator

A keycloak authenticator and mobile phone number validator inspired from keycloak-sms-authenticator-sns.

Differences from the original project :

  • The phone number required action allow check presence of the mobile_number user profile attribute
  • The phone number validation required action allow mobile_number to be validated with sms code
  • New Keycloak sms-sender SPI used in both authenticator and required actions + refactoring
  • Simplify phone number form
  • Add ISENDPRO gateway

To install the SMS Authenticator one has to:

  • Add the jar to the Keycloak server:
    • $ cp target/sms-authenticator-validator-1.0-*.jar _KEYCLOAK_HOME_/providers/

You can also use jboss-cli commande :

`/opt/jboss/keycloak/bin/jboss-cli.sh --command=" \
           module add \
                   --name=com.google.libphonenumber \
                   --resources=libphonenumber-8.9.0.jar
   "
   
   /opt/jboss/keycloak/bin/jboss-cli.sh --command=" \
           module add \
                   --name=commons-lang.commons-lang \
                   --resources=commons-lang-2.6.jar
   "
   
   /opt/jboss/keycloak/bin/jboss-cli.sh --command=" \
           module add \
                   --name=org.keycloak.sms \
                   --resources=sms-authenticator-validator-1.0.jar \
                   --dependencies=org.keycloak.keycloak-core,org.keycloak.keycloak-common,org.keycloak.keycloak-server-spi,org.keycloak.keycloak-server-spi-private,org.jboss.logging,com.google.libphonenumber,javax.ws.rs.api,org.jboss.resteasy.resteasy-jaxrs,commons-lang.commons-lang
   "`
  • Update sms-sender provider config in standalone.xml

    <subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
         ...
         <spi name="sms-sender">
             <provider name="sms-sender-service" enabled="true">
                 <properties>
                     <property name="sms-auth.sms.gateway" value="ISENDPRO_SMS"/>
                     <property name="sms-auth.sms.gateway.endpoint" value="https://apirest.isendpro.com/cgi-bin"/>
                     <property name="sms-auth.sms.gateway.from" value="MyCompany"/>
                     <property name="sms-auth.sms.clientsecret" value="..."/>
                     <property name="sms-auth.code.ttl" value="600"/>
                     <property name="sms-auth.code.length" value="4"/>
                     <property name="sms-auth.code.alphanumeric" value="true"/>
                     <property name="mobile_verification_enabled" value="true"/>
                 </properties>
             </provider>
         </spi>
     </subsystem> 
    
  • Add three templates to the Keycloak server:

    • $ cp templates/sms-validation.ftl _KEYCLOAK_HOME_/themes/base/login/
    • $ cp templates/sms-validation-error.ftl _KEYCLOAK_HOME_/themes/base/login/
    • $ cp templates/sms-validation-mobile-number.ftl _KEYCLOAK_HOME_/themes/base/login/

Configure your REALM to use the SMS Authentication. First create a new REALM (or select a previously created REALM).

Under Authentication > Flows:

  • Copy 'Browse' flow to 'Browser with SMS' flow
  • Click on 'Actions > Add execution on the 'Browser with SMS Forms' line and add the 'SMS Authentication'
  • Set 'SMS Authentication' to 'REQUIRED' or 'ALTERNATIVE'
  • To configure the SMS Authenticator, click on Actions Config and fill in the attributes.

Under Authentication > Bindings:

  • Select 'Browser with SMS' as the 'Browser Flow' for the REALM.

Under Authentication > Required Actions:

  • Click on Register and select 'SMS Authentication' to add the Required Action to the REALM.
  • Make sure that for the 'SMS Authentication' both the 'Enabled' and 'Default Action' check boxes are checked.
  • Click on Register and select 'Mobile Number' to add the Required Action to the REALM.
  • Make sure that for the 'Update Mobile Number' both the 'Enabled' and 'Default Action' check boxes are checked.
  • To validate mobile_number attribute make sure that for the 'Validate Mobile Number' both the 'Enabled' and 'Default Action' check boxes are checked.

Malys contributions (for Lyra Network)

  • Internationalization support
  • Vault, Java properties, environment variables parameters support
  • Lyrasms gateway support
  • Add mobilephone number verification
  • Add input mobile phone number on authenticator
  • Refactoring
  • Template cleaning
  • Documentation

About

SMS 2 Factor Authentication for Keycloak via AWS SNS

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Java 94.6%
  • FreeMarker 5.4%