This module contains components for providing Adaptive authentication capabilities.
It leverages risk-based authentication, and communicate with OpenAI ChatGPT NPL engine.
You can simply execute this command in this module and a Keycloak distribution with this extension will start:
../mvnw exec:exec@start-server
In order to see the execution of the authentication flow from the example realm adaptive
, just access the url http://localhost:8080/admin/adaptive/console/
.
In order to use the default OpenAI engine for risk scoring, create .env
file in the working directory, or set following environment variables:
OPEN_AI_API_KEY
- OpenAI API keyOPEN_AI_API_ORGANIZATION
- OpenAI organization IDOPEN_AI_API_PROJECT
- OpenAI project IDOPEN_AI_API_URL
(optional) - OpenAI URL (default 'https://api.openai.com/v1/chat/completions') (with the suffix/chat/completions
)OPEN_AI_API_MODEL
(optional) - OpenAI Model type (defaultgpt-3.5-turbo
)
In order to use the IBM Granite NLP engine for risk scoring, create .env
file in the working directory, or set
following environment variables:
GRANITE_API_KEY
- Granite API keyGRANITE_API_URL
- Granite API URL (with the suffix/chat/completions
)GRANITE_API_MODEL
(optional) - Granite API Model (defaultgranite-8b-code-instruct-128k
)
As the IBM Granite is not the default AI NLP engine used in this extension, the default provider needs to be set (and the build
command executed):
KC_SPI_AI_ENGINE_PROVIDER=granite
WARNING: It seems the IMB Granite is slower than OpenAI ChatGPT, so the timeout for risk evaluations needs to be increased for now.