We are trying to integrate Zimbra with GuardianKey. However, we have doubts related to the best way to do this and the best point in the Zimbra’s code for this integration.
GuardianKey is a solution to protect systems against authentication attacks. It uses Machine Learning and analyses the user's behavior, threat intelligence and psychometrics (or behavioral biometrics). The protected system (in the concrete case, Zimbra) must send an event via REST for the GuardianKey on each login attempt. More info at https://guardiankey.io .
The best way to integrate would be on having a hook in the procedure that process the user credentials submission in Zimbra (the script that receives the POST), something such as:
Code: Select all
if(<POST IN AUTH FORM>) {
boolean loginFailed = checkLoginInKeyCloak();
GuardianKeyEvent event = createEventForGuardianKey(username,loginFailed);
boolean GuardianKeyValidation = checkGuardianKeyViaREST(event);
if(GuardianKeyValidation){
// Allow access
} else {
// Deny access
}
}
Any help is welcome.
Thank you in advance.
Best regards,
Paulo Angelo