Integration with GuardianKey

Integration questions/issues
Post Reply
pauloangelo
Posts: 2
Joined: Sat Mar 30, 2019 9:47 pm

Integration with GuardianKey

Post by pauloangelo » Sat Mar 30, 2019 9:51 pm

Hi all,

We are trying to integrate OnlyOffice with GuardianKey. However, we have doubts related to the best way to do this and the best point in the code for this integration.

GuardianKey is a solution to protect systems against authentication attacks. It uses Machine Learning and analyses the user's behavior, threat intelligence and psychometrics (or behavioral biometrics). The protected system (in the concrete case, OnlyOffice) must send an event via REST for the GuardianKey on each login attempt. More info at https://guardiankey.io .

The best way to integrate would be on having a hook in the procedure that process the user credentials submission in OnlyOffice (the script that receives the POST), something such as:

if(POST IN AUTH FORM) {
boolean loginFailed = checkLogin();
GuardianKeyEvent event = createEventForGuardianKey(username,loginFailed);
boolean GuardianKeyValidation = checkGuardianKeyViaREST(event);
if(GuardianKeyValidation){
// Allow access
} else {
// Deny access
}
}

Where is the best place to create this integration? Is there a way to create a hook for this purpose? Should we create an extension?

Any help is welcome.

Thank you in advance.

Best regards,

Paulo Angelo

Carl
Posts: 160
Joined: Thu Apr 12, 2018 10:00 am

Re: Integration with GuardianKey

Post by Carl » Mon Apr 01, 2019 7:10 am

Hello Paulo,

Do you want to integrate Community or Document Server with GuardianKey?

pauloangelo
Posts: 2
Joined: Sat Mar 30, 2019 9:47 pm

Re: Integration with GuardianKey

Post by pauloangelo » Tue Apr 02, 2019 12:46 am

Hi Carl,

I believe that the best place is in the Community Server. Is there a way to create a hook for authentication? Or an extension?

Thank you in advance.

Paulo Angelo

Carl
Posts: 160
Joined: Thu Apr 12, 2018 10:00 am

Re: Integration with GuardianKey

Post by Carl » Thu Apr 04, 2019 9:22 am

Hi Paulo,

There is no hook for that. Here is where the login/password validation happens in the code:

Authorization page
https://github.com/ONLYOFFICE/Community ... ze.ascx.cs

API
https://github.com/ONLYOFFICE/Community ... ryPoint.cs

Post Reply