SimpleIdServer icon indicating copy to clipboard operation
SimpleIdServer copied to clipboard
verified publisher icon simpleidserver

Abnormal environment Environment login

Open qq1176914912 opened this issue 1 year ago • 4 comments

When using SimpleIdServer. IdServer. Startup system login address (5001), the business system is configured with MFA, I want to make a business system in addition to the password of other way only in special cases, For example, the account logs in for the first time, the account logs in for the first time on the terminal, the idle account logs in, the weak password logs in, the abnormal time logs in, and the unusual location logs in. Borrow your project of ACR function can achieve this effect, but need business system cooperate to achieve this effect, can you directly in the SimpleIdServer. IdServer. Startup (address 5001) in the project implementation, system without the need for business cooperation? Because account exists in SimpleIdServer. IdServer. Startup ( address 5001), rather than in a business system, I think these functions should be able to directly in your project, Such as in your SimpleIdServer. IdServer. Startup verification ( address 5001) in the project to other cities, you think?

qq1176914912 avatar Feb 14 '25 10:02 qq1176914912

Hello,

I believe your issue is closely related to the Risk-Based Authentication field.

I plan to begin supporting it in the 6.0.1 release, with the following features:

  • Support for OpenID Shared Signal Events (SSE).
  • Development of a risk management API that consumes SSE events and determines when MFA authentication should be enabled.
  • The Relying Party will be responsible for evaluating the risk and selecting the appropriate "acr_values" for user authentication.

Does this address your needs?

simpleidserver avatar Feb 15 '25 15:02 simpleidserver

Hello,

I believe your issue is closely related to the Risk-Based Authentication field.

I plan to begin supporting it in the 6.0.1 release, with the following features:

  • Support for OpenID Shared Signal Events (SSE).
  • Development of a risk management API that consumes SSE events and determines when MFA authentication should be enabled.
  • The Relying Party will be responsible for evaluating the risk and selecting the appropriate "acr_values" for user authentication.

Does this address your needs?

Thank you for your reply. It seems that the functions you mentioned are the same as those I mentioned. Looking forward to your new version

qq1176914912 avatar Feb 17 '25 01:02 qq1176914912

I noticed that you have updated 6.0.1. Has this function(SSE) been implemented yet?

qq1176914912 avatar May 08 '25 09:05 qq1176914912

SSE has not been implemented yet. It will be included in release 6.0.2.

KR,

SID

simpleidserver avatar May 08 '25 12:05 simpleidserver

SSE has not been implemented yet. It will be included in release 6.0.2.

KR,

SID

Hello, I noticed that your version has been updated to 6.0.3, but I didn't see any content related to SSE in the update notes. May I ask if this function has been implemented?

qq1176914912 avatar Jul 29 '25 08:07 qq1176914912

Hello @qq1176914912 , At the moment, we are working on another project that will be responsible for evaluating security risks in real time (a solution similar to Microsoft Sentinel), based on events sent by different identity providers (Keycloak, SimpleIdServer, etc.). This solution is currently under development and is not open source. We have not yet decided whether to make the code public.

However, we can already say that SimpleIdServer will publish RISC and CAEP events, and this part will remain open source.

simpleidserver avatar Aug 11 '25 09:08 simpleidserver