adfs-sample-riskassessmentmodel-riskyipblock's Introduction

Build Plug-ins with AD FS 2019 Risk Assessment Model

You can now build your own plug-ins to block or assign a risk score to authentication requests during various stages – request received, pre-authentication and post-authentication. This can be accomplished using the new Risk Assessment Model introduced with AD FS 2019.

What is the Risk Assessment Model?

The Risk Assessment Model is a set of interfaces and classes which enable developers to read authentication request headers and implement their own risk assessment logic. The implemented code (plug-in) then runs in line with AD FS authentication process. For eg, using the interfaces and classes included with the model, you can implement code to either block or allow authentication request based on the client IP address included in the request header. AD FS will execute the code for each authentication request and take appropriate action as per the implemented logic.

For more details please visit AD FS Risk Assessment Model documentation

About this sample

This sample plug-in is meant to better understand how to build a risk assessment plug-in and run it in line with AD FS process. The code in this sample uses the new interfaces and classes introduced with the risk assessment model to block the requests coming from certain extranet IPs identified as risky.

To learn how to build this sample plug-in please visit Building a sample plug-in documentation

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.

When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.

adfs-sample-riskassessmentmodel-riskyipblock's People

Contributors

Stargazers

Watchers

adfs-sample-riskassessmentmodel-riskyipblock's Issues

Get claims from ExternalAuthSecurityToken

Hi,
How can I get MFA claims from securityContext.UserToken in EvaluatePreAuthentication method?

{Microsoft.IdentityServer.Service.ExternalAuth.ExternalAuthSecurityToken}
Claims: Count = 8
Id: "_36d6901b-c078-4e30-8be0-c50e031c49fa-B3D62E6F308444A4E54540BC64495EEA"
SecurityKeys: Count = 0
ValidFrom: {10/10/2019 2:56:50 PM}
ValidTo: {10/11/2019 12:56:50 AM}

Thanks!

This repo is missing important files

There are important files that Microsoft projects should all have that are not present in this repository. A pull request has been opened to add the missing file(s). When the pr is merged this issue will be closed automatically.

Microsoft teams can learn more about this effort and share feedback within the open source guidance available internally.

Merge this pull request

Recommend Projects

microsoft / adfs-sample-riskassessmentmodel-riskyipblock Goto Github PK

adfs-sample-riskassessmentmodel-riskyipblock's Introduction

Build Plug-ins with AD FS 2019 Risk Assessment Model

What is the Risk Assessment Model?

About this sample

Contributing

adfs-sample-riskassessmentmodel-riskyipblock's People

Contributors

Stargazers

Watchers

Forkers

adfs-sample-riskassessmentmodel-riskyipblock's Issues

Get claims from ExternalAuthSecurityToken

This repo is missing important files

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent