The Recaptcha Enterprise authentication nodes lets administrators integrate Recaptcha Enterprise decision tools into an AM authentication trees.
To deploy these nodes, download the jar from the releases tab on github here. Next, copy the jar into the ../web-container/webapps/openam/WEB-INF/lib directory where AM is deployed. Restart the web container to pick up the new nodes. The nodes will then appear in the authentication trees components palette.
These nodes assumes you have the following:
- A Google Cloud Project with reCaptcha Enterprise Enabled
- A reCAPTCHA Enterprise Key
- That has the AM Domain whitelisted
- That uses integration type:
Scoring, with no visible challenge to your users
This node tags the AM login page with the Recaptcha Enterprise JS to collect information about the event.
- reCaptcha Enterprise Site Key - Google reCaptcha Enterprise Site Key. You can find this key at
https://console.cloud.google.com/recaptcha?project={{Project_ID}} - reCaptcha Action - The action that the user is performing when the instrumentation is performed.
This node makes a request the Recaptcha Enterprise Assessment API to retrieve a score and reason codes about the users event.
- reCaptcha Enterprise Project Id - Google Cloud Project Id
- Key - Recaptcha Enterprise Service Account Key. Copy the entire JSON blob that was downloaded from the reCaptcha Enterprise servce into this field. An example of the key would be:
{
"type": "service_account",
"project_id": "recaptcha-project-id",
"private_key_id": "12903109239012903",
"private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBAD...=\n-----END PRIVATE KEY-----\n",
"client_email": "project@recaptcha-enterprise-12312.iam.gserviceaccount.com",
"client_id": "123456789012345678901",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/project%40name.iam.gserviceaccount.com"
}
This node analyzes the response from the Recaptcha Enterprise Assessment Node and routes to the first outcome
returned and removes it from the list. The possible outcomes are Automation, Unexpected
Environment, Too Much Traffic, Unexpected Usage Patterns, Low Confidence
Score, and None Returned. The Recaptcha Enterprise Reason Code Node can also be daisy-chained
together to test for a combination of outcomes.
This node analyzes the response from the Recaptcha Enterprise Assessment Node and checks to see if the risk score greater than or less than the configured value.
- Score Threshold - reCAPTCHA Enterprise returns a score (1.0 is very likely a good interaction, 0.0 is very likely a bot). Based on the score, you can take appropriate action in the context of your site.
This node calls the Recaptcha Enterprise Annotation API to tune your site specific model. This additional information will help reCAPTCHA Enterprise perform better for your site over time.
- Annotation - The annotation to send for this assessment. The annotation options are
Unspecified,Legitimate,Fraudulent,Password Correct,Password Incorrect, andUnrecognized. - Key - Recaptcha Enterprise Service Account Key. Copy the entire JSON blob that was downloaded from the
reCaptcha Enterprise service into this field. This should be the same key used in the
Recaptcha Enterprise Assessment Node.
