{"id":19745183,"url":"https://github.com/castle/castle-auth-tree-nodes","last_synced_at":"2025-09-04T19:13:35.371Z","repository":{"id":45878960,"uuid":"414231023","full_name":"castle/Castle-Auth-Tree-Nodes","owner":"castle","description":"Castle Auth Tree nodes plugin for ForgeRock.","archived":false,"fork":false,"pushed_at":"2023-10-05T08:55:29.000Z","size":1448,"stargazers_count":0,"open_issues_count":1,"forks_count":2,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-06-17T11:11:29.574Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"ForgeRock/Castle-Auth-Tree-Nodes","license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/castle.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-10-06T13:50:11.000Z","updated_at":"2021-11-30T10:03:37.000Z","dependencies_parsed_at":"2025-01-10T20:44:07.386Z","dependency_job_id":"24f35d06-fe8f-4695-999a-c2a7ffd8e11c","html_url":"https://github.com/castle/Castle-Auth-Tree-Nodes","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/castle/Castle-Auth-Tree-Nodes","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/castle%2FCastle-Auth-Tree-Nodes","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/castle%2FCastle-Auth-Tree-Nodes/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/castle%2FCastle-Auth-Tree-Nodes/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/castle%2FCastle-Auth-Tree-Nodes/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/castle","download_url":"https://codeload.github.com/castle/Castle-Auth-Tree-Nodes/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/castle%2FCastle-Auth-Tree-Nodes/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":273658114,"owners_count":25145220,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-04T02:00:08.968Z","response_time":61,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-12T02:04:49.921Z","updated_at":"2025-09-04T19:13:35.310Z","avatar_url":"https://github.com/castle.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003c!--\n * The contents of this file are subject to the terms of the Common Development and\n * Distribution License (the License). You may not use this file except in compliance with the\n * License.\n *\n * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the\n * specific language governing permission and limitations under the License.\n *\n * When distributing Covered Software, include this CDDL Header Notice in each file and include\n * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL\n * Header, with the fields enclosed by brackets [] replaced by your own identifying\n * information: \"Portions copyright [year] [name of copyright owner]\".\n *\n * Copyright 2019 ForgeRock AS.\n--\u003e\n# Castle Authentication Nodes\n\nCastle helps security teams more quickly discover, investigate and stop malicious activity. \n\nThis plugin gives you the ability to use Castle's Risk, Filter and Log APIs which provide risk signals \nand give you the visibility needed to investigate security and fraud incidents. \n\nSee [castle.io](https://castle.io) for more information.\n\n## Usage\n\nTo deploy these nodes, download the jar from the releases tab on github\n[here](https://github.com/ForgeRock/Castle-Auth-Tree-Nodes/releases/latest). Next, copy the jar into the\n../web-container/webapps/openam/WEB-INF/lib directory where AM is deployed. Restart the web container to pick up the\nnew nodes. The nodes will then appear in the authentication trees components palette.\n\n### Before you begin\n\n1. Create a [Castle account](https://dashboard.castle.io/signup/new)\n2. Once you're signed in, go the the [Dashboard Settings page](https://dashboard.castle.io/settings/general) to configure the Castle Service with the APP ID and API Secret. Please note your Castle environment - the \"Sandbox\" one is only suggested for non-production usage.\n3. Host our `castle-js` script. See our [NPM package](https://www.npmjs.com/package/@castleio/castle-js) for more details.\n\n### Castle Service\nThis plugin provides a realm-specific Castle Service, where you specify common configuration for Castle nodes.\n\n* **API Secret** - A secret that will be used for authentication purposes.\n* **App ID** - Castle App ID.\n* **Profiler URI** - Castle Javascript link. We highly suggest you host it yourself.\n* **Allowlisted Headers** - A comma-separated list of strings representing HTTP headers that will get passed to the \n  context object with each call to the Castle API, unless they are denylisted. If not set or empty all headers will \n  be sent.\n* **Denylisted Headers** - A comma-separated list of strings representing HTTP headers that will never get passed to \n  the context object.\n* **Timeout** - An integer that represents the time in milliseconds after which a request fails.\n* **Base URL** - The base endpoint of the Castle API without any relative path.\n\n\n![CASTLE_SERVICE_1](./images/castle_service.png)\n\n### Quick Start\n\nThis repository contains sample trees you can import using [AM Treetool](https://github.com/vscheuber/AM-treetool).\n\nYou can batch-import them with this command:\n\n```\n./amtree.sh -h FORGEROCK_URL -u FORGEROCK_ADMIN -p FORGEROCK_ADMIN_PASSWORD -s -r examples/\n```\n\nAlternatively, you can recreate these tools yourself using the ForgeRock tree editor.\n\nOnce you configured the Castle Service and you went through a tree that used one of Castle's API,\nyou should be able to inspect the requests that were sent to Castle in the [Castle's Debugger](https://dashboard.cas.tl/debug-console/events).\n\n\n### Castle Profiler Node\n\nThis node tags the AM login page with the Castle JS to collect information about the device being used.\n\n### Castle Risk Node\n\nThis node makes a request to [Castle Risk API](https://castle.io/risk-api/) to assess user risk.\n\nYou can also check our [API Reference](https://reference.castle.io/#operation/risk) for more details on the Risk API.\n\n#### Castle Risk Node Configuration\n\n* **Event** - The Castle Event type.\n* **Status** - The Castle Event status.\n* **Mail Attribute** - The ForgeRock email attribute.\n\n### Castle Filter Node\n\nThis node makes a request to Castle's bot detection [Filter API](https://castle.io/filter-api/) to retrieve a policy decision about an action.\n\nYou can also check our [API Reference](https://reference.castle.io/#operation/filter) for more details on the Filter API.\n\n#### Castle Filter Node Configuration\n\n* **Event** - The Castle Event type.\n* **Status** - The Castle Event status.\n* **Mail Attribute** - The ForgeRock email attribute.\n\n### Castle Log Node\n\nThis node makes a request to Castle's Log API. This is an async API that provides visibility into the actions your users take.\n\nYou can check our [API Reference](https://reference.castle.io/#tag/logging) for more details on the Log API.\n\n#### Castle Log Node Configuration\n\n* **Event** - The Castle Event type.\n* **Status** - The Castle Event status.\n* **Mail Attribute** - The ForgeRock email attribute.\n\n### Castle Action Node\n\nThis node analyzes the response from the Castle Risk Node and routes to the \u003ccode\u003eAllow\u003c/code\u003e,\n\u003ccode\u003eChallenge\u003c/code\u003e or \u003ccode\u003eDeny\u003c/code\u003e node outcomes.\n\n### Castle Score Node\nThis node analyzes the response from the Castle Risk Node and checks to see if the risk score is\nabove the configured value.\n\n#### Castle Score Node Configuration\n\n* **Score Threshold** - Castle’s APIs return a numerical risk score between zero and one. Low-risk events are scored \n  at or near zero, and high-risk events are scored at or near one.\n\n### Castle Signal Node\nThis node analyzes the response from the Castle Risk Node and checks to see if an individual signal\nhas been returned. These signal correspond to Castle Signals found [here](https://docs.castle.io/v1/reference/signals/).\n\n#### Castle Signal Node Configuration\n* **Signal Outcomes** - A list of Signals that you would like to check for from a Castle Risk\n  evaluation. When a Signal is added to this list, a new outcome will presented on the node. The node will\n  iterate through the configured Signals until a Reason code is found and will return that outcome. Otherwise\n  the \u003ccode\u003eNone Triggered\u003c/code\u003e outcome will be returned.\n\n### Castle Approve Device Node\nThis node calls the Castle Approve Device API to update the users device with approval. \nsession.\n\n#### Castle Approve Device Node Configuration\n\n* **API Secret** - A secret that will be used for authentication purposes.\n* **Base URL** - The base endpoint of the Castle API without any relative path.\n\n### Example Flows\n\n#### Login flows\n![CASTLE_LOGIN_1](./images/castle_login_flow.png)\n![CASTLE_LOGIN_2](./images/castle_login_flow2.png)\n\n#### Registration flows\n![CASTLE_REGISTRATION_1](./images/castle_registration_flow.png)\n\n#### Password reset flows\n![CASTLE_PASSWORD_RESET](./images/castle_password_reset_flow.png)\n\n#### Password update flows\n![CASTLE_PASSWORD_UPDATE](./images/castle_password_update_flow.png)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcastle%2Fcastle-auth-tree-nodes","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcastle%2Fcastle-auth-tree-nodes","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcastle%2Fcastle-auth-tree-nodes/lists"}