[keycloak-user] Connect as another user

Bill Burke bburke at redhat.com
Sun Oct 19 09:05:25 EDT 2014 

No easy way to do this.  Our roadmap is pretty full at the moment so 
we'd need the community to help out.

On 10/18/2014 1:25 PM, Alexander Chriztopher wrote:
> At the end of the day any customer data is at the tip of a finger of an
> admin or other people who can see all they want with an sql statement or
> even easier sometimes. I've seen a big bank who had this feature
> implemented on their online banking website and it's been validated by
> all the security audits out there and it was really helpful.
>
> Is there is a nice way to get this done with Keycloak ?
>
> Anyone has an idea !
>
>
>
> On 17 Oct 2014, at 20:36, Stan Silvert <ssilvert at redhat.com
> <mailto:ssilvert at redhat.com>> wrote:
>
>> On 10/17/2014 1:53 PM, Alexander Chriztopher wrote:
>>> This is not an issue in our context as it is just to secure an
>>> application where admins are publishing data to users and they would
>>> like to make sure they are publishing the right thing and nothing
>>> more which otherwise would be a big security hole. Users on the other
>>> hand will upload documents for admins.
>>>
>>> There is nothing as such as bank accounts issues or private data
>>> issues as you mentioned.
>> I understand.  But Keycloak is also used by applications where those
>> issues do exist.
>>>
>>>
>>>
>>> On 17 Oct 2014, at 19:07, Stan Silvert <ssilvert at redhat.com
>>> <mailto:ssilvert at redhat.com>> wrote:
>>>
>>>> I see how that would be very useful but it would also be very, very
>>>> dangerous.  You can't give the admin rights to just waltz into
>>>> someone's bank account.
>>>>
>>>> At the very least we would need a way for the user to give consent.
>>>>
>>>> On 10/17/2014 11:00 AM, Alexander Chriztopher wrote:
>>>>> Hi,
>>>>>
>>>>> I would like to know if there is a way to let a connected user -an
>>>>> admin- reconnect as another user -with less privilegies- without
>>>>> providing a password.
>>>>>
>>>>> The idea is to be able for a super user to see how exactly an
>>>>> application behaves with another user without knowing that user
>>>>> credentials.
>>>>>
>>>>> Thanks for any help.
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the keycloak-user mailing list