[keycloak-user] Connect as another user
Alexander Chriztopher
alexander.chriztopher at gmail.com
Mon Oct 20 04:51:49 EDT 2014
thanks for your help.
On Sun, Oct 19, 2014 at 3:05 PM, Bill Burke <bburke at redhat.com> wrote:
> No easy way to do this. Our roadmap is pretty full at the moment so
> we'd need the community to help out.
>
> On 10/18/2014 1:25 PM, Alexander Chriztopher wrote:
> > At the end of the day any customer data is at the tip of a finger of an
> > admin or other people who can see all they want with an sql statement or
> > even easier sometimes. I've seen a big bank who had this feature
> > implemented on their online banking website and it's been validated by
> > all the security audits out there and it was really helpful.
> >
> > Is there is a nice way to get this done with Keycloak ?
> >
> > Anyone has an idea !
> >
> >
> >
> > On 17 Oct 2014, at 20:36, Stan Silvert <ssilvert at redhat.com
> > <mailto:ssilvert at redhat.com>> wrote:
> >
> >> On 10/17/2014 1:53 PM, Alexander Chriztopher wrote:
> >>> This is not an issue in our context as it is just to secure an
> >>> application where admins are publishing data to users and they would
> >>> like to make sure they are publishing the right thing and nothing
> >>> more which otherwise would be a big security hole. Users on the other
> >>> hand will upload documents for admins.
> >>>
> >>> There is nothing as such as bank accounts issues or private data
> >>> issues as you mentioned.
> >> I understand. But Keycloak is also used by applications where those
> >> issues do exist.
> >>>
> >>>
> >>>
> >>> On 17 Oct 2014, at 19:07, Stan Silvert <ssilvert at redhat.com
> >>> <mailto:ssilvert at redhat.com>> wrote:
> >>>
> >>>> I see how that would be very useful but it would also be very, very
> >>>> dangerous. You can't give the admin rights to just waltz into
> >>>> someone's bank account.
> >>>>
> >>>> At the very least we would need a way for the user to give consent.
> >>>>
> >>>> On 10/17/2014 11:00 AM, Alexander Chriztopher wrote:
> >>>>> Hi,
> >>>>>
> >>>>> I would like to know if there is a way to let a connected user -an
> >>>>> admin- reconnect as another user -with less privilegies- without
> >>>>> providing a password.
> >>>>>
> >>>>> The idea is to be able for a super user to see how exactly an
> >>>>> application behaves with another user without knowing that user
> >>>>> credentials.
> >>>>>
> >>>>> Thanks for any help.
> >>>>>
> >>>>>
> >>>>> _______________________________________________
> >>>>> keycloak-user mailing list
> >>>>> keycloak-user at lists.jboss.org
> >>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>>>
> >>>> _______________________________________________
> >>>> keycloak-user mailing list
> >>>> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
> >>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>
> >
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20141020/95373d1c/attachment.html
More information about the keycloak-user
mailing list