[keycloak-user] Securing Application which is exposed to Guest Users
Naresh Kumar Reddy
pnreddy.svu at gmail.com
Mon Jan 18 08:03:20 EST 2016
Thank you. I will have a look.
On Mon, Jan 18, 2016 at 3:13 PM, Stian Thorgersen <sthorger at redhat.com>
wrote:
> What Thomas said. Just remove the account role from the webinar user and
> they can't use account management.
>
> You can use authentication flows to customize the authentication flow. As
> a first execution in the flow you check if the app is the webinar app, if
> it is then don't include the cookie authenticator, but add a custom one
> that asks for webinar id + secret. If it's not the webinar app then just
> continue the default flow.
>
> On 18 January 2016 at 10:02, Thomas Darimont <
> thomas.darimont at googlemail.com> wrote:
>
>> Hello,
>>
>> you could just create a new keycloak user per webinar with:
>> webinar id = username
>> webinar secret = password
>> ?
>>
>> Your real users would then just authenticate with those credentials -
>> though you'd probably need to disable account management for them (and some
>> other self-service operations).
>> If you add a user indiviual code to the login url that you send to you
>> users then you can associate the login with the actual user (e.g. the email
>> address this link was generated for etc.).
>>
>> Another option would be to generate a bunch of keycloak users with a
>> limited lifetime, e.g. for the duration of the webinar + x.
>> When the time is up you could deactivate the users.
>> In that model you would simply store the email address for each user with
>> the actual keycloak user.
>> This would enable you to send a concluding "thank you email" and perform
>> some analytics on which individual user did what during the webinar.
>> Once you're done with you analysis you could delete the users.
>>
>> Cheers,
>> Thomas
>>
>> 2016-01-18 9:34 GMT+01:00 Naresh Kumar Reddy <pnreddy.svu at gmail.com>:
>>
>>> Let me clarify the work flow.
>>>
>>> organizer is a keyclock user. he schedules a webinar and an invitation
>>> mail will be sent to all participants(guest users). the mail will have
>>> webinarid/webinar secret. When participants(guest users) visits webinar
>>> portal it should ask for webinar Id/secret to authenticate.
>>>
>>> How to achieve this with keycloak assuming two kinds of applications
>>> under same realm?
>>>
>>> Thanks
>>>
>>> On Mon, Jan 18, 2016 at 1:58 PM, Naresh Kumar Reddy <
>>> pnreddy.svu at gmail.com> wrote:
>>>
>>>> login is required but with custom fields like webinarId/webinar secret
>>>> which are common for all guest users.
>>>>
>>>> On Mon, Jan 18, 2016 at 1:45 PM, Stian Thorgersen <sthorger at redhat.com>
>>>> wrote:
>>>>
>>>>> Assuming by guest users you mean that no login is required then why
>>>>> does it need securing at all?
>>>>>
>>>>> On 16 January 2016 at 02:53, Naresh Kumar Reddy <pnreddy.svu at gmail.com
>>>>> > wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> We have two applications which provides webinar functionality.
>>>>>>
>>>>>> 1) Provisioning app-- Organizers provision webinar and manage their
>>>>>> account. Since organizers are Keycloak users, I can secure provisioning app
>>>>>> out of the box.
>>>>>>
>>>>>> 2) Webinar app-- The users of this app are organizers and
>>>>>> participants. Participants are no more provisioned as Keycloack users.
>>>>>> Those are guest users.
>>>>>>
>>>>>> My question is how do we secure second app with keyclock?
>>>>>>
>>>>>> * Note*: Both apps will be under same realm.
>>>>>>
>>>>>> Is there anyway to secure with custom field like webinarId which is
>>>>>> passed as a parameter?
>>>>>>
>>>>>> Or something better solution?
>>>>>>
>>>>>> Under same realm securing one app with keycloak users and other app
>>>>>> with custom authentication?
>>>>>>
>>>>>> Thanks for the great work.
>>>>>>
>>>>>>
>>>>>> Thanks & Regards
>>>>>> Naresh
>>>>>>
>>>>>> _______________________________________________
>>>>>> keycloak-user mailing list
>>>>>> keycloak-user at lists.jboss.org
>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160118/b46038f2/attachment.html
More information about the keycloak-user
mailing list