At the end of the day any customer data is at the tip of a finger of an admin or other people who can see all they want with an sql statement or even easier sometimes. I've seen a big bank who had this feature implemented on their online banking website and it's been validated by all the security audits out there and it was really helpful.

Is there is a nice way to get this done with Keycloak ? 

Anyone has an idea !



On 17 Oct 2014, at 20:36, Stan Silvert <ssilvert@redhat.com> wrote:

On 10/17/2014 1:53 PM, Alexander Chriztopher wrote:
This is not an issue in our context as it is just to secure an application where admins are publishing data to users and they would like to make sure they are publishing the right thing and nothing more which otherwise would be a big security hole. Users on the other hand will upload documents for admins. 

There is nothing as such as bank accounts issues or private data issues as you mentioned.
I understand.  But Keycloak is also used by applications where those issues do exist.  



On 17 Oct 2014, at 19:07, Stan Silvert <ssilvert@redhat.com> wrote:

I see how that would be very useful but it would also be very, very dangerous.  You can't give the admin rights to just waltz into someone's bank account.

At the very least we would need a way for the user to give consent.

On 10/17/2014 11:00 AM, Alexander Chriztopher wrote:
Hi,

I would like to know if there is a way to let a connected user -an admin- reconnect as another user -with less privilegies- without providing a password.

The idea is to be able for a super user to see how exactly an application behaves with another user without knowing that user credentials.

Thanks for any help.


_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user

_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user