Re: [keycloak-user] Securing Application which is exposed to Guest Users
Let me clarify the work flow.
organizer is a keyclock user. he schedules a webinar and an invitation mail
will be sent to all participants(guest users). the mail will have
webinarid/webinar secret. When participants(guest users) visits webinar
portal it should ask for webinar Id/secret to authenticate.
How to achieve this with keycloak assuming two kinds of applications under
same realm?
Thanks
On Mon, Jan 18, 2016 at 1:58 PM, Naresh Kumar Reddy <pnreddy.svu(a)gmail.com>
wrote:
login is required but with custom fields like webinarId/webinar
secret
which are common for all guest users.
On Mon, Jan 18, 2016 at 1:45 PM, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
> Assuming by guest users you mean that no login is required then why does
> it need securing at all?
>
> On 16 January 2016 at 02:53, Naresh Kumar Reddy <pnreddy.svu(a)gmail.com>
> wrote:
>
>> Hi,
>>
>> We have two applications which provides webinar functionality.
>>
>> 1) Provisioning app-- Organizers provision webinar and manage their
>> account. Since organizers are Keycloak users, I can secure provisioning app
>> out of the box.
>>
>> 2) Webinar app-- The users of this app are organizers and participants.
>> Participants are no more provisioned as Keycloack users. Those are guest
>> users.
>>
>> My question is how do we secure second app with keyclock?
>>
>> * Note*: Both apps will be under same realm.
>>
>> Is there anyway to secure with custom field like webinarId which is
>> passed as a parameter?
>>
>> Or something better solution?
>>
>> Under same realm securing one app with keycloak users and other app with
>> custom authentication?
>>
>> Thanks for the great work.
>>
>>
>> Thanks & Regards
>> Naresh
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
Attachments:
- attachment.html (text/html — 3.3 KB)