Assuming by guest users you mean that no login is required then why does it need securing at all? On 16 January 2016 at 02:53, Naresh Kumar Reddy <pnreddy.svu(a)gmail.com&gt; wrote: > Hi, > > We have two applications which provides webinar functionality. > > 1) Provisioning app-- Organizers provision webinar and manage their > account. Since organizers are Keycloak users, I can secure provisioning app > out of the box. > > 2) Webinar app-- The users of this app are organizers and participants. > Participants are no more provisioned as Keycloack users. Those are guest > users. > > My question is how do we secure second app with keyclock? > > * Note*: Both apps will be under same realm. > > Is there anyway to secure with custom field like webinarId which is > passed as a parameter? > > Or something better solution? > > Under same realm securing one app with keycloak users and other app with > custom authentication? > > Thanks for the great work. > > > Thanks & Regards > Naresh > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user >

Let me clarify the work flow. organizer is a keyclock user. he schedules a webinar and an invitation mail will be sent to all participants(guest users). the mail will have webinarid/webinar secret. When participants(guest users) visits webinar portal it should ask for webinar Id/secret to authenticate. How to achieve this with keycloak assuming two kinds of applications under same realm? Thanks On Mon, Jan 18, 2016 at 1:58 PM, Naresh Kumar Reddy <pnreddy.svu(a)gmail.com > wrote: > login is required but with custom fields like webinarId/webinar secret > which are common for all guest users. > > On Mon, Jan 18, 2016 at 1:45 PM, Stian Thorgersen <sthorger(a)redhat.com&gt; > wrote: > >> Assuming by guest users you mean that no login is required then why does >> it need securing at all? >> >> On 16 January 2016 at 02:53, Naresh Kumar Reddy <pnreddy.svu(a)gmail.com&gt; >> wrote: >> >>> Hi, >>> >>> We have two applications which provides webinar functionality. >>> >>> 1) Provisioning app-- Organizers provision webinar and manage their >>> account. Since organizers are Keycloak users, I can secure provisioning app >>> out of the box. >>> >>> 2) Webinar app-- The users of this app are organizers and participants. >>> Participants are no more provisioned as Keycloack users. Those are guest >>> users. >>> >>> My question is how do we secure second app with keyclock? >>> >>> * Note*: Both apps will be under same realm. >>> >>> Is there anyway to secure with custom field like webinarId which is >>> passed as a parameter? >>> >>> Or something better solution? >>> >>> Under same realm securing one app with keycloak users and other app >>> with custom authentication? >>> >>> Thanks for the great work. >>> >>> >>> Thanks & Regards >>> Naresh >>> >>> _______________________________________________ >>> keycloak-user mailing list >>> keycloak-user(a)lists.jboss.org >>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>> >> >> > _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user

What Thomas said. Just remove the account role from the webinar user and they can't use account management. You can use authentication flows to customize the authentication flow. As a first execution in the flow you check if the app is the webinar app, if it is then don't include the cookie authenticator, but add a custom one that asks for webinar id + secret. If it's not the webinar app then just continue the default flow. On 18 January 2016 at 10:02, Thomas Darimont < thomas.darimont(a)googlemail.com&gt; wrote: > Hello, > > you could just create a new keycloak user per webinar with: > webinar id = username > webinar secret = password > ? > > Your real users would then just authenticate with those credentials - > though you'd probably need to disable account management for them (and some > other self-service operations). > If you add a user indiviual code to the login url that you send to you > users then you can associate the login with the actual user (e.g. the email > address this link was generated for etc.). > > Another option would be to generate a bunch of keycloak users with a > limited lifetime, e.g. for the duration of the webinar + x. > When the time is up you could deactivate the users. > In that model you would simply store the email address for each user with > the actual keycloak user. > This would enable you to send a concluding "thank you email" and perform > some analytics on which individual user did what during the webinar. > Once you're done with you analysis you could delete the users. > > Cheers, > Thomas > > 2016-01-18 9:34 GMT+01:00 Naresh Kumar Reddy <pnreddy.svu(a)gmail.com&gt;: > >> Let me clarify the work flow. >> >> organizer is a keyclock user. he schedules a webinar and an invitation >> mail will be sent to all participants(guest users). the mail will have >> webinarid/webinar secret. When participants(guest users) visits webinar >> portal it should ask for webinar Id/secret to authenticate. >> >> How to achieve this with keycloak assuming two kinds of applications >> under same realm? >> >> Thanks >> >> On Mon, Jan 18, 2016 at 1:58 PM, Naresh Kumar Reddy < >> pnreddy.svu(a)gmail.com&gt; wrote: >> >>> login is required but with custom fields like webinarId/webinar secret >>> which are common for all guest users. >>> >>> On Mon, Jan 18, 2016 at 1:45 PM, Stian Thorgersen <sthorger(a)redhat.com&gt; >>> wrote: >>> >>>> Assuming by guest users you mean that no login is required then why >>>> does it need securing at all? >>>> >>>> On 16 January 2016 at 02:53, Naresh Kumar Reddy <pnreddy.svu(a)gmail.com >>>> > wrote: >>>> >>>>> Hi, >>>>> >>>>> We have two applications which provides webinar functionality. >>>>> >>>>> 1) Provisioning app-- Organizers provision webinar and manage their >>>>> account. Since organizers are Keycloak users, I can secure provisioning app >>>>> out of the box. >>>>> >>>>> 2) Webinar app-- The users of this app are organizers and >>>>> participants. Participants are no more provisioned as Keycloack users. >>>>> Those are guest users. >>>>> >>>>> My question is how do we secure second app with keyclock? >>>>> >>>>> * Note*: Both apps will be under same realm. >>>>> >>>>> Is there anyway to secure with custom field like webinarId which is >>>>> passed as a parameter? >>>>> >>>>> Or something better solution? >>>>> >>>>> Under same realm securing one app with keycloak users and other app >>>>> with custom authentication? >>>>> >>>>> Thanks for the great work. >>>>> >>>>> >>>>> Thanks & Regards >>>>> Naresh >>>>> >>>>> _______________________________________________ >>>>> keycloak-user mailing list >>>>> keycloak-user(a)lists.jboss.org >>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>>> >>>> >>>> >>> >> >> _______________________________________________ >> keycloak-user mailing list >> keycloak-user(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-user >> > >