[keycloak-user] Securing Application which is exposed to Guest Users

Naresh Kumar Reddy pnreddy.svu at gmail.com
Mon Jan 18 03:28:51 EST 2016


login is required but with custom fields like webinarId/webinar secret
which are common for all guest users.

On Mon, Jan 18, 2016 at 1:45 PM, Stian Thorgersen <sthorger at redhat.com>
wrote:

> Assuming by guest users you mean that no login is required then why does
> it need securing at all?
>
> On 16 January 2016 at 02:53, Naresh Kumar Reddy <pnreddy.svu at gmail.com>
> wrote:
>
>> Hi,
>>
>> We have two applications which provides webinar functionality.
>>
>> 1) Provisioning app-- Organizers provision webinar and manage their
>> account. Since organizers are Keycloak users, I can secure provisioning app
>> out of the box.
>>
>> 2) Webinar app-- The users of this app are organizers and participants.
>> Participants are no more provisioned as Keycloack users. Those are guest
>> users.
>>
>>  My question is how do we secure second app with keyclock?
>>
>> * Note*: Both apps will be under same realm.
>>
>> Is there anyway to secure with custom field like webinarId which is
>> passed as a parameter?
>>
>> Or something better solution?
>>
>> Under same realm securing one app with keycloak users and other app with
>> custom authentication?
>>
>> Thanks for the great work.
>>
>>
>> Thanks & Regards
>> Naresh
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160118/ad6f9e24/attachment.html 


More information about the keycloak-user mailing list