[keycloak-user] Securing Application which is exposed to Guest Users
Thomas Darimont
thomas.darimont at googlemail.com
Mon Jan 18 04:02:19 EST 2016
Hello,
you could just create a new keycloak user per webinar with:
webinar id = username
webinar secret = password
?
Your real users would then just authenticate with those credentials -
though you'd probably need to disable account management for them (and some
other self-service operations).
If you add a user indiviual code to the login url that you send to you
users then you can associate the login with the actual user (e.g. the email
address this link was generated for etc.).
Another option would be to generate a bunch of keycloak users with a
limited lifetime, e.g. for the duration of the webinar + x.
When the time is up you could deactivate the users.
In that model you would simply store the email address for each user with
the actual keycloak user.
This would enable you to send a concluding "thank you email" and perform
some analytics on which individual user did what during the webinar.
Once you're done with you analysis you could delete the users.
Cheers,
Thomas
2016-01-18 9:34 GMT+01:00 Naresh Kumar Reddy <pnreddy.svu at gmail.com>:
> Let me clarify the work flow.
>
> organizer is a keyclock user. he schedules a webinar and an invitation
> mail will be sent to all participants(guest users). the mail will have
> webinarid/webinar secret. When participants(guest users) visits webinar
> portal it should ask for webinar Id/secret to authenticate.
>
> How to achieve this with keycloak assuming two kinds of applications under
> same realm?
>
> Thanks
>
> On Mon, Jan 18, 2016 at 1:58 PM, Naresh Kumar Reddy <pnreddy.svu at gmail.com
> > wrote:
>
>> login is required but with custom fields like webinarId/webinar secret
>> which are common for all guest users.
>>
>> On Mon, Jan 18, 2016 at 1:45 PM, Stian Thorgersen <sthorger at redhat.com>
>> wrote:
>>
>>> Assuming by guest users you mean that no login is required then why does
>>> it need securing at all?
>>>
>>> On 16 January 2016 at 02:53, Naresh Kumar Reddy <pnreddy.svu at gmail.com>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> We have two applications which provides webinar functionality.
>>>>
>>>> 1) Provisioning app-- Organizers provision webinar and manage their
>>>> account. Since organizers are Keycloak users, I can secure provisioning app
>>>> out of the box.
>>>>
>>>> 2) Webinar app-- The users of this app are organizers and participants.
>>>> Participants are no more provisioned as Keycloack users. Those are guest
>>>> users.
>>>>
>>>> My question is how do we secure second app with keyclock?
>>>>
>>>> * Note*: Both apps will be under same realm.
>>>>
>>>> Is there anyway to secure with custom field like webinarId which is
>>>> passed as a parameter?
>>>>
>>>> Or something better solution?
>>>>
>>>> Under same realm securing one app with keycloak users and other app
>>>> with custom authentication?
>>>>
>>>> Thanks for the great work.
>>>>
>>>>
>>>> Thanks & Regards
>>>> Naresh
>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>
>>>
>>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160118/11ca7f3b/attachment.html
More information about the keycloak-user
mailing list