[keycloak-user] Log as a group feature

Fabien SINTES sintes at amitel.fr
Wed Jun 7 19:30:35 EDT 2017


Hello,


I'm looking for an IAM SSO system with the following feature, I'm just Learning about open id connect... :


I need to allow a user to "log as a group" and inform the client (remote web site). 


It seems not possible with keyloak but I would happy to find a solution (other iam allow this feature but I would prefere redhat support).


I think I could add an information in the json token witch would mean "I am fabien, I am member of this groups and I want you to identify me as FinancialGroup". With json information like user:fabien, impersonation:FinancialGroup....


The client (remote web site) would read json information and will authenticate the user fabien but using his group to identify the user for different internal actions.


Do you think it is Something possible and a good practice ?!


In this case, it is also needed to custom login page to permit the user to choose this option "user:... , pwd..., login as...". And the combo box for "login as" should list the user groups available. Is it possible ?


Sorry for my English...


Thank you very much.


Fabien


More information about the keycloak-user mailing list