Draft: Use Keycloak for Guest users / Lightweight Users

[micbar]

Description

One of the long standing requests by admins is if OpenCloud can support guest users. In the past, this was often discussed as "we can add an external user during sharing" (this user has been provisioned on the fly and got an invite link)

Current Situation

OpenCloud has no "invite external" user feature. But something similar can be achieved with Keycloak

Adding Keycloak Admins for the OpenCloud Realm

Assign some roles to the user

User dennis can login as Realm admin

https://keycloak.keycloak-daily.opencloud.rocks/admin/openCloud/console/#/openCloud

Dennis is now User / Group Admin

Dennis can add users and groups and assign users to roles and groups.

Tip

The default Keycloak Role Assignment should be OpenCloudGuest. In this case, newly added users get no personal space, which fulfils the Use case for Guest / Lightweight user

Invite a user

You can choose mandatory actions for the user:

Set the initial password

Guest Users First Login

Required Action: Change Password

Required Action: Update Profile

Required Action: Verify Email

Successful Login: No Personal Space

Self Registration

You can also enable Self Registration. That allows any user to register in self service. You need to enable it on the desired Realm:

Enable Self Registration

Login View

Register Form

Success

[Svanvith]

My struggle here is, where should dennis login?

Im testing it local and when I try to login on keycloak.opencloud.test` he cannot login

When I'm using https://keycloak.opencloud.test/admin/openCloud/console/#/openCloud it works.

But what is the difference and where does Dennis find the second link?

The other things working as described :) @micbar

[Svanvith]

#421