[katello-devel] Signo improvements discussion

Bryan Kearney bkearney at redhat.com
Mon May 6 12:26:36 UTC 2013 

On 05/06/2013 07:59 AM, Marek Hulan wrote:
> Hi all,
>
> I received some feedback (the biggest from Garik) about Signo application.
> Although it seems to work by technical side it would be nice add some other
> features. Here is the list to discuss:
>
> # Application information
>
> We could display information about from which application user is coming to
> Signo, so he knows what is he logging in to. Note that user might get false
> idea that he is logging just into Katello however logging into Signo means
> also logging in into Foreman. Garik suggested displaying name, version,
> favicon and logo from that application you are coming from so it would look
> like as Katello login page (for Katello). What do others think? This would
> also mean for every external application to be supported in Signo (to display
> its graphics to avoid remote linking https problems etc.). I would find useful
> just to display name of the application that you came from. Also we should
> keep in mind security and possibility of forging this information.
>
> # Logout page
>
> Logout in Katello shows logout page that informs you about successful logout
> and displaying you a link to login again. Garik suggested to remove this page
> so user does not have to click link in order to login again. It would mean to
> go to Signo login page again with no notification of logout. I don't think
> users are logging out and in too often so I would leave that link there even
> when logout page itself has small information value. Comments? FYI on Foreman
> side there is no logout page so user is redirected to casual login page. He
> may login to foreman to enter any other foreman url. That's more or less 3rd
> possible way.

No Opinions.

>
> # Katello - configurable login page
>
> We now force users to use Signo if it's set in katello.yml and fallback to
> plain login form only if OpenID auth fails. However user may want to decide
> which way he wants to use. Either SSO via Signo or plain login form. This
> could work and be configurable until we extract user logic from Katello to
> Signo. Again do we want to allow users to decide or "we know better"? :-)
>
> If you have any other ideas what could make users confused or what to improve,
> please reply.
>

Nice to have, but I bet in most enterprise apps they would not expose 
this option.
-- bk

More information about the katello-devel mailing list