[katello-devel] Signo improvements discussion
Miroslav Suchy
msuchy at redhat.com
Mon May 6 18:32:53 UTC 2013
On 6.5.2013 13:59, Marek Hulan wrote:
> # Application information
>
> We could display information about from which application user is coming to
> Signo, so he knows what is he logging in to. Note that user might get false
> idea that he is logging just into Katello however logging into Signo means
> also logging in into Foreman. Garik suggested displaying name, version,
> favicon and logo from that application you are coming from so it would look
> like as Katello login page (for Katello). What do others think? This would
> also mean for every external application to be supported in Signo (to display
> its graphics to avoid remote linking https problems etc.). I would find useful
Premature generalization.
You are able to support all applications which use Signo. And I think
this state will last few years.
> just to display name of the application that you came from. Also we should
> keep in mind security and possibility of forging this information.
Having Katello/Foreman string there instead of "unico signo" is
definitelly better.
> # Logout page
>
> Logout in Katello shows logout page that informs you about successful logout
> and displaying you a link to login again. Garik suggested to remove this page
> so user does not have to click link in order to login again. It would mean to
> go to Signo login page again with no notification of logout. I don't think
> users are logging out and in too often so I would leave that link there even
> when logout page itself has small information value. Comments? FYI on Foreman
> side there is no logout page so user is redirected to casual login page. He
> may login to foreman to enter any other foreman url. That's more or less 3rd
> possible way.
I always hated those empty pages with "you just have been logged". Just
stop displaing my name in upper right corner or redirect me to login
page and I know that I have been logged out (I was the one who requested
it) - no need to tell me it again.
> # Katello - configurable login page
>
> We now force users to use Signo if it's set in katello.yml and fallback to
> plain login form only if OpenID auth fails. However user may want to decide
> which way he wants to use. Either SSO via Signo or plain login form. This
> could work and be configurable until we extract user logic from Katello to
> Signo. Again do we want to allow users to decide or "we know better"?:-)
Why to maintain two login code? Let stick to Signo and remove the old code.
Mirek
More information about the katello-devel
mailing list