Child pages
  • Library Wiki WAYF
Skip to end of metadata
Go to start of metadata

Overview

This document covers configuration and UI for the Library Wiki Where Are You From (WAYF) discovery service page.

Current Implementations

Note

If you are already logged into the production or dev Library wikis or the UCLA wiki, you will not see the WAYF page when you click on the links above.

Comments

This comment thread started prior to this page, so I am putting it here for completeness. All subsequent comments should be done via the comment mechanism.

On Jan 6, 2011, at 10:25 AM, Quaeler, Loki wrote:

wrt the second link – isn’t “remember for session” kind of hinky? it’s a SSO, so it’s going to remember who’s logged in under what authentication system for a session-length no matter what – no?

Yea, it is confusing. Session in this case means, "until you quit your browser". This is default WAYF behavior for this app, so I can change the wording, or just have two options, Never and 30 days. Or we could have Never, 1 day, 7 days, 30 days, etc. I am open to suggestions.

You can look at the default, out-of-the-box version by doing the following:

1) Go to: https://spaces.ais.ucla.edu/dashboard.action
2) Click on "Log In" in the upper right-hand corner

-lucas

On Jan 6, 2011, at 10:42 AM, Quaeler, Loki wrote:

hmmm.. if you’re going to have a length like 30 days, it seems like there would need be some way for the user to clear that choice on day 22, for example. following from that, if you have a way for the user to clear the choice, it seems like the remember could just be boiled down to a checkbox ala ‘remember my choice’.

if there’s no way to clear the choice, the login UI could be modified to always have the pulldown, have the pulldown on the same page as one enters their credentials, and have the pulldown pre-selected to the last chosen on successful login value. (and scrap the ‘remember’ or not).

thoughts?

  • No labels

5 Comments

  1. I think creating the ability for the user to clear the choice might be a good idea (as I have wanted to do that in the past with the UCLA wiki). A simple page could be made that just clears the cookie, but the only issue is how do you tell the user where to go to do this?

    Modifying the login page is not really an option because there will be at least 12 different login pages for the wiki, and at some point we (the Library) will not control any of them. However, preselecting the pulldown to be the last choice (which is how Moodle works) might just be the best choice. For the absolute majority of users, i.e., people from UCSF, the first choice in the list (once the Library IdP is out of the picture) will be the only choice anyway: MyAccess.

    So, where does this leave us?

    1. When you say '12 different login pages' - is this because there will be a login page unique to each IdP?

      1. Correct, each UC school plus OP (which makes 11) has their own IdP. Zach is also talking to Kirk about the possibility of perhaps adding Boston University (as we have a lot of guests from there), and maybe some other schools, too. As you can see in the UCLA example, there are well over 100 choices, and each of those brings the user to their institution's login page. And we have no control over what happens on each of those pages.

        1. Hmm... it's a shame that there is no behind the scenes standardized way in which we could pass the credentials to remote sites; were we able to do this, a single page could gather the unique id, password, and destination IdP and then pass those to the specific institution as necessary..

          not being able to implement something like that, i'd vote for the pre-selected pulldown option cited in your root comment.

          1. I would say I am glad there is no standardized why of passing around credentials. Having random websites collect credentials is a security problem, for several reasons (exposure, trust, and phishing come quickly to mind). Ideally, credentials should never leave a user's workstation (possible with Kerberos), so anything short of that should minimize the exposure of those credentials to sites, i.e., there should be only one or two* places where a user ever enters his/her credential. *One place being a web authentication system, and the other being a fat-client authentication system, like workstation logon.

            I do like the pre-selected option (based on your previous choice) as well, and will see how to implement that.

            Thanks for your feedback on this!