[katello-devel] Signo improvements discussion

Marek Hulan mhulan at redhat.com
Mon May 6 13:52:31 UTC 2013 

On Monday 06 of May 2013 09:14:51 Justin Sherrill wrote:
> On 05/06/2013 09:07 AM, Garik Khachikyan wrote:
> > On 06/05/13 14:59, Justin Sherrill wrote:
> >> On 05/06/2013 08:26 AM, Bryan Kearney wrote:
> >>> On 05/06/2013 07:59 AM, Marek Hulan wrote:
> >>>> Hi all,
> >>>> 
> >>>> I received some feedback (the biggest from Garik) about Signo
> >>>> application.
> >>>> Although it seems to work by technical side it would be nice add
> >>>> some other
> >>>> features. Here is the list to discuss:
> >>>> 
> >>>> # Application information
> >>>> 
> >>>> We could display information about from which application user is
> >>>> coming to
> >>>> Signo, so he knows what is he logging in to. Note that user might
> >>>> get false
> >>>> idea that he is logging just into Katello however logging into
> >>>> Signo means
> >>>> also logging in into Foreman. Garik suggested displaying name,
> >>>> version,
> >>>> favicon and logo from that application you are coming from so it
> >>>> would look
> >>>> like as Katello login page (for Katello). What do others think?
> >>>> This would
> >>>> also mean for every external application to be supported in Signo
> >>>> (to display
> >>>> its graphics to avoid remote linking https problems etc.). I would
> >>>> find useful
> >>>> just to display name of the application that you came from. Also we
> >>>> should
> >>>> keep in mind security and possibility of forging this information.
> >>>> 
> >>>> # Logout page
> >>>> 
> >>>> Logout in Katello shows logout page that informs you about
> >>>> successful logout
> >>>> and displaying you a link to login again. Garik suggested to remove
> >>>> this page
> >>>> so user does not have to click link in order to login again. It
> >>>> would mean to
> >>>> go to Signo login page again with no notification of logout. I
> >>>> don't think
> >>>> users are logging out and in too often so I would leave that link
> >>>> there even
> >>>> when logout page itself has small information value. Comments? FYI
> >>>> on Foreman
> >>>> side there is no logout page so user is redirected to casual login
> >>>> page. He
> >>>> may login to foreman to enter any other foreman url. That's more or
> >>>> less 3rd
> >>>> possible way.
> >>> 
> >>> No Opinions.
> >>> 
> >>>> # Katello - configurable login page
> >>>> 
> >>>> We now force users to use Signo if it's set in katello.yml and
> >>>> fallback to
> >>>> plain login form only if OpenID auth fails. However user may want
> >>>> to decide
> >>>> which way he wants to use. Either SSO via Signo or plain login
> >>>> form. This
> >>>> could work and be configurable until we extract user logic from
> >>>> Katello to
> >>>> Signo. Again do we want to allow users to decide or "we know
> >>>> better"? :-)
> >>>> 
> >>>> If you have any other ideas what could make users confused or what
> >>>> to improve,
> >>>> please reply.
> >> 
> >> I'm not sure eventually if it makes sense for katello to provide its
> >> own login page?  If katello as a project is going to use Signo by
> >> default why not remove our own login form?
> >> 
> >> -Justin
> > 
> > It makes sense - at least for me as a user when I type:
> > https://<hostname>/katello I expect to see some home page specific to
> > that project (Katello for my case) - and not a general "yellow key"
> > with some text and login form. It will not provide me enough
> > confidence to enter my login/password there.
> > 
> > If we consider the enterprise version of Katello - it even would make
> > more sense to add there specific logo, text and version info.
> > 
> > Usually the home pages of each product/site are the first impression
> > one gets visiting to that page.
> > Showing the recent UI that we have now ...hm, not looks as the best
> > choice from my POV.
> > 
> > Garik
> 
> Completely agree.  Which is why if we as a project plan on using signo,
> why not customize it to 'look' like katello?    Its just insanity to
> support two different mechanisms to login.  Pick one and support it (and
> brand it with the project(s)).
> 
> -Justin

I agree that it's not intuitive in current state however customize it to 
'look' like Katello does not make sense to me either. Reason: Katello != 
Signo. You can use Signo for Foreman. Would it make sense to look as Katello 
when you want to login to Foreman? Signo could be used without Katello (not 
sure about whether it ever happen), in that case it would not make sense at 
all.

And a first bug report was wrongly created to Katello already even when it's 
related to Signo [1]. Wouldn't it lead to more confusions then?

[1]https://github.com/Katello/katello/issues/2164

-- 
Marek
> 
> >>> Nice to have, but I bet in most enterprise apps they would not
> >>> expose this option.
> >>> -- bk
> >>> 
> >>> _______________________________________________
> >>> katello-devel mailing list
> >>> katello-devel at redhat.com
> >>> https://www.redhat.com/mailman/listinfo/katello-devel
> >> 
> >> _______________________________________________
> >> katello-devel mailing list
> >> katello-devel at redhat.com
> >> https://www.redhat.com/mailman/listinfo/katello-devel
> 
> _______________________________________________
> katello-devel mailing list
> katello-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/katello-devel

More information about the katello-devel mailing list