Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
jujugui login should not show "Login with USSO" w/o an external identity config #2360
Comments
hatched
added
the
enhancement
label
Jan 26, 2017
|
I agree, we need to obtain that information from the controller before authenticating. I am not sure we ever want to hide the ability to log in with username and passwd: as an admin of that controller, or just as a local user, I might want to use both auth paths. |
|
True enough on the might want to use the username/password, but if an external provider is there I think it might be worth at least hiding it behind a "local user login" link or something that's there, but non-obvious. If someone has setup external identity support I feel like the local would be the exception to the rule vs the default use case. |
|
If controller is set up with identity provider and fields are empty when one clicks login, then we can use that as a cue to go to that external provider and not bother with local users. If fields are non-empty, we take it as a local user. And we can only live with one login button. |
|
My concern with that plan is that will users know to not both typing in a password to level the external identity? |
|
We can give visual hints. Empty fields, button shows "login with sso", and fields could have greyish background text "login as local user". Once user types something into username field, button shows "local user login". Something along these lines. |
This was referenced Jan 27, 2017
|
We don't currently have the information required for knowing if we can hide the Login with USSO button. In the meanwhile, we could certainly do better UX wise, for instance by separating the login mask in two section, for instance the userpass inputs + the traditional login button on the left, a more structured/explained USSO section on the right. |
frankban
assigned
anthonydillon
Mar 3, 2017
frankban
added
the
UI
label
Mar 3, 2017
frankban
added this to the
gorgeous garak milestone
Mar 3, 2017
anthonydillon
assigned
spencerbygraves
and unassigned
anthonydillon
Mar 3, 2017
frankban
modified the milestones:
intrepid ishka,
gorgeous garak
Apr 7, 2017
frankban
modified the milestones:
kinky kirk,
intrepid ishka
May 25, 2017
hatched
modified the milestones:
kinky kirk,
loyal la forge
Jul 11, 2017
hatched
modified the milestones:
loyal la forge - 2.8.0,
massive morn
Aug 1, 2017
|
@wallyworld is working on adding the ability to make anonymous API calls to Juju. This is done as part of the CMR work. Maybe this can be extended to include the information that we need here? |
mitechie commentedJan 26, 2017
When you go to log into the Juju GUI you have two buttons as options, "Login" and "Login with USSO". However, the second button is only valid if you have an external identity provider. In fact, in that case you shouldn't have the option to enter the username/password really as you need to go through the external identity provider in order to log in anyway.
I propose that the Juju GUI gain access to if an external identity provider is provided as part of the controller config [1] and updates the login UX accordingly. In this way users are guided towards success.
This may require an updated to the Juju controller and perhaps we'll need some usable api call to provide what type of authentications are available on this controller if we cannot make an unauthorized api call to the controller in order to get the basic controller config. It seems like this is reasonable public knowledge data that one should be able to get before auth.
1: https://lists.ubuntu.com/archives/juju/2016-September/007843.html