Account/Shibboleth: Converting from local to non-local #796
Comments
eaquigley
modified the milestones:
In Review - Dataverse 4.0,
Beta 7 (Permissions & Auth Branch) - Dataverse 4.0
mheppler
modified the milestones:
Beta 7 (Permissions & Auth Branch) - Dataverse 4.0,
Beta 8 - Dataverse 4.0
mheppler
added
the
UX & UI: Design
mheppler
changed the title
|
Workflow has been mocked up for all things Shibboleth. https://iqssharvard.mybalsamiq.com/projects/loginwithshibboleth/grid |
I mentioned this to @kevinfoote of TestShib fame. The larger issue, of course, is if we're going to run into any trouble by requiring email addresses. I'll run this by @bencomp and http://community.dataverse.org/community-groups/auth.html at some point. Probably I'll explain which attributes we're requiring; I think we're requiring four at the moment. Mental note: also explain the scenario where a user with a name of "Unknown" can be created if the Identity Provider doesn't provide name-related attributes. There was some internal chatter with @mcrosas about this. |
For the current list: #1495 (comment)
This is no longer possible because as of 979a59d the attributes "givenName" and "sn" are required as explained at #1495 (comment) |
|
Cleaned up the workflows for Shibboleth Account Converting and the Terms of Use on the Sign Up page. Added a few comments into the code on shib.xhtml, one in reference to a block of code with rendered="#{false}", asking if that can be removed, another two for validation messages that are hardcoded into the XHTML, rather that using the message block built into the dataverse_header, that can be utilized through the back end, as we went over in the Messaging party. Passing this back to @pdurbin to look into those, as well as make sure I didn't miss any workflows that needed cleaning up. |
I can reproduce this. Thanks for the heads up, @kcondon |
- prevent exception with null password - put messages in bundles - show name of institution in prompt to convert - removed cruft
|
Ok, I did some clean up and bug fixing in cf4cbef To address comments by @kcondon ...
This is expected an only happens with TestShib. I'm working with Harvard identity folks in INC01146005 so that hopefully soon we will be able to test with Identity Providers (IdPs) other than TestShib. @bencomp if you'd like to do some testing please let me know. We also put a general call out for Shib testing at http://datascience.iq.harvard.edu/blog/try-out-single-sign-shibboleth-40-beta ("f you run a Shibboleth Identity Provider...") and on dvn-auth so hopefully we can some day test with more IdPs.
The link was removed during consolidation of code to require acceptance of Terms of Use for all accounts in #972 . To be honest, I'm concerned about the usability of reading a 10 page document in that little window. @eaquigley is there a ticket to work further on this?
My bad. Now if you don't provide a password you should get "Accounts can only be converted if you provide the correct password for your existing account." To address comments by @mheppler ...I removed some cruft, for sure. Thanks. Buttons for both workflows said "Accept Terms and Convert Account" which didn't make sense to me so I added a second button label in the bundle for when users are creating a new account: "Accept Terms and Create Account". All text that was hard coded in the xhtml page has been moved to bundles. @eaquigley this means that you can edit at will if you don't like the wording! Oh, and I know you wanted "The email provided by Harvard University authentication" in the message and now that I've finished #1497 this possible. The message now reads:
Previously it said "your institution". Passing to QA. |
Oh, despite two messaging parties I'm still shaky on how to do this. @scolapasta please feel free to steal this out of QA if you'd like to have me work on this right now rather than post 4.0. |
|
OK, works, closing. @pdurbin We do not allow not converting btw but Gustavo said this was as designed. Closing. |
|
Here's how an account conversion from builtin/local to Shibboleth looked as of Dataverse 4.0: Step 1: Email match found, prompt to convert
Step 2: Account conversion successful
|
|
@pdurbin yesterday during the design review, having the user be brought to their account page when they first convert from local to non-local was brought up. is this the right issue to add it to? |
|
@eaquigley probably not since this issue has already gone through QA (though I link to this issue and mention that the feature needs to be re-QAed in the parent ticket at #2939). I just created #2952 to track this change. |
Once Shibboleth is supported in a production installation, we expect users with existing local accounts (migrated during an upgrade/migration from DVN 3.x to Dataverse 4.0) to want to convert their account from a local account to a Shibboleth account.
This ticket is about the UI/UX for the conversion. How do we suggest to users that they might want to convert? What do they click to initiate the conversion? Etc. For now I'm giving this to @mheppler since we talked through this a bit.
For reference, this idea was originally brought up as a comment on the auth design: eada005#commitcomment-6999710
The text was updated successfully, but these errors were encountered: