Bug 39459 - fine tuning of SAML design
fine tuning of SAML design
Product: UCS
Classification: Unclassified
Component: SAML
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.1-x
Assigned To: UCS maintainers
Depends on: 39171
  Show dependency treegraph
Reported: 2015-10-02 14:03 CEST by Florian Best
Modified: 2019-01-03 07:20 CET (History)
3 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Design, Usability
Max CVSS v3 score:


Note You need to log in before you can comment on or make changes to this bug.
Description Florian Best univentionstaff 2015-10-02 14:03:31 CEST
Currently a Single-Sign-On-Button is places in the top right of the UMC-Loginscreen.

As this is related to the login it should be placed somewhere in the login dialog?
My idea for a great user experience would be to add a toggle button [SSO on/off] in the login dialog and if it is activated: place a iframe with the login dialog of the IDP above the real UMC login dialog. If something changes inside of the iframe one could know if the login process was done successfully.

If the hostname of the identity provider is not resolveable one could also hide the SSO feature completely.

+++ This bug was initially created as a clone of Bug #39171 +++

The frontend must be adapted to make SSO login possible.

* implement button or redirection to the service provider entrypoint at /umcp/saml/.
* automated hiding of login dialog after successful SSO authentication (which redirects to UMC)
Comment 1 Erik Damrose univentionstaff 2015-11-04 14:13:26 CET
This would also help to improve the user experience if the frontend session renewal fails. Currently, the user is presented with the normal user/password login dialog. There is no way to get a new session from the IdP without losing the UMC session with all open tabs.
Comment 2 Florian Best univentionstaff 2015-11-11 17:29:55 CET
It also feels slow until the login dialog is shown initially.
Comment 3 Stefan Gohmann univentionstaff 2019-01-03 07:20:39 CET
This issue has been filled against UCS 4.1. The maintenance with bug and security fixes for UCS 4.1 has ended on 5st of April 2018.

Customers still on UCS 4.1 are encouraged to update to UCS 4.3. Please contact
your partner or Univention for any questions.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.