Univention Bugzilla – Bug 39459
fine tuning of SAML design
Last modified: 2019-01-03 07:20:39 CET
Currently a Single-Sign-On-Button is places in the top right of the UMC-Loginscreen. As this is related to the login it should be placed somewhere in the login dialog? My idea for a great user experience would be to add a toggle button [SSO on/off] in the login dialog and if it is activated: place a iframe with the login dialog of the IDP above the real UMC login dialog. If something changes inside of the iframe one could know if the login process was done successfully. If the hostname of the identity provider is not resolveable one could also hide the SSO feature completely. +++ This bug was initially created as a clone of Bug #39171 +++ The frontend must be adapted to make SSO login possible. * implement button or redirection to the service provider entrypoint at /umcp/saml/. * automated hiding of login dialog after successful SSO authentication (which redirects to UMC)
This would also help to improve the user experience if the frontend session renewal fails. Currently, the user is presented with the normal user/password login dialog. There is no way to get a new session from the IdP without losing the UMC session with all open tabs.
It also feels slow until the login dialog is shown initially.
This issue has been filled against UCS 4.1. The maintenance with bug and security fixes for UCS 4.1 has ended on 5st of April 2018. Customers still on UCS 4.1 are encouraged to update to UCS 4.3. Please contact your partner or Univention for any questions. If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.