Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

Excerpt
hiddentrue

Non-interactive login. LoginConfig.

Meeting meta information

a Monday. Met 9:30 am to 10:30 am.

...

  • Agenda item: Andrew reported on speculative design and implementation of non-interactive user login.

Next meeting

Next meeting will be Wed 03.09. Andrew will report on actual code implementing the topics discussed today. We will also discuss ACAS.

Explanation of whiteboard

Attached is screenshot of whiteboard.

...

Asking the LoginConfig about sufficiency of Authentication, gateway mode, and warn mode, provides an important extension point. Advanced implementations of the RequestToLoginConfig "factory" of LoginConfigs and of LoginConfigs themselves might implement such rules as "Never allow Single Sign On from the IP addresses of known kiosks"

The players

Revisiting the particular interfaces used here:. In general the LoginConfig could consider where the request seems to be coming from (looks like a kiosk), user preferences based on persistent browser cookie (SSO opt-in cookie was present or opt-out-of-SSO cookie was not present), user preferences based on authenticated identity (we know awp9 has opted out of privacy), service preferences (we know the service for which we're trying to issue a ST will accept nothing less than a client cert along with username password along with NTLM authentication).