https://dev.entrouvert.org/https://dev.entrouvert.org/favicon.ico?15861920342014-09-08T09:34:38ZRedmine Entr’ouvertAuthentic 2 - Support #5407: Should Kerberos login happen without interaction?https://dev.entrouvert.org/issues/5407?journal_id=197042014-09-08T09:34:38ZBenjamin Dauvergne
<ul></ul><p>It currently works like that using the <code>autologin.js</code> script from <code>django-kerberos</code> but the user still see the login page for a few milliseconds. I could have used a middleware to login automatically on the AuthnRequest reception but it would become impossible to not login using Kerberos. The <code>autlogin.js</code> make an AJAX request on the Kerberos login view, which returns a JSON boolean value, if login succeed, a cookie is put to forbid autologin for the next 15 minutes.</p>
<p>If you do not want to login using your Kerberos account, you just need to logout and then you can see the login page without automatically logging in using Kerberos.</p> Authentic 2 - Support #5407: Should Kerberos login happen without interaction?https://dev.entrouvert.org/issues/5407?journal_id=197062014-09-08T09:40:07ZBenjamin Dauvergne
<ul><li><strong>Statut</strong> changé de <i>Nouveau</i> à <i>Résolu (à déployer)</i></li><li><strong>% réalisé</strong> changé de <i>0</i> à <i>100</i></li></ul><p>Appliqué par commit <a class="changeset" title="Export authentic2 version in the context processor (fixes #5407)" href="https://dev.entrouvert.org/projects/authentic/repository/authentic2/revisions/7b8c6573decd3184b7475feb2db8155c88217acf">7b8c6573decd3184b7475feb2db8155c88217acf</a>.</p> Authentic 2 - Support #5407: Should Kerberos login happen without interaction?https://dev.entrouvert.org/issues/5407?journal_id=197412014-09-09T07:46:26ZBenjamin Dauvergne
<ul><li><strong>Statut</strong> changé de <i>Résolu (à déployer)</i> à <i>Nouveau</i></li></ul> Authentic 2 - Support #5407: Should Kerberos login happen without interaction?https://dev.entrouvert.org/issues/5407?journal_id=226092014-11-21T18:11:35ZBenjamin Dauvergne
<ul><li><strong>Statut</strong> changé de <i>Nouveau</i> à <i>Fermé</i></li></ul><p>It seems to me I answered your worries, I close.</p> Authentic 2 - Support #5407: Should Kerberos login happen without interaction?https://dev.entrouvert.org/issues/5407?journal_id=226122014-11-21T18:34:19ZFrédéric Pétersfpeters@entrouvert.com
<ul></ul><p>I am not sure I have all my answers yet (sorry I missed the answer as that bug got automatically marked as resolved by an unrelated commit).</p>
<blockquote>
<p>(This may also imply that the Kerberos tab should never be displayed, as it would then only appear when the user doesn't have a ticket anyway)</p>
</blockquote>
<p>I don't want to open another ticket for nothing but I believe this report came because cresson.entrouvert.org has a login page with Kerberos & Password tabs (in that order, Kerberos being shown by default), and that Kerberos tab didn't make sense for me (if the user has a valid kerberos ticket he shouldn't be stopped on the page, and if he does not there's no sense in showing the kerberos tab).</p>
<p>I understand now there's stuff happening on the client-side (that autlogin.js thing) but this shouldn't interfere (in my opinion) with what's displayed on the login page, especially not disturbing the expected flow and having to select a different tab to enter credentials.</p> Authentic 2 - Support #5407: Should Kerberos login happen without interaction?https://dev.entrouvert.org/issues/5407?journal_id=226152014-11-21T19:03:39ZBenjamin Dauvergne
<ul><li><strong>Statut</strong> changé de <i>Fermé</i> à <i>Nouveau</i></li></ul><p>Ok I see your point now.</p>
<p>The tab is needed because you may to login with your ticket, but you may also want to login normally with a login/password to test something (or you using X509 or anything else). If we always login people automatically when they have some passive credential active (an X509 certificate or a Kerberos ticket) then they are locked in this mode of authentication. What I try to do with passive authentication method is to autologin on the first try then put a cookie so that if they logout immediately they can try another authentication method.</p>
<p>I should probably also set this cookie on the logout view or only on the logout view.</p>
<p>The Kerberos tab being before the login/password one is only related to the loading order of the different authentication methods, there is maybe a need for authentication methods to provide the order they want to be loaded (maybe just with an `after` version of the <code>get_auth_frontends()</code> method of the <code>Plugin</code> object).</p> Authentic 2 - Support #5407: Should Kerberos login happen without interaction?https://dev.entrouvert.org/issues/5407?journal_id=251012015-03-06T14:26:28ZBenjamin Dauvergne
<ul><li><strong>Statut</strong> changé de <i>Nouveau</i> à <i>Information nécessaire</i></li></ul><p>The Kerberos tab on cresson is not shown first now, is the problem fixed for you ?</p> Authentic 2 - Support #5407: Should Kerberos login happen without interaction?https://dev.entrouvert.org/issues/5407?journal_id=252312015-03-06T15:35:21ZBenjamin Dauvergne
<ul><li><strong>Version cible</strong> mis à <i>future</i></li></ul> Authentic 2 - Support #5407: Should Kerberos login happen without interaction?https://dev.entrouvert.org/issues/5407?journal_id=383762015-12-07T16:35:42ZBenjamin Dauvergne
<ul><li><strong>Echéance</strong> mis à <i>31 mars 2016</i></li></ul> Authentic 2 - Support #5407: Should Kerberos login happen without interaction?https://dev.entrouvert.org/issues/5407?journal_id=383852015-12-07T17:06:11ZBrice Mallet
<ul><li><strong>Assigné à</strong> mis à <i>Benjamin Dauvergne</i></li></ul> Authentic 2 - Support #5407: Should Kerberos login happen without interaction?https://dev.entrouvert.org/issues/5407?journal_id=383882015-12-07T18:25:19ZBenjamin Dauvergne
<ul></ul><p>Kerberos tab should only appear when the <code>a2_just_logged_out</code> cookie is present (as Kerberos login should be automatic).</p> Authentic 2 - Support #5407: Should Kerberos login happen without interaction?https://dev.entrouvert.org/issues/5407?journal_id=383892015-12-07T18:25:37ZBenjamin Dauvergne
<ul><li><strong>Statut</strong> changé de <i>Information nécessaire</i> à <i>Nouveau</i></li><li><strong>Version cible</strong> changé de <i>future</i> à <i>2.2.0</i></li></ul> Authentic 2 - Support #5407: Should Kerberos login happen without interaction?https://dev.entrouvert.org/issues/5407?journal_id=439572016-03-08T12:35:27ZBenjamin Dauvergne
<ul><li><strong>Statut</strong> changé de <i>Nouveau</i> à <i>Solution déployée</i></li></ul><p>It's fixed in release 1.1.0 of authentic2-auth-kerberos.</p> Authentic 2 - Support #5407: Should Kerberos login happen without interaction?https://dev.entrouvert.org/issues/5407?journal_id=928982017-12-06T14:28:16ZBenjamin Dauvergne
<ul><li><strong>Statut</strong> changé de <i>Solution déployée</i> à <i>Fermé</i></li></ul>