Mailinglist Archive: opensuse-web (101 mails)
|< Previous||Next >|
Re: [opensuse-web] Fun with AccessManager
- From: "Matthew Ehle" <mehle@xxxxxxxxxx>
- Date: Tue, 20 Dec 2011 08:41:24 -0700
- Message-id: <4EF04A34.A0C9.firstname.lastname@example.org>
Hello,Christian Boltz <opensuse@xxxxxxxxx> 12/20/2011 6:16 AM >>>
I noticed some fun with AccessManager - using "Sign up" instead of
"Login" can be the better choice.
I'm already logged in on bugzilla.
If I now want to login to the wiki, I have two options:
a) click the "Login" link and re-type username and password (which makes
the cross-domain single sign-on quite useless)
b) click the "sign up" link and get logged in instantly (which is
better, but not obvious for the average user)
Is it possible to be logged in _automatically_ to the wiki if I'm
already logged in on bugzilla? (Or at least let the login box check in
the background if the user is already logged in elsewhere before forcing
him to re-type his username and password?)
This is actually a known issue, and is only temporary. This is not because of
Access Manager, per se, but the way in which we have to migrate. We are
running Access Manager in "migration mode", in which you have to log into
iChain before logging into Access Manager to retain SSO between the systems.
In this situation, Access Manager requires you to be logged into iChain for its
protected resources, but it's not necessarily true the other way around.
You actually give the perfect example of this, which is the example that I gave
to the project manager when describing this. When you log into Bugzilla, you
are logged into iChain because that is what protects Bugzilla right now. When
you then visit the wikis, Access Manager has no way to tell that you are
supposed to be logged in until you hit a protected resource, forcing it to work
through iChain. That's why merely hitting the "sign up" link logs you in.
As you can see, the problem only applies in a specific circumstance (first
logging into an iChain site, then visiting an AM site that's normally public
but can accept headers for logged in users). As we continue to migrate sites
to Access Manager, this will become less and less of an issue. For example, we
are moving Bugzilla to AM in early January. When that is done, you will no
longer see that problem with Bugzilla and the openSUSE sites.
When the transition is done and we are out of migration mode, this will not be
an issue for any sites.
|< Previous||Next >|