** Also affects: loco-directory
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of loco-
directory-dev, which is the registrant for LoCo Team Directory.
https://bugs.launchpad.net/bugs/600583
Title:
Enable user-controlled auto-login
Status in Canonical SSO provider:
Confirmed
Status in LoCo Team Directory:
New
Bug description:
Auto-login is currently a feature for trusted sites only and cannot be
controlled by our users for their favourite sites. We also
implemented check_immediate for trusted sites in bug #449708. We
should add a feature to enable users to auto-login to any site they
visit and subsequently control these settings.
Some initial suggestions:
* Limit server-controlled auto-login to trusted SSO sites (see bug #600224)
ie: all trusted SSO sites automatically get auto-login - it doesn't have to be
enabled because it's assumed to be part of the full SSO experience.
* Add a "Log me in to this site automatically" checkbox near the login
button on the openid confirmation page. This should be unchecked by default.
When checked, subsequent logins should happen using the existing auto-login
code, except...
* If the information requested by the consumer is added to (not removed from
- we don't need to inform the user of less info than originally approved being
sent) then we should not auto-login. The new info will be clearly identified
(see bug #121533). The "Log me in to this site automatically" checkbox should
be checked by default so the auto-login continues to work next time, unless the
user changes their mind.
* We should add a "Sites" view which enables the user to manage all sites
they have logged in to, ever (so it should be paged, sorted by last login
date). This should enable them to set whether they can auto-login to the site
with a checkbox.
* A site which can auto-login should also be able to do check_immediate as
long as the requested info isn't added to since auto-login was set. Otherwise,
it should respond negatively forcing the user to have to confirm the change as
described above.
* Question: Should a user be able to change their auto-login preference for
a server-set auto-login (ie: trusted SSO site)?
To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-identity-provider/+bug/600583/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~loco-directory-dev
Post to : [email protected]
Unsubscribe : https://launchpad.net/~loco-directory-dev
More help : https://help.launchpad.net/ListHelp
