ubuntu-bengali-manual team mailing list archive
-
ubuntu-bengali-manual team
-
Mailing list archive
-
Message #04655
[Bug 600583] Re: Enable user-controlled auto-login
** Also affects: loco-directory
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bengali Manual, which is subscribed to LoCo Team Directory.
https://bugs.launchpad.net/bugs/600583
Title:
Enable user-controlled auto-login
Status in Canonical SSO provider:
Confirmed
Status in LoCo Team Directory:
New
Bug description:
Auto-login is currently a feature for trusted sites only and cannot be
controlled by our users for their favourite sites. We also
implemented check_immediate for trusted sites in bug #449708. We
should add a feature to enable users to auto-login to any site they
visit and subsequently control these settings.
Some initial suggestions:
* Limit server-controlled auto-login to trusted SSO sites (see bug #600224) ie: all trusted SSO sites automatically get auto-login - it doesn't have to be enabled because it's assumed to be part of the full SSO experience.
* Add a "Log me in to this site automatically" checkbox near the login button on the openid confirmation page. This should be unchecked by default. When checked, subsequent logins should happen using the existing auto-login code, except...
* If the information requested by the consumer is added to (not removed from - we don't need to inform the user of less info than originally approved being sent) then we should not auto-login. The new info will be clearly identified (see bug #121533). The "Log me in to this site automatically" checkbox should be checked by default so the auto-login continues to work next time, unless the user changes their mind.
* We should add a "Sites" view which enables the user to manage all sites they have logged in to, ever (so it should be paged, sorted by last login date). This should enable them to set whether they can auto-login to the site with a checkbox.
* A site which can auto-login should also be able to do check_immediate as long as the requested info isn't added to since auto-login was set. Otherwise, it should respond negatively forcing the user to have to confirm the change as described above.
* Question: Should a user be able to change their auto-login preference for a server-set auto-login (ie: trusted SSO site)?
To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-identity-provider/+bug/600583/+subscriptions