Hi all,
I have implemented these proposed commonauth page changes. There are some
concerns about passing the username to the type 3 page form the type 2 page
or from the authenticator. We have discussed following ways and found
limitations in them.
1. Pass as data in POST request
- We can't do a POST here as this a direction from the server.
2. Pass as a query parameter.
- The username will be logged somewhere. It will create security
concerns.
3. Set as a temporary cookie
- If a customer is going to use a different domain to host
authentication web app, then the domains will differ.
4. Provide admin service to get the username using session id by the web
application.
- How to protect the access to that service.
Please share if there are any better ways to short this out. We are going
to stop further implementation on this until figure out a better solution.
thanks,
Senthalan
On Thu, Jun 7, 2018 at 6:43 PM Senthalan Kanagalingam <[email protected]>
wrote:
> Hi all,
>
> I am currently working on implementing Identifier first in authentication
> flow. This is not an authenticator. This will be like a pre-step which
> will get the hint(username) from the user and then continue the
> authentication steps. We can extend this to change the authentication flow
> based on the username (domain, user-store, tenant).
>
> To support this, we will have 3 type of login page which will be decided
> by a parameter passes to the basic authenticator in the authentication
> script.
>
> 1. The default one.
> 2. The default one without the password.
>
> [image: Screenshot from 2018-06-07 17-32-44.png]
> 3. Only the password box with signin button.
> [image: Screenshot from 2018-06-07 17-35-07.png]
>
> If the username is provided as a hint(or provided in reqest or found in
> the cookie), then basicauth will display type 3(or other authenticator
> decided using the hint). Else type 2 and then type 3.
>
> First I have planned to implement the login page changes. Because we are
> planned to implement getting user input in the authentication flow. So
> after that, we can implement getting the hint from the user.
>
> Please share your thoughts about this implementation.
>
> Thanks,
> Senthalan.
> --
>
> *Senthalan Kanagalingam*
> *Software Engineer - WSO2 Inc.*
> *Mobile : +94 (0) 77 18 77 466*
> <http://wso2.com/signature>
>
--
*Senthalan Kanagalingam*
*Software Engineer - WSO2 Inc.*
*Mobile : +94 (0) 77 18 77 466*
<http://wso2.com/signature>
_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
