Canonical SSO provider

When Logging into LP SSO from LP you shouldn't be told you are going to a 3rd party site

Reported by Dave Morley on 2010-09-07
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Canonical SSO provider
Low
Stuart Metcalfe

Bug Description

Bug Description:
Bug 608920 is continued here as the code for the fix is complete. The usability however isn't.

When logging into LP SSO from LP you shouldn't be told you will be redirected to a 3rd party site. This will confuse potential users as they are seemingly logging into LP from LP what is the 3rd party site. Also it doesn't name the 3rd party site so they don't know that the 3rd party site is infact LP.

OS:
64bit Lucid

Browser:
FF 3.6.8

Problem URL:
https://bugs.edge.launchpad.net/firefox/+bugs?field.searchtext=foo&orderby=-importance&search=Search&field.status%3Alist=NEW&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.status%3Alist=CONFIRMED&field.status%3Alist=TRIAGED&field.status%3Alist=INPROGRESS&field.status%3Alist=FIXCOMMITTED&field.importance%3Alist=UNKNOWN&field.importance%3Alist=CRITICAL&field.importance%3Alist=HIGH&field.importance%3Alist=LOW&field.importance%3Alist=UNDECIDED&assignee_option=any&field.assignee=&field.bug_reporter=&field.bug_supervisor=&field.bug_commenter=&field.subscriber=&field.tag=&field.tags_combinator=ANY&field.status_upstream-empty-marker=1&field.has_cve.used=&field.omit_dupes.used=&field.omit_dupes=on&field.affects_me.used=&field.has_patch.used=&field.has_branches.used=&field.has_branches=on&field.has_no_branches.used=&field.has_no_branches=on

Steps To Reproduce:
1. Log out of LP SSO
2. Goto the link above
3. Login from that page
4. Go throught all the login process
5. On the last page note the terminology says Return To 3rd Party Site

Expected Result:
I would expect there to be no text telling me I need to Return to a 3rd party site when I never left LP (from a user perspective)

If the 3rd party site is in our trusted config list, we should display the name of the site (eg: "Return to Launchpad"). For unknown sites, the existing wording is fine. Ideally the user shouldn't see this page anyway so we should also use the same js auto-submit trick as is used on openid consumers.

Changed in canonical-identity-provider:
status: New → Triaged
importance: Undecided → Low
tags: added: proj-openit

Notes for QA:

I'm going for a significant simplification of this view. All branding is being removed from the "Continue" page and the only thing you'll now see (if you disable js) is a continue button on a plain page. If you have js enabled, you won't see anything as it'll automatically redirect you back to the consumer.

I also fixed bug #680256 as part of this work, to make testing easier.

Changed in canonical-identity-provider:
assignee: nobody → Stuart Metcalfe (stuartmetcalfe)
milestone: none → 2-implementation
status: Triaged → Incomplete
status: Incomplete → In Progress
Changed in canonical-identity-provider:
milestone: 2-implementation → 3-internal-qa
Changed in canonical-identity-provider:
status: In Progress → Fix Committed
tags: added: defect
tags: added: kb-task
Julien Funk (jaboing) wrote :

Cannot be tested on UEC, moving to staging ready queue.

tags: added: kb-defect
removed: kb-task
Dave Morley (davmor2) wrote :

passes on staging

Changed in canonical-identity-provider:
milestone: 3-internal-qa → 11.02
Changed in canonical-identity-provider:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Related blueprints