SREG fields during login are confusing to average user
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Canonical SSO provider |
Confirmed
|
High
|
Unassigned | ||
Bug Description
This is a major usability issue from my perspective.
Most users will be confused by the current implementation of the SREG fields during login. At the moment, if I choose not to provide one o two of the SREG fields there will be portions of the website that will not work correctly after I log in - but there is no warning to the user that the site might not work properly if they disallow a field or two.
This is a classic case of giving the user too many choices. A basic user doesn't care to hand pick his SREG fields, he just wants to log into the site and get it over with.
One idea is to provide an expandable list of fields, with the option to say 'No'. But hand picking the SREG fields seems overkill as the site will likely rely on every field that it is requesting to function properly.
Finally, if we're still going ahead with the hand pick idea, a select/deselect all checkbox would be nice since 99.9% of the time a user will want to allow all the requested fields. Also there should be some helpful text that explains in simple terms what is happening and that refusing the fields may cause the site to function improperly.
| Michael Nelson (michael.nelson) wrote | #1 |
| Julien Funk (jaboing) wrote | #2 |
| Changed in canonical-identity-provider: | |
| status: | New → Confirmed |
Hi Julien - I'm guessing you're writing this bug in response to testing on a VPS, where those options are presented because the vps request isn't coming from a trusted source. I think I wrote a similar bug, or started discussing it, when I first saw it too, but stu/ricardo pointed out that it's only because of the untrusted request (from the VPS).
It is probably worth asking the SSO guys if the vps environment can also be setup to match staging/production somehow, to avoid the confusion - if possible (whether they can do that might depend whether you're authenticating with a vps SSO, or staging SSO).