<tt><font size=2>Thanks Ioram,</font></tt>
<br>
<br><tt><font size=2>From the keystone side: the one issue with listing
IdPs is that some may</font></tt>
<br><tt><font size=2>be private, so we're now looking to exploit the apache
plugin data in the</font></tt>
<br><tt><font size=2>environment (</font></tt><a href=https://review.openstack.org/#/c/142743/><tt><font size=2 color=blue>https://review.openstack.org/#/c/142743/</font></tt></a><tt><font size=2>),
thus from the</font></tt>
<br><tt><font size=2>horizon side the only data they need to send over
would be the protocol</font></tt>
<br><tt><font size=2>that the IdP uses.</font></tt>
<br>
<br><tt><font size=2>What i'm taking away from some of the comments is
to preserve the usual</font></tt>
<br><tt><font size=2>(username and password) flow, and maybe it'll be easier
to just list off</font></tt>
<br><tt><font size=2>the protocols in a separate drop down (SAML and OpenID
Connect).</font></tt>
<br>
<br><tt><font size=2>Steve</font></tt>
<br>
<br><tt><font size=2>Ioram Schechtman Sette <iss@cin.ufpe.br> wrote
on 02/05/2015 06:04:36 AM:<br>
<br>
> From: Ioram Schechtman Sette <iss@cin.ufpe.br></font></tt>
<br><tt><font size=2>> To: "OpenStack Development Mailing List
(not for usage questions)" <br>
> <openstack-dev@lists.openstack.org></font></tt>
<br><tt><font size=2>> Date: 02/05/2015 06:14 AM</font></tt>
<br><tt><font size=2>> Subject: Re: [openstack-dev] [horizon][keystone]</font></tt>
<br><tt><font size=2>> <br>
> Hi Thai,<br>
> <br>
> I agree with Anton that the names are not intuitive for users.<br>
</font></tt>
<br><tt><font size=2>> I would use something like:</font></tt>
<br><tt><font size=2>> - Local authentication (for local credentials)</font></tt>
<br><tt><font size=2>> - ?? (I also have no idea of what is a Default
protocol)</font></tt>
<br><tt><font size=2>> - Authenticate using <name of IdPs or federation>
(something which <br>
> is easy to the user understand that he could use or not - this is
<br>
> for the discovery service or remote IdP)<br>
</font></tt>
<br><tt><font size=2>> Here in the University of Kent we used another
approach.</font></tt>
<br><tt><font size=2>> Instead of selecting the method using a "list/combo"
box, we present<br>
> all the options in a single screen.</font></tt>
<br><tt><font size=2>> I think it's not beautiful, but functional.</font></tt>
<br><tt><font size=2>> I think it would be easier to the user if they
could have all the <br>
> options in a single interface, since it doesn't become too much <br>
> loaded (visually polluted).<br>
> <br>
> [image removed] </font></tt>
<br><tt><font size=2>> Regards,<br>
> Ioram</font></tt>
<br><tt><font size=2>> <br>
> 2015-02-05 9:20 GMT+00:00 Anton Zemlyanov <azemlyanov@mirantis.com>:</font></tt>
<br><tt><font size=2>> Hi,</font></tt>
<br><tt><font size=2>> <br>
> I guess "Credentials" is login and password. I have no idea
what is <br>
> "Default Protocol" or "Discovery Service".</font></tt>
<br><tt><font size=2>> The proposed UI is rather embarrassing.</font></tt>
<br><tt><font size=2>> <br>
> Anton</font></tt>
<br><tt><font size=2>> <br>
> On Thu, Feb 5, 2015 at 12:54 AM, Thai Q Tran <tqtran@us.ibm.com>
wrote:</font></tt>
<br><tt><font size=2>> Hi all,<br>
> <br>
> I have been helping with the websso effort and wanted to get some
feedback.<br>
> Basically, users are presented with a login screen where they can
<br>
> select: credentials, default protocol, or discovery service.<br>
> If user selects credentials, it works exactly the same way it works
today.<br>
> If user selects default protocol or discovery service, they can <br>
> choose to be redirected to those pages.<br>
> <br>
> Keep in mind that this is a prototype, early feedback will be good.<br>
> Here are the relevant patches:<br>
> </font></tt><a href=https://review.openstack.org/#/c/136177/><tt><font size=2>https://review.openstack.org/#/c/136177/</font></tt></a><tt><font size=2><br>
> </font></tt><a href=https://review.openstack.org/#/c/136178/><tt><font size=2>https://review.openstack.org/#/c/136178/</font></tt></a><tt><font size=2><br>
> </font></tt><a href=https://review.openstack.org/#/c/151842/><tt><font size=2>https://review.openstack.org/#/c/151842/</font></tt></a><tt><font size=2><br>
> <br>
> I have attached the files and present them below:<br>
> <br>
> [image removed] [image removed] [image removed] [image removed] <br>
> <br>
> <br>
</font></tt>
<br><tt><font size=2>> __________________________________________________________________________<br>
> OpenStack Development Mailing List (not for usage questions)<br>
> Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe<br>
> </font></tt><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev"><tt><font size=2>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</font></tt></a><tt><font size=2><br>
</font></tt>
<br><tt><font size=2>> <br>
> <br>
> __________________________________________________________________________<br>
> OpenStack Development Mailing List (not for usage questions)<br>
> Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe<br>
> </font></tt><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev"><tt><font size=2>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</font></tt></a><tt><font size=2><br>
</font></tt>
<br><tt><font size=2>> __________________________________________________________________________<br>
> OpenStack Development Mailing List (not for usage questions)<br>
> Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe<br>
> </font></tt><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev"><tt><font size=2>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</font></tt></a><tt><font size=2><br>
</font></tt>