IdP as quasi-portal?

Greg Haverkamp gahaverkamp at lbl.gov
Tue Oct 19 01:32:48 UTC 2021 

On Mon, Oct 18, 2021 at 3:17 PM IAM David Bantz <dabantz at alaska.edu> wrote:

> Is your institutional IdP being used to broadcast messages to users in the
> credential login page?
> If so, how is that working out? Who is allowed to post messages there?
> How have you adapted login to display such messages?
>

We put a system in place to do this, but it was never used.  I was pretty
vehemently opposed to it; my argument against it was that users are already
too easy distracted by fake login pages.  We didn't need to make ours
harder for users to verify by plastering (effectively) ads all over the
place.  In the end, I lost, and we implemented with some Javascript that
pulled down one of two types of messages: 1) IT news and notices, or 2)
security emergency notices.

In the end, by the time it was implemented, everyone had forgotten about
it, and nothing ever got published.  Of course, that javascript makes a
request to its backend server location on every page request, generating an
error if someone is watching the console.  Sometime last year, while doing
some maintenance on our systems, I just silently shut down that backend
server that was serving up the messages and provided the extremely basic
editing interface.  The only people who were allowed to post there were our
deputy CIO, our CISO, and our senior administrative assistant.

Anyhow, we just had a div just under the box that holds our login form.  If
the xhr calls managed to snag any content, they filled in the messages.

(It was my own fault.  On our original login page, of my design -- which is
to say, lousy -- I had a bunch of warnings about phishing and the like.
The CIO saw that and thought, "Hmm.  If we can put up those general
notices, we can also advertise our services."  Then implementation held off
while our creative services office was redesigning the login page.  That's
probably what kept it from ever being used, since that took months.)

Greg



>
> David St. Pierre Bantz
> U Alaska
> --
> For Consortium Member technical support, see
> https://shibboleth.atlassian.net/wiki/x/ZYEpPw
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20211018/60fb89d2/attachment.htm>

More information about the users mailing list