perfSONAR User Q&A and Other Discussion

[Aaron Brown <>]

You could probably hack something similar using redirect rules. If the request isn't authenticated and isn't coming from a page listing the notice and consent banner, it redirects to that page, and that page just has the warning and a redirect link back to the original authentication requiring page which would now pop up the basicauth stuff.

Cheers,

Aaron

On Mar 4, 2016, at 3:23 PM, Mark Feit <> wrote:

on behalf of Daniel Doyle writes:

It sounds like what you’re describing is maybe a “message of the day” type thing, which could be a feature request for the UI in the future. Is that accurate?

It’s more like a pre-login message, the equivalent of /etc/issue on Unix systems.  A number of government agencies require that before a user attempts to log into any system, they see a notice and consent banner that says they understand the system is owned by the government and consent to a whole raft of things by using it.  This must happen before any attempt to log in, not just those that come through the front door.

DoD’s standard message is two fairly long paragraphs and is over 1KB in length; I don’t imagine NASA’s is much shorter.  Since perfSONAR uses  HTTP Basic Authentication, the only way to get the message shown is to stuff it into the realm, which is what George tried.  None of the major browsers render a message that long in their login dialogs, so the message gets partially delivered, which doesn’t meet the rule.  (I’ve bumped into this myself in the past, and it’s a thorn in a lot of sides.)

To make perfSONAR able to do this sort of thing correctly, we’d have to bring authentication into the toolkit instead of delegating it to Apache.  That woulds give us the control over the login page that we’d need to display a message of arbitrary length.

—Mark