Skip to Content.
Sympa Menu

perfsonar-user - Re: [perfsonar-user] Warning banner for toolkit/auth page

Subject: perfSONAR User Q&A and Other Discussion

List archive

Re: [perfsonar-user] Warning banner for toolkit/auth page


Chronological Thread 
  • From: Mark Foster <>
  • To: Aaron Brown <>, Mark Feit <>
  • Cc: Daniel Doyle <>, "Uhl, George D. (GSFC-423.0)[SGT INC]" <>, "" <>
  • Subject: Re: [perfsonar-user] Warning banner for toolkit/auth page
  • Date: Fri, 4 Mar 2016 14:11:35 -0800

I created a hacky sort of way of dealing this a while back; basically, I
stuff the verbiage in the template(s) that are used to build the page.
Some recent changes (on the GUI) side had me rework the script. When I
shared my approach with him, George augmented it by putting in a (script)
popup.

It's probably pretty NASA specific, but if others on the list are interested,
I'd be happy to share the approach.

If you want to see an example of what it looks like, check
ps-arc-meter.nren.nasa.gov

-- Mark

On 3/4/2016 2:04 PM, Aaron Brown wrote:
You could probably hack something similar using redirect rules. If the
request isn't authenticated and isn't coming from a page listing the notice
and consent banner, it redirects to that page, and that page just has the
warning and a redirect link back to the original authentication requiring
page which would now pop up the basicauth stuff.

Cheers,
Aaron

On Mar 4, 2016, at 3:23 PM, Mark Feit
<

<mailto:>>
wrote:



<mailto:>
on behalf of Daniel Doyle writes:


It sounds like what you’re describing is maybe a “message of the day”
type thing, which could be a feature request for the UI in the future. Is
that accurate?


It’s more like a pre-login message, the equivalent of /etc/issue on Unix
systems. A number of government agencies require that before a user attempts
to log into any system, they see a notice and consent banner that says they
understand the system is owned by the government and consent to a whole raft
of things by using it. This must happen before /any/ attempt to log in, not
just those that come through the front door.

DoD’s standard message is two fairly long paragraphs and is over 1KB in
length; I don’t imagine NASA’s is much shorter. Since perfSONAR uses HTTP
Basic Authentication, the only way to get the message shown is to stuff it
into the realm, which is what George tried. None of the major browsers
render a message that long in their login dialogs, so the message gets
partially delivered, which doesn’t meet the rule. (I’ve bumped into this
myself in the past, and it’s a thorn in a lot of sides.)

To make perfSONAR able to do this sort of thing correctly, we’d have to bring
authentication into the toolkit instead of delegating it to Apache. That
woulds give us the control over the login page that we’d need to display a
message of arbitrary length.

—Mark




Archive powered by MHonArc 2.6.16.

Top of Page