Skip to Content.
Sympa Menu

shibboleth-dev - Re: [Shib-Dev] Non persistent cookies and the centralized discovery service

Subject: Shibboleth Developers

List archive

Re: [Shib-Dev] Non persistent cookies and the centralized discovery service


Chronological Thread 
  • From: Chad La Joie <>
  • To:
  • Subject: Re: [Shib-Dev] Non persistent cookies and the centralized discovery service
  • Date: Mon, 24 Jan 2011 14:15:37 -0500
  • Organization: Itumi, LLC

More than the consistency argument, which I happen to agree with, is the
problem you run in to when the auto-selected IdP is not the correct one.
For example, I have actually seen people in the UMich library log in to
other IdPs. Presumably because that person was a visiting student or
faculty or something.

If you ever have an automatic, show-nothing redirect the user ends up in
a bind because there is nothing to suggest that a) there should have
been a screen that asked them where they wanted to go and b) nothing to
describe how to clear the current state to get that screen back.

So that's always been my main issue. The fact that one user can do
something to "invisibly" screw up another user.

On 1/24/11 2:06 PM, Cantor, Scott E. wrote:
>> My immediate instinct is that would really help the usability of
>> centralized DS,
>> potentially at the cost of SP's which do
>> (multi-IdP) attribute aggregation (and who I'd assume would need to do
>> their
>> own discovery), but I'd like to get your input...
>
> My only comment is that one of the continued debates is over whether users
> (meaning nobody who would be on this list) actually care about this, or in
> fact find it even more confusing to end up sent to a particular IdP in some
> cases but prompted in others. The consistency argument is that it's better
> to just be uniform in what you give the user in each case, even at the cost
> of an extra click.
>
> -- Scott
>
>

--
Chad La Joie
http://itumi.biz
trusted identities, delivered



Archive powered by MHonArc 2.6.16.

Top of Page