IntegratingAigaion/ExternalLogin/Requirements
From AigaionWiki
< IntegratingAigaion | ExternalLogin
[DR 2008.08.17] A number of things for the design of this whole login stuff that make sense to me, given the cases above. This is just like, a brainstorming section before the real design is fleshed out.
Contents |
Login and Logout Forms and Links
Not every configuration needs or even allows the Aigaion login/logout forms and links and controllers to be displayed and to work. Also, for some configurations the logout link ma cause a user to be logged out of an external module, too.
Separate Internal Accounts, Besides External Accounts
For some configurations, Aigaion should be able to maintain 'internal' accounts that do not have a relation to the external login mechanism and can only be accessed by logging in directly through the Aigaion forms, instead of through the external modules.
Invalidating Password in Aigaion
If an account (login+password) in Aigaion is managed externally, the user should NOT be able to change his password in the Aigaion "my profile" page. This means that the password field in Aigaion will stay empty! (The same holds for anonymous accounts, actually, that do not use the password to log in). If then Aigaion is reconfigured at a later time to NOT use an external login module, we end up with a number of accounts that have an empty password, which is not good. So, such accounts should get a marker 'PASSWORD INVALIDATED', which means that this account cannot be logged in by using the Aigaion internal password checker. When Aigaion is reconfigured to use the internal login module, these accounts need to be reconfigured and assigned a proper password by the admin.
Password Reminder Service
Just because it slips my mind otherwise: We need a password reminder service for the acounts where the password is not invalidated and that have a proper email address set. Note, then, that for security reasons it should not be possible to change the email of a profile without entering the current password!
Password Expiry
Øyvind suggests (above) to make a password expiry date, and possibly an account expiry date. Could be useful.
Staying Logged In
For some of the scenarios, the user should stay logged in as long as the session says he's logged in (that is, until he closes the browser or presses 'logout'). For other scenarios, Aigaion should check for every page access whether the external login still considers the user to be logged in... ('perfect slave' configuration, e.g. case III)
Logging Out From External System
If your being logged in to Aigaion was caused by logging into another system, e.g. the CMS from case II, and you press logout in the CMS, should this cause you to be logged out from Aigaion as well? And if so, how do we achieve that? Either make the Aigaion login a complete slave like in case III, or hack into the logout command of the CMS and make it fire off a logout to Aigaion, too.
Remember Me
'remember me' is relevant only for some of the scenarios/configurations
'Create Accounts' Option
If the login password checking is delegated to another system, it may happen that a username/password is accepted, but no account existed yet in Aigaion. In that case, Aigaion may be configured to automatically create that account, with some default settings. These newly created accouts must be set to 'PASSWORD INVALIDATED' (see above). It is also possible that a username/password is accepted, and the account exists in Aigaion BUT NOT WITH AN INVALIDATED PASSWORD! That means that the account already existed separately from the external login mechanism; Aigaion should refues to log this account in, and give some message like "I am sorry, an account with that name already exists in Aigaion but it can only be used through the Aigaion login forms. Please contact an Aigaion administrator for support".
[Øyvind 2008-08-19] What about deleting users? Users which have been created based on information from another log-in system should they be deleted when the user is deleted from the other system (probably difficult to do) or should there be some out-of-date function for the users and perhaps also their passwords?
[DR 2008.8.19] A configurable out-of-date period is definitely easiest to implement. Deleting from Aigaion when a user is deleted from the other system is possible, not difficult, but needs programming in the other system rather than in Aigaion. On the other hand, with the PASSWORD INVALIDATED marker, a user who is deleted from the other system CANNOT login in Aigaion through the Aigaion native login forms. So at most we would get clutter (dead accounts) in the database; those dead accounts cannot be used for Aigaion except when a databaseadmin assigns them an internal password
Groups
Some external login modules (such as LDAP) may be able to provide groups for the users, too. Others may not. An option 'manage groups through external module'? If Aigaion creates new accounts automatically, and the external module does not provide a group, we might want to be able to set a 'default group for new users'
Login Override
No matter what external login type is specified, it should maybe be possible to configure Aigaion to allow accounts with database-admin right to login through the internal mechanism in some way, to be able to turn off an external login module that went haywire... Although that kind of defeats the fancy biometric thumbprint login system, no?