Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide users with Login Selector screen when multiple authentication providers are enabled #39313

Closed
kobelb opened this issue Jun 19, 2019 · 4 comments · Fixed by #53010
Closed

Provide users with Login Selector screen when multiple authentication providers are enabled #39313

kobelb opened this issue Jun 19, 2019 · 4 comments · Fixed by #53010
Assignees
@azasypkin
Labels
enhancement New value added to drive a business result Feature:Security/Authentication Platform Security - Authentication Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!

Comments

@kobelb
Copy link
Contributor

kobelb commented Jun 19, 2019

We have limited support for multiple auth providers in Kibana. We're able to use the basic or token auth providers with either: SAML, Kerberos or Open ID Connect. But, we aren't currently able to use SAML with Kerberos or Open ID Connect. Per @jkakavas's original suggestion in #18366 if we provided a splash screen where the user could choose which auth provider they wish to use, it would greatly improve this situation.
@kobelb kobelb added Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! enhancement New value added to drive a business result Feature:Security/Authentication Platform Security - Authentication labels Jun 19, 2019
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security

@kobelb kobelb mentioned this issue Jun 19, 2019
Closed
@azasypkin
Copy link
Member

++, adding this will become less painful once we finish NP migration PR. There I'm going to make login attempt generic so that if we want some specific provider to perform an initial login, no matter what authentication providers we have enabled and in which order ([saml, basic, kerberos, oidc]), we can say that this particular login request should be processed only by provider X.

@azasypkin azasypkin mentioned this issue Sep 13, 2019
Closed
@azasypkin azasypkin mentioned this issue Dec 13, 2019
Merged
@azasypkin azasypkin mentioned this issue Jan 16, 2020
Closed
@azasypkin azasypkin mentioned this issue Feb 6, 2020
Closed
@azasypkin azasypkin self-assigned this Feb 6, 2020
@azasypkin azasypkin changed the title Login - auth provider selection Provide users with Login Selector screen when multiple authentication providers are enabled Feb 7, 2020
@azasypkin
Copy link
Member

Here are the 4 states of the Login page I can think of (very rough prototypes, just to illustrate the idea):

  1. The page that's displayed when login selector is disabled (xpack.security.authc.selector.enabled: false) and only Basic/Token authentication provider is enabled (current login page):
    ls_1

  2. The page that's displayed when login selector is enabled (xpack.security.authc.selector.enabled: true), but neither Basic nor Token authentication provider is enabled (in the example only two SAML providers are enabled):
    ls_2

  3. The page that's displayed when login selector is enabled (xpack.security.authc.selector.enabled: true), and either Basic or Token authentication provider is enabled as well:
    ls_3

  4. The page that's displayed when login selector is enabled (xpack.security.authc.selector.enabled: true), but none of the providers is enabled:

ls_4

@ryankeairns
Copy link
Contributor

@azasypkin Here is the mockup we reviewed over zoom. Notable changes are:

  • Use EuiButtons instead of a list; add the fullWidth prop
  • Swap out the icons to the user iconType; use logoCloud for Elastic Cloud SAML, if possible
  • Keep the ----- OR ----- as you had it in your original mockup

Frame 6

Thank you, let me know if any other questions arise.

@Whizzzer Whizzzer mentioned this issue Aug 8, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@azasypkin azasypkin

Labels
enhancement New value added to drive a business result Feature:Security/Authentication Platform Security - Authentication Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Implement Kibana Login Selector azasypkin/kibana
4 participants
@ryankeairns @kobelb @azasypkin @elasticmachine