Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve Login Selector UX #64142

Merged
merged 6 commits into from
Apr 28, 2020

Conversation

azasypkin
Copy link
Member

@azasypkin azasypkin commented Apr 22, 2020

Summary

In this PR we're going to cover Login Selector UX improvements that have been proposed in #61144 and https://www.figma.com/proto/1yRyEEPb8NMcPOj2cbybQB/Kibana-SSO-login?node-id=1%3A126&scaling=min-zoom

UI/UX

image

image

Config

xpack.security.loginAssistanceMessage: "By logging in to this application you accept:\n
         * [The Corporate Terms of Use](https://google.com)\n* [Privacy Terms](...)"
xpack.security.loginHelp: "**You are accessing a system with U.S. 
         government information**"

xpack.security.authc.providers:
  basic.basic1:
    order: 0
    description: "Log in using Elasticsearch"
    hint: "Typical for most users"
    icon: "logoElastic"

  saml.saml1:
    order: 1
    realm: cloud-saml
    description: "Log in using Elastic Cloud"
    hint: "Typical for administrators"
    icon: logoCloud

  pki.pki1:
    order: 2
    description: "Log in with SSO. No icon or hint"

  oidc.oidc1:
    order: 3
    realm: google-oidc
    description: "Log in with Google"
    hint: "I have a logo and hint!"
    icon: https://upload.wikimedia.org/wikipedia/commons/5/53/Google_%22G%22_Logo.svg

Blocked: by Design Team feedback ✔️
Fixes: #61144


"Release Note: Login Selector UI was refined and can now offer much more customization options."

@azasypkin azasypkin added blocker blocked Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! Feature:Security/Authentication Platform Security - Authentication v7.8.0 labels Apr 22, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security (Team:Security)

@azasypkin
Copy link
Member Author

Hey @snide!

Would you mind clarifying few more things regarding Login Selector improvements discussed in #61144 for me?

Let me try to describe the possible states and questions I have. It's a very rough draft, I only use standard EUI components without any additional styling yet, just to have something to reason about.

  • GIF with the general flows to see this in action:

Peek 2020-04-22 10-09

  • Questions for screen#1:

    • Buttons have multiple possible states and this is how they look like using standard EuiCard.
      Can you please help us to figure out how all these states should look like in new design?:

      • with icon and description (Log in with Cloud)
      • with icon, but without description (Log in with Smart Card (PKI))
      • with description, but without icon (Log in with Corp SSO)
      • without both icon and description (Login with basic/basic1)
    • Since we display a button for a basic login form now, we need to come up with a default title (and maybe description), by default we'll display Log in with basic/basic1 which is suboptimal. As I mentioned previously this login form can be used for native ES login as well as for customers AD/LDAP that means that from technical standpoint it's more like vague Log in with Kibana login form, but that's probably will be confusing for our users... Do you have any ideas for the default title/description (Cloud can reconfigure that and tailor for the Cloud specific use case if they wish)?

    • Previously we used normal buttons in the login selector and leveraged their default isLoading state so that when you had a slow network connection we were displaying the loading spinner within this button before user redirected to IdP portal. With the new design I just disable these buttons (as seen in GIF). How would you suggest to handle that state in the new design?

    • Does EUI have any mixins/components to "animate" transition between Selector/Form/LoginHelp?

Screen Shot 2020-04-22 at 10 09 44

  • Questions for screen#2:
    • ????? near the link back to selector - do you have any suggestions what we should write here? I know you have Logging in with a Kibana account in your mock ups, but I'm not sure if it works for all scenarios. Presumably it's not configurable and should work for both Cloud and non-Cloud setups (unless we use the same text we use for the button title at the Login Selector screen)

Screen Shot 2020-04-22 at 10 09 53

  • Questions for screen#3:
    • And as we discussed previously, here we can render just one configurable markdown message. By default we can hide Need help? link if help text/markdown isn't specified and let Cloud figure that out for their use case or we can also provide a default text/markdown so that all Elastic Stack users can benefit from it with ability to change it. Whatever you feel is better.

Screen Shot 2020-04-22 at 10 09 49

Thanks!

@snide
Copy link
Contributor

snide commented Apr 22, 2020

hey @azasypkin

Rather than do a back and forth on the individual screens, it might be easier to do a small writeup on how I can get my dev setup to show the options as shown. I don't mind jumping in the code (or having one of our other coding designers jump in) to help out and clean up the interactions. If that's too hard, possibly we can just fake some states in the draft PR so we can fill in the bits. I'll take a scan at what's in here now and see what I can manage.

@azasypkin
Copy link
Member Author

azasypkin commented Apr 22, 2020

hey @azasypkin
Rather than do a back and forth on the individual screens, it might be easier

Yep, makes sense to me. I've updated issue description with the Kibana config that one can use with this PR. Technically you don't need need to perform actual SSO login to test the flows so there is no need to re-configure ES for that, but if you'd like to be able to log in and use Kibana with SAML I can share required configuration over slack (there is some sensitive IdP info we can't share here).

I'm happy to Zoom/Slack to help with the setup or answer any questions if needed.

Thanks!

@snide
Copy link
Contributor

snide commented Apr 22, 2020

Excellent. I've give it a shot, and if I can't figure it out today. I'll set something up tomorrow early my time and we can pair.

@snide
Copy link
Contributor

snide commented Apr 23, 2020

@azasypkin Hope its ok. I pushed directly to your PR. I made the following changes:

  • I cleaned up the styling of the selector
  • The selector now has better disabled and loading states
  • I cleaned up the messaging area to be a little more svelte
  • I cleaned up the user/pass login with more generic language and changed the placement

For wording of the "Kibana" login, I'm gonna check with some others tomorrow and update. The best I could come up with was being very on the nose about it being "Elasticsearch".

image

In any case. I probably need another commit in here to clean things up some more. If you give me a way to render the "get help" stuff I can work on that part as well.

@azasypkin
Copy link
Member Author

@azasypkin Hope its ok. I pushed directly to your PR. I made the following changes:

Looks awesome, thanks!

The best I could come up with was being very on the nose about it being "Elasticsearch".

Yeah, it's much closer to the truth than Kibana account at least.

If you give me a way to render the "get help" stuff I can work on that part as well.

Sure, for now it's xpack.security.loginHelp:

xpack.security.loginHelp: "**You are accessing a system with U.S. government information**"

@snide
Copy link
Contributor

snide commented Apr 23, 2020

OK @azasypkin I'm done with the design work. I'll assume you're good to go, but feel to ping me on review when you finish up.

@azasypkin
Copy link
Member Author

OK @azasypkin I'm done with the design work. I'll assume you're good to go, but feel to ping me on review when you finish up.

Yeah, I can go ahead and prepare this PR for review. Thanks a lot for the help, @snide!

For wording of the "Kibana" login, I'm gonna check with some others tomorrow and update. The best I could come up with was being very on the nose about it being "Elasticsearch".

Did you have a chance to check this? Or we're moving forward with Log in with Elasticsearch and logoElastic icon? I believe we need some defaults here, otherwise when Kibana is configured to work with multiple realms, the button for the login form will have Log in with basic/basic1-like description without icon until admins change these.

Also Need help? link won't be visible by default since we don't provide any default text right now, not sure if it matters since we didn't provide it previously either.

@azasypkin azasypkin force-pushed the issue-61144-login-improvements branch from 29751e4 to 903f031 Compare April 24, 2020 12:22
@snide
Copy link
Contributor

snide commented Apr 24, 2020

@azasypkin and I chatted over Slack. Setting "Log in with Elasticsearch" as the default. Need help will be empty by default (so not used). Cloud is strongly recommended to use it for guidance and a way to link to support directly.

@azasypkin azasypkin force-pushed the issue-61144-login-improvements branch from 903f031 to f38790b Compare April 24, 2020 16:31
@azasypkin azasypkin removed the blocked label Apr 24, 2020
@azasypkin azasypkin marked this pull request as ready for review April 24, 2020 19:44
@azasypkin azasypkin requested review from a team as code owners April 24, 2020 19:44
@legrego
Copy link
Member

legrego commented Apr 24, 2020

ACK: will review on Monday

@legrego legrego self-requested a review April 24, 2020 19:52
Copy link
Contributor

@snide snide left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM on the design side.

Copy link
Member

@legrego legrego left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is working great! Just a couple nits/questions.

  • Let's also make sure to update kibana-docker to include the new settings

return null;
}

return (
<EuiPanel>
<div className="lgnAssistanceMessage">
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Other classes within the security plugin start with sec. We should probably maintain this "namespace"

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I'll switch to sec or secLogin (will see) 👍

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's fine to change. @azasypkin I'll leave these to you

? this.onPageModeChange(PageMode.Form)
: this.loginWithSelector(provider.type, provider.name)
}
className={`lgnCard ${
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit class name should start with sec

<EuiIcon size="xl" type={provider.icon ? provider.icon : 'empty'} />
</EuiFlexItem>
<EuiFlexItem>
<EuiTitle size="xs" className="lgnCard__title">
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit class name should start with sec

)}
</p>
</EuiTitle>
{provider.hint ? <p className="lgnCard__hint">{provider.hint}</p> : null}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit class name should start with sec

<EuiText size="xs" className="eui-textCenter">
<EuiLink
data-test-subj="loginBackToLoginLink"
style={{ fontWeight: 'bold' }}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@snide this link to return back to the login flow is bold, but the link to get to this screen is not bolded. Is that intentional?

image

image

Copy link
Member Author

@azasypkin azasypkin Apr 27, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I though it was intentional, but thanks for double checking 🙂

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The font-weight style tag should be removed.

if (this.validator.validateForLogin(username, password).isInvalid) {
// Since validation is enabled now, we should ask React to re-render form and display
// validation error messages if any.
return this.forceUpdate();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need a new pattern for this across the security screens...we abuse state in other components to achieve this, but your change to use forceUpdate is at least more explicit. You can ignore this comment, I'm just thinking out loud for the future

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, totally agree.

@azasypkin azasypkin requested a review from a team as a code owner April 28, 2020 06:45
Copy link
Contributor

@spalger spalger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Operations: Docker config change LGTM

@azasypkin azasypkin requested a review from legrego April 28, 2020 09:58
@azasypkin
Copy link
Member Author

@legrego it's ready for another pass, thanks!

Copy link
Member

@legrego legrego left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! If we don't already have one, let's open an issue so that we add documentation for these improvements, and include a functional test or two as well before release.

@azasypkin
Copy link
Member Author

azasypkin commented Apr 28, 2020

If we don't already have one, let's open an issue so that we add documentation for these improvements, and include a functional test or two as well before release.

Sure, we have one for documentation already #64054 and I've just filed another one for the functional test suite #64635.

@azasypkin azasypkin merged commit e7971fa into elastic:master Apr 28, 2020
@azasypkin azasypkin deleted the issue-61144-login-improvements branch April 28, 2020 10:55
azasypkin added a commit to azasypkin/kibana that referenced this pull request Apr 28, 2020
Co-authored-by: Dave Snider <dave.snider@gmail.com>
@azasypkin
Copy link
Member Author

7.x/7.8.0: 75e2b8c

@kibanamachine
Copy link
Contributor

💚 Build Succeeded

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backported blocker Feature:Security/Authentication Platform Security - Authentication release_note:enhancement Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! v7.8.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants