search

threatgrid / ctia-ui

A web-based interface to a Cisco Threat Intel API instance
5 stars 2 forks source link

Login Page #16

Closed pxninja closed 8 years ago

pxninja commented 8 years ago

screen shot 2016-11-14 at 2 51 08 pm

craigbro commented 8 years ago

Since we are going to use SAML (a single sign on tech) for Tenzin, we likely won't ever show users a login, at least not when configured to use SAML.

oakmac commented 8 years ago

Does this mean that we will not control the login user experience? Where will the user login from?

craigbro commented 8 years ago

Actually, in discussions with the CTA team that implemented a SAML client or the AMP SAML service, and getting details on what our exact flow will be.

craigbro commented 8 years ago

I have confirmed that we will not control the login page.

What happens is roughly:

  1. User wants to login, let's say they are going to tenzin.amp.cisco.com/...
  2. We see the user doesn't have a session and needed to login, so we send a redirect to the SAML Identity Provider (IDP), at console.amp.cisco.com/saml with a special request token as query string param.
  3. The IDP will see if that user is already authenticated to them, and if not present them with a login. Once authenticated, they redirect the user back to our app with a token that we can validate.
pxninja commented 8 years ago

Closing issue, as we no longer control the login page.