Custom skins

5 posts / 0 new
Last post
Custom skins

I think we should disallow Globus Auth custom skins for individual XSEDE apps because of the increased susceptibility to Phishing attacks and to keep the XSEDE Web Single Sign-On interfaces as uniform as possible.  Also, XSEDE app developers would need to remember to update custom skin logos, fonts and colors every time xsede.org or XSEDE app sites change.

Delivery Effort Stage: 

What would your feeling be if the XSEDE skin was something on the Auth server side, not the client, and was something that a client could just say, “give me the XSEDE skin?” 

Keep in mind that the only page that actually asks for or sees the user’s password is one from weblogin.xsede.org. That one does have an XSEDE.org domain.

I second this concern. Custom skins bad. Stop it now.

I don't think it's worth having a single XSEDE Globus skin because once users choose the "XSEDE" organizational login, they're taken right to weblogin.xsede.org and that's what I consider the XSEDE specific page.  I also second what I think others have said - that the style of the weblogin.xsede.org page should be updated to match the style of xsede.org and made more modern, with larger form elements and text.  

It has now become standard that OIDC clients display the logo of the target IdP (Google, Facebook, etc.), so it's explicit to the user. auth.globus.org page also follows this philosophy in displaying the Google and ORCiD logos. v1.1 of the design doc follows this design philosophy in displaying the Globus logo.

Log in to post comments