PILOS icon indicating copy to clipboard operation
PILOS copied to clipboard
verified publisher icon THM-Health

OIDC: Login-Workflow

Open tibroc opened this issue 4 months ago • 1 comments

While the current implementation of the OIDC login works well, the login workflow for the users could be simplified.

Wherever there are login buttons, if OIDC is configured as only login option, you should be redirected directly to your OIDC provider instead of the login page that only has the option to redirect:

Image

Also, the string for the wording in the login page should be configurable somewhere, because OpenID Connect is a technical term that not always is publicized like this in all instituions (e.g. I could imagine this being something like "Login in through the IT-Portal of Fabulous University"). [The same goes for the other log-in methods, btw]

Lastly, I guess it would nicer to not see a login page at all when you are already logged-in globally.

tibroc avatar Aug 12 '25 14:08 tibroc

  1. I agree, in case only a single auth. provider is enabled, the UI should be smoother
  2. There is no fits-all solution for how to name the different Auth. methods, especially if multiple are enabled. Therefor we decieded to stick with the tecnical term but recomand every admin to adjust the locale to their local wording. See: https://thm-health.github.io/PILOS/docs/administration/customisation/locales
  3. The way SSO for Shibb and OIDC is handled, we cannot detect if the user is already logged into an IDP, so the user always have to click. In case 1 is resolved, that would only require a single click as the IDP is immediatly redirecting you back to the auth. endpoint

samuelwei avatar Sep 01 '25 14:09 samuelwei