Project

General

Profile

tickets #80974

Ipsilon installation is completely unthemed and does not look like openSUSE

Added by stfnknorr 9 months ago. Updated 7 months ago.

Status:
New
Priority:
Normal
Assignee:
opensuse-admin
Category:
3rd party hosted
Target version:
-
Start date:
2020-12-10
Due date:
% Done:

10%

Estimated time:

Description

The Ipsilon installation at id.opensuse.org, which is used to sign people into pages like l10n.opensuse.org is using the upstream theme. It also uses a free Let's Encrypt certificate without EV. This does not inspire confidence, and I have heard the page being described as "looking like a phishing site".

Could you please make sure that the page is appropriately openSUSE-branded to avoid such impressions?
Could you also please add some text to make sure people know which credentials to enter on https://id.opensuse.org/login/ldap ? (It should say something like "Log in with your SUSE/openSUSE community account).

History

#1 Updated by stfnknorr 9 months ago

Since I can't do it, please add fs@suse.com as CC. Maybe also involve someone like csanchez@suse.com for the branding part.

And I accidentally opened this under "communication", it should be under "issues". Can't change that either now.

#2 Updated by pjessen 9 months ago

  • Tracker changed from communication to tickets

I have added "fs@suse.de" as cc.

FYI, we use LE certificates for everything openSUSE.

#3 Updated by bmwiedemann 9 months ago

Surely phishers could copy our CSS to create the impression of a legitimate openSUSE site...

What needs to happen (in addition to theming) is to get rid of all login forms, except the one of our identity provider. This is a huge project and therefore has not even been started.

#4 Updated by stfnknorr 9 months ago

pjessen:

I have added "fs@suse.de" as cc.

Thank you for the edits, Per!

FYI, we use LE certificates for everything openSUSE.

In general I understand but for an identity provider site, maybe it's not ideal. Tbh, it's not the first thing I'd check either, as long as I get a green lock icon in the browser.

bmwiedemann wrote:

Surely phishers could copy our CSS to create the impression of a legitimate openSUSE site...

Obviously. It's still not ideal to just ship the upstream theme and hope people recognize that the page is supposed to look like that. It looks exactly like the off-the-shelf page that it currently is.

(The upstream theme is a bit eccentric as well, putting the login form at the bottom of the page, which imo is a UX issue too.)

What needs to happen (in addition to theming) is to get rid of all login forms, except the one of our identity provider. This is a huge project and therefore has not even been started.

Arguably, but I don't think the perfect should be the enemy of the good in this case. Within SUSE, we have gotten used to Okta as well, somehow.

#5 Updated by hellcp 9 months ago

ipsilon has had https://pagure.io/ipsilon/blob/master/f/themes/openSUSE for a few months already, I assume we could use that

#6 Updated by bmwiedemann 9 months ago

  • % Done changed from 0 to 10

The ipsilon-theme-openSUSE package was installed. There was just no documentation on how to enable it, so I read the source and managed to enable it via

/etc/ipsilon/root/ipsilon.conf
theme_dir = "/usr/share/ipsilon/themes/openSUSE"

but then the links to /portal and /admin were missing and the logo img was broken, so I reverted it for now...

https://static.opensuse.org/chameleon/dist/images/logo/logo-white.svg indeed is not there.

#7 Updated by hellcp 9 months ago

Yeah, the symlinks have to be fixed to work properly, I will have to look up how I got it working somewhere else

#8 Updated by lrupp 7 months ago

  • Category set to 3rd party hosted

Also available in: Atom PDF