tickets #80974
closedIpsilon installation is completely unthemed and does not look like openSUSE
100%
Description
The Ipsilon installation at id.opensuse.org, which is used to sign people into pages like l10n.opensuse.org is using the upstream theme. It also uses a free Let's Encrypt certificate without EV. This does not inspire confidence, and I have heard the page being described as "looking like a phishing site".
Could you please make sure that the page is appropriately openSUSE-branded to avoid such impressions?
Could you also please add some text to make sure people know which credentials to enter on https://id.opensuse.org/login/ldap ? (It should say something like "Log in with your SUSE/openSUSE community account).
Updated by stfnknorr over 3 years ago
Since I can't do it, please add fs@suse.com as CC. Maybe also involve someone like csanchez@suse.com for the branding part.
And I accidentally opened this under "communication", it should be under "issues". Can't change that either now.
Updated by pjessen over 3 years ago
- Tracker changed from communication to tickets
I have added "fs@suse.de" as cc.
FYI, we use LE certificates for everything openSUSE.
Updated by bmwiedemann over 3 years ago
Surely phishers could copy our CSS to create the impression of a legitimate openSUSE site...
What needs to happen (in addition to theming) is to get rid of all login forms, except the one of our identity provider. This is a huge project and therefore has not even been started.
Updated by stfnknorr over 3 years ago
pjessen:
I have added "fs@suse.de" as cc.
Thank you for the edits, Per!
FYI, we use LE certificates for everything openSUSE.
In general I understand but for an identity provider site, maybe it's not ideal. Tbh, it's not the first thing I'd check either, as long as I get a green lock icon in the browser.
bmwiedemann wrote:
Surely phishers could copy our CSS to create the impression of a legitimate openSUSE site...
Obviously. It's still not ideal to just ship the upstream theme and hope people recognize that the page is supposed to look like that. It looks exactly like the off-the-shelf page that it currently is.
(The upstream theme is a bit eccentric as well, putting the login form at the bottom of the page, which imo is a UX issue too.)
What needs to happen (in addition to theming) is to get rid of all login forms, except the one of our identity provider. This is a huge project and therefore has not even been started.
Arguably, but I don't think the perfect should be the enemy of the good in this case. Within SUSE, we have gotten used to Okta as well, somehow.
Updated by hellcp over 3 years ago
ipsilon has had https://pagure.io/ipsilon/blob/master/f/themes/openSUSE for a few months already, I assume we could use that
Updated by bmwiedemann over 3 years ago
- % Done changed from 0 to 10
The ipsilon-theme-openSUSE package was installed. There was just no documentation on how to enable it, so I read the source and managed to enable it via
/etc/ipsilon/root/ipsilon.conf
theme_dir = "/usr/share/ipsilon/themes/openSUSE"
but then the links to /portal and /admin were missing and the logo img was broken, so I reverted it for now...
https://static.opensuse.org/chameleon/dist/images/logo/logo-white.svg indeed is not there.
Updated by hellcp over 3 years ago
Yeah, the symlinks have to be fixed to work properly, I will have to look up how I got it working somewhere else
Updated by crameleon over 1 year ago
Referencing meeting notes from 11/03/22:
identification VM might have had working ipsilon theming support ; something in salt: apache alias ui, alias theme https://gitlab.infra.opensuse.org/infra/salt/-/blob/5c843d1798fe74aa9278d9e66e574a08de0dda7e/salt/profile/identification/files/sso.opensuse.org.conf https://gitlab.infra.opensuse.org/infra/salt/-/blob/5c843d1798fe74aa9278d9e66e574a08de0dda7e/salt/profile/identification/files/ipsilon.conf
Updated by crameleon over 1 year ago
- Status changed from New to Workable
- Assignee changed from opensuse-admin to crameleon
- % Done changed from 10 to 70
I took this upon myself now and installed the latest openSUSE theme from the ipsilon master branch. The packaged version I could not update as the sources in https://build.opensuse.org/package/show/openSUSE:infrastructure:ipsilon/ipsilon originated from some linked project which no longer exists. And even if, it would probably be a waste of time building updates for 15.2.
For what it's worth, it looks nice now and works. If there are no complaints I will close this and make a new ticket about the obsolete installation and missing packages.
Updated by crameleon over 1 year ago
- Assignee changed from crameleon to opensuse-admin
Updated by crameleon over 1 year ago
One note for administrators: you have to navigate to /admin or /portal yourself after logging in, there is no dashboard with a link.
Updated by crameleon about 1 year ago
- Category changed from 3rd party hosted to Servers hosted in NBG
- Assignee changed from opensuse-admin to SUSE-Admins
- % Done changed from 70 to 100
No complaints, closing. Admin/Portal links patched in by @bmwiedemann - please submit upstream if you can.
Updated by crameleon about 1 year ago
- Status changed from Workable to Resolved
- Assignee changed from SUSE-Admins to crameleon