Project

General

Profile

Actions

tickets #80974

closed

Ipsilon installation is completely unthemed and does not look like openSUSE

Added by stfnknorr almost 4 years ago. Updated over 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Servers hosted in NBG
Target version:
-
Start date:
2020-12-10
Due date:
% Done:

100%

Estimated time:

Description

The Ipsilon installation at id.opensuse.org, which is used to sign people into pages like l10n.opensuse.org is using the upstream theme. It also uses a free Let's Encrypt certificate without EV. This does not inspire confidence, and I have heard the page being described as "looking like a phishing site".

Could you please make sure that the page is appropriately openSUSE-branded to avoid such impressions?
Could you also please add some text to make sure people know which credentials to enter on https://id.opensuse.org/login/ldap ? (It should say something like "Log in with your SUSE/openSUSE community account).

Actions #1

Updated by stfnknorr almost 4 years ago

Since I can't do it, please add fs@suse.com as CC. Maybe also involve someone like csanchez@suse.com for the branding part.

And I accidentally opened this under "communication", it should be under "issues". Can't change that either now.

Actions #2

Updated by pjessen almost 4 years ago

  • Tracker changed from communication to tickets

I have added "fs@suse.de" as cc.

FYI, we use LE certificates for everything openSUSE.

Actions #3

Updated by bmwiedemann almost 4 years ago

Surely phishers could copy our CSS to create the impression of a legitimate openSUSE site...

What needs to happen (in addition to theming) is to get rid of all login forms, except the one of our identity provider. This is a huge project and therefore has not even been started.

Actions #4

Updated by stfnknorr almost 4 years ago

pjessen:

I have added "fs@suse.de" as cc.

Thank you for the edits, Per!

FYI, we use LE certificates for everything openSUSE.

In general I understand but for an identity provider site, maybe it's not ideal. Tbh, it's not the first thing I'd check either, as long as I get a green lock icon in the browser.

bmwiedemann wrote:

Surely phishers could copy our CSS to create the impression of a legitimate openSUSE site...

Obviously. It's still not ideal to just ship the upstream theme and hope people recognize that the page is supposed to look like that. It looks exactly like the off-the-shelf page that it currently is.

(The upstream theme is a bit eccentric as well, putting the login form at the bottom of the page, which imo is a UX issue too.)

What needs to happen (in addition to theming) is to get rid of all login forms, except the one of our identity provider. This is a huge project and therefore has not even been started.

Arguably, but I don't think the perfect should be the enemy of the good in this case. Within SUSE, we have gotten used to Okta as well, somehow.

Actions #5

Updated by hellcp almost 4 years ago

ipsilon has had https://pagure.io/ipsilon/blob/master/f/themes/openSUSE for a few months already, I assume we could use that

Actions #6

Updated by bmwiedemann almost 4 years ago

  • % Done changed from 0 to 10

The ipsilon-theme-openSUSE package was installed. There was just no documentation on how to enable it, so I read the source and managed to enable it via

/etc/ipsilon/root/ipsilon.conf
theme_dir = "/usr/share/ipsilon/themes/openSUSE"

but then the links to /portal and /admin were missing and the logo img was broken, so I reverted it for now...

https://static.opensuse.org/chameleon/dist/images/logo/logo-white.svg indeed is not there.

Actions #7

Updated by hellcp almost 4 years ago

Yeah, the symlinks have to be fixed to work properly, I will have to look up how I got it working somewhere else

Actions #8

Updated by lrupp over 3 years ago

  • Category set to 3rd party hosted
Actions #10

Updated by crameleon almost 2 years ago

  • Status changed from New to Workable
  • Assignee changed from opensuse-admin to crameleon
  • % Done changed from 10 to 70

I took this upon myself now and installed the latest openSUSE theme from the ipsilon master branch. The packaged version I could not update as the sources in https://build.opensuse.org/package/show/openSUSE:infrastructure:ipsilon/ipsilon originated from some linked project which no longer exists. And even if, it would probably be a waste of time building updates for 15.2.
For what it's worth, it looks nice now and works. If there are no complaints I will close this and make a new ticket about the obsolete installation and missing packages.

Actions #11

Updated by crameleon almost 2 years ago

  • Assignee changed from crameleon to opensuse-admin
Actions #12

Updated by crameleon almost 2 years ago

One note for administrators: you have to navigate to /admin or /portal yourself after logging in, there is no dashboard with a link.

Actions #13

Updated by crameleon over 1 year ago

  • Category changed from 3rd party hosted to Servers hosted in NBG
  • Assignee changed from opensuse-admin to SUSE-Admins
  • % Done changed from 70 to 100

No complaints, closing. Admin/Portal links patched in by @bmwiedemann - please submit upstream if you can.

Actions #14

Updated by crameleon over 1 year ago

  • Status changed from Workable to Resolved
  • Assignee changed from SUSE-Admins to crameleon
Actions

Also available in: Atom PDF