update
This commit is contained in:
parent
7154a29eaf
commit
c5c93aa779
6 changed files with 17 additions and 139 deletions
|
@ -1,61 +0,0 @@
|
|||
# Created 2021-08-31 Tue 10:18
|
||||
#+TITLE: Cisco Notes
|
||||
#+AUTHOR: Yann Esposito
|
||||
* Full Solution
|
||||
|
||||
** Cross product cookies
|
||||
|
||||
The only way for a user to feel logged in to all IROH-Auth related products
|
||||
is to have a way to login the user in all products during the login phase.
|
||||
|
||||
The solution is to use a =*.cisco.com= cookie containing the user JWT.
|
||||
It will pollute the =*.cisco.com= namespace in the user cookies, we might need
|
||||
to check with someone at cisco to see if we could do that.
|
||||
If a product is not hosted to a =*.cisco.com= URL then it will not work.
|
||||
|
||||
Technically:
|
||||
|
||||
IROH-Auth will still use the =localStorage= but will also save the JWT in
|
||||
the cookie.
|
||||
If both are different the cookie should probably takes precedence.
|
||||
That way other products will be able to transition to use this cookie
|
||||
instead of just the localStorage at their own pace.
|
||||
|
||||
Once this is done, the "Launch" link in the applink should probably be
|
||||
updated to the product directly and not via IROH-Auth login page.
|
||||
|
||||
This should probably remove the interstitial login page between:
|
||||
|
||||
- SecureX
|
||||
- Threat Response
|
||||
- Orbital
|
||||
|
||||
For SSE, probably not because SSE uses OpenId Connect and does not uses IROH-Auth
|
||||
JWT directly.
|
||||
But, having the user's JWT at their disposal SSE could probably get rid of
|
||||
OpenID Connect and thus the interstitial page.
|
||||
|
||||
** Selected Account Cookie
|
||||
|
||||
Right now we only uses a cookie to remember the last used Identity Provider.
|
||||
We should also save the latest account the user successfully logged in with.
|
||||
|
||||
The limitation is that it will make it a lot harder to switch between
|
||||
account.
|
||||
But it looks like a good compromise.
|
||||
If a user want to switch its account, the user will need to logout (via the
|
||||
existing logout page) that will clean both cookies for the IdP and the Account.
|
||||
One technical difficulty is to save the cookie only after a successful login.
|
||||
|
||||
** Conclusion
|
||||
|
||||
With both of these PR in IROH-Auth, the UI of SecureX, Threat Response,
|
||||
Orbital and SSE will have a way to use the shared IROH-Auth session.
|
||||
And the end-user will feel always logged in, in all products using
|
||||
IROH-Auth à la "google".
|
||||
|
||||
|
||||
** Limitations
|
||||
|
||||
Note if we would like to support cross-domain session more design work
|
||||
should be done to invest in all different possible technical solutions.
|
|
@ -1,61 +0,0 @@
|
|||
# Created 2021-08-31 Tue 10:17
|
||||
#+TITLE: Cisco Notes
|
||||
#+AUTHOR: Yann Esposito
|
||||
* Full Solution
|
||||
|
||||
** Cross product cookies
|
||||
|
||||
The only way for a user to feel logged in to all IROH-Auth related products
|
||||
is to have a way to login the user in all products during the login phase.
|
||||
|
||||
The solution is to use a `*.cisco.com` cookie containing the user JWT.
|
||||
It will pollute the `*.cisco.com` namespace in the user cookies, we might need
|
||||
to check with someone at cisco to see if we could do that.
|
||||
If a product is not hosted to a `*.cisco.com` URL then it will not work.
|
||||
|
||||
Technically:
|
||||
|
||||
IROH-Auth will still use the `localStorage` but will also save the JWT in
|
||||
the cookie.
|
||||
If both are different the cookie should probably takes precedence.
|
||||
That way other products will be able to transition to use this cookie
|
||||
instead of just the localStorage at their own pace.
|
||||
|
||||
Once this is done, the "Launch" link in the applink should probably be
|
||||
updated to the product directly and not via IROH-Auth login page.
|
||||
|
||||
This should probably remove the interstitial login page between:
|
||||
|
||||
- SecureX
|
||||
- Threat Response
|
||||
- Orbital
|
||||
|
||||
For SSE, probably not because SSE uses OpenId Connect and does not uses IROH-Auth
|
||||
JWT directly.
|
||||
But, having the user's JWT at their disposal SSE could probably get rid of
|
||||
OpenID Connect and thus the interstitial page.
|
||||
|
||||
** Selected Account Cookie
|
||||
|
||||
Right now we only uses a cookie to remember the last used Identity Provider.
|
||||
We should also save the latest account the user successfully logged in with.
|
||||
|
||||
The limitation is that it will make it a lot harder to switch between
|
||||
account.
|
||||
But it looks like a good compromise.
|
||||
If a user want to switch its account, the user will need to logout (via the
|
||||
existing logout page) that will clean both cookies for the IdP and the Account.
|
||||
One technical difficulty is to save the cookie only after a successful login.
|
||||
|
||||
** Conclusion
|
||||
|
||||
With both of these PR in IROH-Auth, the UI of SecureX, Threat Response,
|
||||
Orbital and SSE will have a way to use the shared IROH-Auth session.
|
||||
And the end-user will feel always logged in, in all products using
|
||||
IROH-Auth à la "google".
|
||||
|
||||
|
||||
** Limitations
|
||||
|
||||
Note if we would like to support cross-domain session more design work
|
||||
should be done to invest in all different possible technical solutions.
|
|
@ -361,12 +361,13 @@ SCHEDULED: <2021-08-27 Fri 09:00 .+1d/3d>
|
|||
| [2021-08-23 Mon] | 71 | ▉▉▉▉▉▉▌ |
|
||||
#+TBLFM: $3='(orgtbl-uc-draw-grid $2 60 80)
|
||||
*** TODO [#A] News filtered by AI + RSS + Scraper :daily:
|
||||
SCHEDULED: <2021-08-26 Thu 09:00 .+3d>
|
||||
SCHEDULED: <2021-09-02 Thu 09:00 .+3d>
|
||||
:PROPERTIES:
|
||||
:STYLE: habit
|
||||
:LAST_REPEAT: [2021-08-23 Mon 11:42]
|
||||
:LAST_REPEAT: [2021-08-30 Mon 12:24]
|
||||
:END:
|
||||
:LOGBOOK:
|
||||
- State "DONE" from "TODO" [2021-08-30 Mon 12:24]
|
||||
- State "DONE" from "TODO" [2021-08-23 Mon 11:42]
|
||||
- State "DONE" from "IN-PROGRESS" [2021-08-18 Wed 10:03]
|
||||
CLOCK: [2021-08-18 Wed 07:15]--[2021-08-18 Wed 07:35] => 0:20
|
||||
|
|
|
@ -40,14 +40,11 @@ J'ai lu un peu ce soir est hier, sur les fontes.
|
|||
Certaines sont intéressantes.
|
||||
Je cherchais de bonnes fontes pour les écrans retina.
|
||||
Une bonne fonte était "Source Code Pro" en thin.
|
||||
** 09:58
|
||||
** 00:13
|
||||
Une journée bien meilleure que la veille coté stress.
|
||||
Bien plus détendue.
|
||||
J'ai tweaké mon emacs encore, avec nix j'ai installe nerdfonts qui donne
|
||||
des tonnes de fontes sympa.
|
||||
Là j'écris dans org-mode avec la font iMWriting (clone de iAWriter)
|
||||
|
||||
Je viens de télécharger la fonte iMWriting (clone open source de iA Writer)
|
||||
à utiliser dans org-mode c'est sympa :)
|
||||
|
||||
#+begin_src json
|
||||
{"this":"is a test"}
|
||||
#+end_src
|
||||
|
||||
Oui, c'est vraiment très bien en fait. La fonte est jolie, et... reposante.
|
||||
C'est difficile à expliquer, mais ça le fait.
|
||||
J'ai regardé "Au poste !" de Quentin Dupieux très sympa de le revoir.
|
||||
|
|
|
@ -25,11 +25,11 @@
|
|||
:PROPERTIES:
|
||||
:CREATED: 20210819
|
||||
:END:
|
||||
| activité φ | ?/5 | au lit -> sport |
|
||||
| nourriture | ?/5 | malbouffe -> saine |
|
||||
| humeur | ?/5 | exécrable -> excellente |
|
||||
| energie | ?/5 | exécrable -> excellente |
|
||||
| intérêt | ?/5 | ennuie -> exceptionnel |
|
||||
| activité φ | 1/5 | au lit -> sport |
|
||||
| nourriture | 2/5 | malbouffe -> saine |
|
||||
| humeur | 4/5 | exécrable -> excellente |
|
||||
| energie | 3/5 | exécrable -> excellente |
|
||||
| intérêt | 3/5 | ennuie -> exceptionnel |
|
||||
* 2021-08-19 Thursday
|
||||
** 10:10
|
||||
Une nouvelle journée commence. Krystelle est partie avec les chiens pour
|
||||
|
@ -51,3 +51,5 @@ Par contre pas mal de bon humour.
|
|||
La scène où il achète son blouson est top.
|
||||
La scène où il récupère son alliance sur le mort est top.
|
||||
Les scènes de meurtres sont assez sympa.
|
||||
** 00:22
|
||||
Bon j'ai joué à Factorio, demain il faudra chercher le chien.
|
||||
|
|
BIN
roam/org-roam.db
BIN
roam/org-roam.db
Binary file not shown.
Loading…
Reference in a new issue