Auth provider ordering

jouvin · September 30, 2019, 8:03pm

Is it possible to control the order of the authorization provider on the authentication page? Or is it controled by the creation order? The documentation says that the the name of an authorization provider should not be changed after it has been configured, does it mean this information goes into the Indico DB and the insertion order is the display order?

Michel

ThiefMaster · September 30, 2019, 8:08pm

Local auth providers are not sorted, remotes ones are sorted by title (not name).

PS: Only the identity provider name must not be changed (that one is stored when associating identifiers with users). For the auth provider it doesn’t matter.

jouvin · September 30, 2019, 8:29pm

Is a LDAP-based auth provider a remote provider? In this case, it doesn’t work for me. I have 2 authorization providers: ‘LAL account’ and ‘ZCSNSM account’ (initially named ‘CSNSM account’). ‘ZCSNSM account’ is displayed first… Not sure what I made wrong…

ThiefMaster · September 30, 2019, 8:31pm

remote = anything redirecting you to amother site
local = anything where you enter credentials on the login form inside indico

jouvin · September 30, 2019, 8:50pm

Ok, it was my guess… Any idea why title sorting may not work?

ThiefMaster · September 30, 2019, 8:54pm

Not sure why we aren’t sorting them to be honest…

github.com

indico/indico/blob/master/indico/modules/auth/templates/login_page.html#L23


    {% endif %}
    {% include 'flashed_messages.html' %}
    <div id="form-wrapper">
        {{ login_form(active_provider, form) }}
    </div>
    <button class="i-button login-form-button" data-provider="{{ active_provider.title }}"
            data-href="{{ url_for('auth.login_form', provider=active_provider.name) }}">
        {%- trans name=active_provider.title %}Login with {{ name }}{% endtrans -%}
    </button>
</div>
{% set other_local_providers = providers|rejectattr('is_external')|reject('equalto', active_provider)|list %}
{% if other_local_providers %}
    <div class="titled-rule">
        {% trans %}or change authentication provider{% endtrans %}
    </div>
    <div class="login-providers providers-with-form">
        {% for provider in other_local_providers %}
            <button class="i-button provider-with-form" data-provider="{{ provider.title }}"
                    data-href="{{ url_for('auth.login_form', provider=provider.name) }}">
                {{- provider.title -}}
            </button>

Try replacing the |list with |sort(attribute='title') there, then they should be sorted by title. I’ll check the code tomorrow to see if there’s any reason for it, but if not we could easily add sorting there in the next version…

jouvin · October 1, 2019, 6:45am

Thanks, I’ll have a look. In fact, I am not very enthusiastic about sorting on the title as the title is exposed to the user and it’s difficult to modify it to control the order. Sorting on the name would give more freedom as you could just prefix the name by whatever convention you want to control the order…

A side benefit if you decide to use a sort based on name is that it will not change anything on the current ordering if you don’t change your auth provider names, as I guess sorting on dictionary keys (names) is the default…

The only drawback that I can see is that, as you cannot change the name of an identity provider already used by some users, you may have to define explicit auth/identity providers association if you change the name of an existing auth provider to adjust the ordering on the login page.