Enhanced SSO controls

Currently, the D7 pilot service has SSO login which supports both CERN users (i.e. registered users affiliated with a CERN project) and lightweight accounts (i.e. someone with a valid e-mail address who has filled out the form at https://account.cern.ch/account/Externals)

In some cases, a site owner may want to allow lightweight account access, in other cases not. This project would improve the display of the Shibboleth login block which currently displays "CERN SSO Login" to have one of two options:

  1. Firstly, a site which allows lightweight accounts should display:

    CERN SSO Login
    Need to register?

  2. Secondly, if lightweight accounts are not permitted, the 'Need to register' should not be displayed.

In an ideal world, maybe we need to have a level between anonymous and authenticated which is 'lightweight'. This would allow different controls depending on whether the user is a CERN-user or just a registered/trackable one.

Project status: 
Proposal

You are here