Details

    • Epic Link:
    • Analysis Estimate:
      Medium < 5 days
    • Front End Estimate:
      XL < 15 days
    • Back End Estimate:
      Large < 10 days
    • Estimation Notes and Assumptions:
      KG: 5/30/2018 Updated what feature covers. Probably need to re-estimate Frontend and Backend.
    • Development Team:
      Vega
    • Rank: Chalmers:
      go-live
    • Rank: Chicago:
      NOT NEEDED
    • Rank: Cornell:
      can wait - up to 1 year
    • Rank: 5Colleges:
      can wait - up to a quarter after go-live
    • Rank: Lehigh:
      go-live
    • Rank: TAMU:
      can wait - up to 1 year
    • Rank: U of AL:
      go-live
    • Rank: Bremen:
      go-live

      Description

      Feature requirement: Define and implement Folio local username/password management policies and workflows.

      Assumption

      Assumption from UM SIG has been that only FOLIO operators need passwords.

      Feature covers the following

      • Valid Password requirements
      • Validate password against bad password list(s) / dictionary(ies)
      • Log/Audit password (failed)
      • Support locking out a user who failed to login after successive attempts
      • Password strength meter
      • Workflow: Create Password
      • Workflow: Reset Password
      • Workflow: Change Password
      • Workflow: Locate my username
      • Ensure a user with SSO enable cannot have a local username/password

      Mockups

      Kimie mockups: https://drive.google.com/drive/folders/0By8ccf5VV4EWNnppQkRGSHZuSjg

        Attachments

          Issue Links

            Expenses

              Activity

              Hide
              kurt Kurt Nordstrom added a comment -

              mod-login in its current form does two things:

              • It serves as a CRUD endpoint to manage credentials for user ids
              • It serves as an endpoint to request and return a JWT given a submitted username/password, which is checked against stored credentials.

              Things like password reset could be managed by any service that has the appropriate permissions to write to the credentials store. Things like contact email and the like could be referenced from the user module. What we don't currently implement is any kind of "security question" information associated with credentials.

              We're also not currently implementing anything to track password re-use. This would require an additional field to store past salt/hash pairs to check against new input.

              As to whether SSO could completely replace username/password auth, I think theoretically yes. The main job of the login process is to return a usable token based on some kind of auth challenge. Whether that be password or SSO, it really should not matter.

              Show
              kurt Kurt Nordstrom added a comment - mod-login in its current form does two things: It serves as a CRUD endpoint to manage credentials for user ids It serves as an endpoint to request and return a JWT given a submitted username/password, which is checked against stored credentials. Things like password reset could be managed by any service that has the appropriate permissions to write to the credentials store. Things like contact email and the like could be referenced from the user module. What we don't currently implement is any kind of "security question" information associated with credentials. We're also not currently implementing anything to track password re-use. This would require an additional field to store past salt/hash pairs to check against new input. As to whether SSO could completely replace username/password auth, I think theoretically yes. The main job of the login process is to return a usable token based on some kind of auth challenge. Whether that be password or SSO, it really should not matter.
              Hide
              kgambrell Khalilah Gambrell added a comment -

              Will create a feature to capture Small Q1 2019 updates.

              Show
              kgambrell Khalilah Gambrell added a comment - Will create a feature to capture Small Q1 2019 updates.

                People

                • Assignee:
                  kgambrell Khalilah Gambrell
                  Reporter:
                  cboerema Cate Boerema
                  Analysis Estimator:
                  Khalilah Gambrell
                  Front End Estimator:
                  Jakub Skoczen
                  Back End Estimator:
                  Jakub Skoczen
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: