Exactly one year back, we made KDE Forum IdentityEnabled™ (yeah, I like to add ™ to random stuff!). Now it is time to take it one step further. Thanks to Ben, Ingo, Tom and Emil, we have a powerful frontend for KDE Identity (codename Solena). So we had to do some minor adjustments to the forum to get back into the Identity league once Solena was rolled out. But the system implemented on the forum still had quite a few shortcomings:
- We did allow the user can choose to login to the forum using Identity credentials, but the user had to manually click on a checkbox saying “Login using KDE Identity” in order to do that. Of course, we saved the state of the checkbox, but when I think of seamless integration, I imagine that the decision of which authentication system to use needn’t be made by the end user (openID logins are a different thing, there’s no username/password involved at all there, unlike SSO).
- When logging in for the first time, the user had to go through a ‘link your accounts’ screen. Now since we couldn’t merge the forum DB and LDAP due to a lot of conflicts, we are stuck with two databases. On this link screen, the user could link it with an existing forum account (by keying in the credentials for that), or create a new local account (which was confusing. Why should John Doe create another account when he already created one on KDE Identity?).
- We allowed the user to register on forum.kde.org — again giving way to confusion. We say that we support SSO, while we still give the user two different websites where he can register. That’s not SSO.
So what did we do? We designed this new workflow:
- No “Login using identity” checkbox. We now use dual authentication (both DB and LDAP), so authenticate with any credential you want to on the same prompt.
- We still have to keep the link screen, but we gave it a less confusing name, we changed its name to ‘display username’. We also removed unneeded fields like email and password from this screen as an Identity user will not really need a local password (and we can use his Identity email address). We also have an option for the user to choose an auto-generated username.
- We disabled registration on forum.kde.org and redirected all registrations to KDE Identity.
We can describe the whole registration process functionally as follows:
- User visits the forum and clicks on registration link
- User registers on KDE Identity
- Then he comes back to the login page (we’ll find a way soon to bring him back automatically)
- User logs in with the account he just created
- On the ‘display username’ prompt, if he is happy with the auto generated display username, he simply clicks on “Complete registration” without having to enter his password or email address.
We hope the new workflow will integrate the forum deeply with KDE Identity. If you come across any issues, please report it on Bugzilla for the component forum.kde.org.
Link to the official announcement: https://forum.kde.org/viewtopic.php?f=4&t=106886