Menu
▾
▴
Re: [Unity-idm-discuss] Bug in Policy handling
|
From: Roman K. <ro...@un...> - 2024-08-06 09:18:29
|
Good morning Sander, Last but not least for "the third side effect" you've pointed out - would it work for you to configure this policy on IdP level? In such a case it wouldn't be even needed to create enquiries each time policy revision changes to force users to accept it. Best regards, Roman wt., 6 sie 2024 o 11:09 Roman Krysiński <ro...@un...> napisał(a): > Good morning Sander, > > Let me summarize features around "Policy documents" and I hope that will > clarify cases you've pointed out in previous email. > > Policy documents, that can be defined in "Settings > Policy documents" > console view, itself do not bring enforcement capabilities. > They can be used in conjunction with registration and enquiry forms as > well as on IdP level. > * Used on registration form is useful to enforce a specific policy during > user creation, and then record this fact in the system (as you pointed out > in sys:policy-agreement-state attribute) > * When a policy is used at the IdP level (Vaadin-based IdPs contain a > “Policy Agreements” tab where this can be configured), the user will be > required to see and accept the policy after logging into such an IdP if the > current system policy revision does not match the one recorded in the > user’s sys:policy-agreement-state attribute. > * Policy document can also be used in enquiry, it will be shown there only > when current system policy revision does not match the one recorded in the > user’s sys:policy-agreement-state attribute. In other words if the user has > already accepted the current policy, enquiry will not show it. The fact > that the user has completed specific enquiry is recorded > in sys:FilledEnquires attribute. > > Note that changing the policy document revision does not influence on > the sys:FilledEnquires, so if e.g. user has completed an enquiry of "User > is requested, mandatory" type, which is configured with a policy, that > revision has changed, then this enquiry will not be enforced once more. > This can be done with new enquiry OR by configuring this in IdP level. > > > We encountered on Monday the situation where we changed the revision of > a policy from > > version 2 to version 3 (no content changes) and the user did not get > > the update enquiry because they had it already at the update to version > 2. > As mentioned, if a user had an enquiry already completed, revision update > will not force the user to re-do the enquiry. > > > We also saw that the update enquiry did not set or update the value > > of the sys:policy-agreement-state attribute > Can you confirm that the enquiry request in question was accepted? > If so, could you please provide more details on how to reproduce the > problem? > > > (...) a new user account, who agreed the latest version during the > > registration, got an empty enquiry (no checkbox and policy, but on > > cancel and submit buttons) at the first login > As noted, the policy is not shown on enquiry form, when the user has > already accepted it. > I see your point however that this is not the best user experience, and > there is room for improvement here. > We will think about this use case and a better handling. > > In addition to the problem reported by Piotr with enquiry we've found > three more items to address and targeted for the 4.0.1 patch: > * Enquiry logout does not work > * Enquiries are not enforced when logging to hope ui > * Improve the layout of enquiry buttons > > Please let me know in case of any further questions. > > Best regards, > Roman > > > śr., 31 lip 2024 o 07:36 Sander Apweiler <sa....@fz...> > napisał(a): > >> Good morning, >> >> the problems we found were based on unity 3.16.1. We encountered on >> Monday the situation where we changed the revision of a policy from >> version 2 to version 3 (no content changes) and the user did not get >> the update enquiry because they had it already at the update to version >> 2. We also saw that the update enquiry did not set or update the value >> of the sys:policy-agreement-state attribute. And the third side effect >> was that a new user account, who agreed the latest version during the >> registration, got an empty enquiry (no checkbox and policy, but on >> cancel and submit buttons) at the first login. Our plan was to verify >> this on unity 4, before we report those issues. >> >> Best regards, >> Sander >> >> >> On Tue, 2024-07-30 at 15:05 +0200, Piotr Piernik wrote: >> > Dear Sander >> > Generally If the policy has changed with the revision number >> > increase, >> > it should appear to users automatically. >> > Could you please provide more details in which scenario it won't >> > work? >> > >> > >> > >> > Best regards >> > Piotr >> > >> > W dniu 30.07.2024 o 12:36, Sander Apweiler pisze: >> > > Dear Piotr, >> > > nice to hear you found the reason. Can you answer my second >> > > question as >> > > well? We found some issues regarding policies in our 3.16.1 >> > > instances >> > > and we are not sure if the problems based on our misconfiguration >> > > or >> > > unity. >> > > >> > > Best regards, >> > > Sander >> > > >> > > >> > > On Tue, 2024-07-30 at 12:20 +0200, Piotr Piernik wrote: >> > > > >> > > > Dear Sander >> > > > We have problem in policy document editor - saves optional >> > > > policy >> > > > documents as mandatory and vice versa. >> > > > We will fix it in 4.0.1 patch. >> > > > >> > > > Best regards >> > > > Piotr >> > > > >> > > > >> > > > >> > > > W dniu 30.07.2024 o 07:13, Sander Apweiler pisze: >> > > > >> > > > >> > > > > >> > > > > Good morning Krzysztof, >> > > > > good morning Roman, >> > > > > >> > > > > we found another bug in unity 4. We created a mandatory policy >> > > > > (see >> > > > > 1st >> > > > > screenshot) and added it to the registration form (see 2nd >> > > > > screenshot). >> > > > > This policy should be mandatory but I can register without >> > > > > confirmation >> > > > > of the policy. >> > > > > >> > > > > Another question regarding policies because I do not remember >> > > > > and >> > > > > the >> > > > > manual is not that clear in this point. When I create a new >> > > > > version >> > > > > of >> > > > > a policy, is the confirmation of the new version shown to all >> > > > > users >> > > > > or >> > > > > do I need to create enquieries manually? >> > > > > >> > > > > Best regards, >> > > > > Sander >> > > > > >> > > > > >> > > > > >> > > > > >> > > > > _______________________________________________ >> > > > > Unity-idm-discuss mailing list >> > > > > Uni...@li... >> > > > > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss >> > > > > >> > > > >> >> -- >> Large-Scale Data Science >> Juelich Supercomputing Centre >> >> phone: +49 2461 61 8847 >> fax: +49 2461 61 6656 >> email: sa....@fz... >> >> ----------------------------------------------------------------------- >> ----------------------------------------------------------------------- >> Forschungszentrum Jülich GmbH >> 52425 Jülich >> Sitz der Gesellschaft: Jülich >> Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 >> Vorsitzender des Aufsichtsrats: MinDir Stefan Müller >> Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), >> Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Ir. Pieter Jansens >> ----------------------------------------------------------------------- >> ----------------------------------------------------------------------- >> >> >> _______________________________________________ >> Unity-idm-discuss mailing list >> Uni...@li... >> https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss >> > |
