The concept of federated access management introduces the need for a user to be ‘returned’ to their institutional login page in order to be authenticated. The new Shibboleth releases have introduced some nice new ideas to help make this experience better for users, such as introducing co-branding with the SP. Unfortunately, quite a lot of institutions are not doing much to help themselves! There are some truly horrible approaches to identity provider login pages out there, and I’ve decided to start naming and shaming 🙂 As there are very many entities within the UK federation I’m chunking this up and probably won’t get to the end of the alphabet, but hopefully everyone will have been shamed in to better behaviour by then. I’d did think about putting up screenshots for the sheer funniness, but didn’t want to make the work of phishing sites any easier so decided not to. It’s quite easy to find the login pages I mention though if you want to.
To start of, I have to talk about KCL. Oh dear KCL, my own organisation. The evil blue back screen, the use of the Shibboleth logo against all advice, the poor KCL branding….what were you thinking?? *shakes head in shame and despair*
Lets move on and look at our ‘A’s’:
- Aberdeen College are first up and what a delight! Clear branding, an attempt to inform the user what they are logging in to (this might be improved with the introduction of MDUI information in the UK federation metadata), clear instructions what to do. Bravo Aberdeen College!
- Aberystwyth University are next up and oh dear. Basic web auth, with the following instructions: “A user name and password are being requested by https://shibboleth.aber.ac.uk. The site says: “Prifysgol Aberystwyth University”. Yes? And? Which username and password? What am I logging in to? What is this weird floaty box thing? Heeeeelp! Fail for Aber I’m afraid 🙁
- Abingdon and Witney College have the generic Athens authentication point, and might want to be aware of the current advisory to promote the Athens brand to administrators within their organisation.
- Accrington & Rossendale College and another basic web auth. Oh dear Accrington, please join the Aber fail club.
- Adam Smith College has a very basic login screen. There are clear instructions for the user, but no institutional branding which is a strange missed opportunity. C- Adam Smith, try a bit harder please 🙂
- Anglia Ruskin University. Good, clear, branded. Well done.
- Angus College again very clear. I would get rid of the words ‘uk federation login’ however small, and provide a link to the help point but definitely one of the better ones.
- Anniesland College have the generic Athens authentication point, and might want to be aware of the current advisory to promote the Athens brand to administrators within their organisation.
- Aquinas College and another basic web auth fail. What a pity.
- Arts University College at Bournemouth have the generic Athens authentication point, and might want to be aware of the current advisory to promote the Athens brand to administrators within their organisation.
- Ashton Sixth Form College also join the basic web auth fail club.
- Askham Bryan College and more basic web auth. The list gets longer for fails.
- Aston University. Good and clear and well branded but we don’t suggest you use the language ‘uk federation’ – your users don’t need to know about the federation. Just say university or institutional login.
- Ayr College have the generic Athens authentication point, and might want to be aware of the current advisory to promote the Athens brand to administrators within their organisation.
Well there we are. Only 2 approaches I wouldn’t make changes to.
I hope you all take this in the spirit it is meant – as an effort to improve the user experience across the board – and not as an insult. In the difficult process of getting all the tech working the issue of ‘what a user sees’ can often be forgotten. Those of us that stare at login pages for most of everyday have become quite sensitive to these issues and would like to help you make them better.
If there is anything that the UK Access Management Focus can do to help you with the access management user experience, please just let us know.