Integrate central WAYF into the IdP Login Form
This issue proposed an idea how the functionality of the WAYF - i.e. users selecting their organisation - could possibly be integrated into the IdP Login Form. It'll be interesting to hear the opinions from the team and an assessment if this is feasible at all.
Steps
- User clicks on 'Login' on the SP
- User is redirected directly to the edu-ID IdP
Option A - Organisational Email of a migrated organisation
- User enters organisational email address
- User enters password or confirms login with passwordless
Optional: Checkbox: "I don't want to login with ORGNAME, show me all options"
Option A1 - SP excludes private identity
- The SP receives the assertion with the attributes from the organisational affiliation
- If the user has multiple affiliations with this organisation, the Affiliation Chooser is shown
Option A2 - SP includes private identity
- The Affiliation Chooser is shown
- User selects the desired affiliations
- SP receives the attributes of the selected affiliations
Alternatively, we could assume that the user wanted to use their organisational affiliation because they entered the organisational email address and don't show the Affiliation Chooser
Option B - Organisational Email of a not-yet-migrated organisation
- User enters organisational email address
- User is redirected to the IdP of the organisation with the mail address already filled in
- User enters password
- User is logged into the SP
This might be a suboptimal flow for the user, but the time might be here where we want to signal to these organisations that it is no longer possible for us to make sure that everything still works smoothly for them. Being forced to guarantee that their users are still getting an equally good UX than the migrated organisations stops us from moving forward and become more innovative.
Option C - Private Email
- User enters private email address
- User enters password or confirms login with passwordless
- Affiliation Chooser shows all affiliations of the user
- User selects the desired affiliation
- SP receives the attributes of the selected affiliations