Hello everyone,
I have a conceptual question about SSO and LDAP. In itself, this is a really great system. I log in to YNH once and then immediately have my Nextcloud, my mails, etc. at the click of a button. And without having to re-enter my login details every time and without having to register with each app individually. Great! I’m really thrilled.
However, my enthusiasm soon waned when I realised that SSO & LDAP is not implemented by every app and that this is not a simple technology and can lead to real security problems. For example, when you log out of YNH, you are not automatically logged out of Nextcloud.
As long as I’m on my own computer, which ONLY I can access, none of this is an issue. I’m logged in there anyway and don’t want to log out. I want to have quick access to my apps.
The problem arises when users primarily work on shared computers without centralised user administration. As is the case in Internet cafés, for example, or at school or in a youth club or at work without a real IT department. I can vividly imagine situations in which you are still busy in various YNH apps and then suddenly your mate, colleague or boss calls you to leave quickly. In a hurry, you just log out of YNH, forget to close a hidden browser window and dash off. The next user then suddenly has free access to other people’s data.
How do you deal with this if this scenario is more likely to prevail among users? And if there are various APPs in my YNH system that do not support SSO and LDAP at all and therefore require their own registration and login anyway?
Do you then leave out SSO and LDAP and deliberately manage all the APPs individually, so that the user is really forced to log in via all of them individually if he needs this or that APP? Then the principle is clearer and the same everywhere: register for each APP and log in each time. That’s the way it is.
Then perhaps every user will be more aware that each app has to be closed individually and you have to log out. Of course, this doesn’t solve the fundamental problem of forgetting to close one or two browser windows in a hurry on such unprotected multi-user systems.
How do you deal with such situations? Do you have any thoughts or suggestions?
Best regards
Tinder