Penn Computing

Penn Computing

Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn

Application Screen Guidances

To create a more standard experience for the user, we recommend that providers use similar language when applications interact with WebLogin. Following is suggested language.

Application Timeout Guidance

ISC recommends the use of a timeout screen using standard language when an open application times out while a Penn WebLogin session is active. CoSign doesn't have built-in timeout support and the screen would be reliant on local session management.

[App/resource name] has timed out.

Your Penn WebLogin session remains active.

Reopen [App/resource name]

Terminate your Penn WebLogin session now

NOTES:

  1. "Reopen..." should link back to your app/resource.
  2. "Terminate..." should link to
    https://weblogin.pennkey.upenn.edu/logout.

Application Logout Guidance

ISC recommends that application and web resource logout buttons work as follows:

  • Selecting an application's logout button (with both SSO and reauth applications) should remove any locally generated state and provide an invisible redirect to the logout screen, https://weblogin.pennkey.upenn.edu/logout, that permits a user to terminate their Penn WebLogin session.
  • If a message to the user is still necessary when the local session ends (for example, advising users when records will be updated), selecting the logout button should generate a local logout confirmation screen with the following info:

You have successfully logged out from [app/resource name].

[owner inserts app- or resource-specific logout messages here, possibly including link that gives option to re-open app/resource]

Your Penn WebLogin session remains active.

Terminate your Penn WebLogin session now

NOTES:

  1. "Terminate..." should link to
    https://weblogin.pennkey.upenn.edu/logout.

401 (Unauthorized) Error Guidance

Users who have successfully authenticated but are not authorized to use a particular PennKey-protected web resource typically receive a server-generated 401 error message. In the WebLogin environment, 401 messages need to advise users that they may have an active WebLogin session that they need to terminate and indicate to the user how to follow up if they want to request access.

ISC recommends that server administrators allow directory-specific 401 messages on their web servers, particularly if the server houses more than one protected resource or if some resources are PennKey-protected and some are protected by another mechanism. Directory-specific messages can name a specific resource and guide users to the most relevant help resource.

Suggested language for a 401 screen that is specific to a directory or to a server that has only one protected resource and that resource is PennKey-protected:

Not authorized

Although you authenticated successfully with your PennKey and password, you are not authorized to access [app/resource name].

Your WebLogin session remains active.
Terminate your Penn WebLogin session now
OR
Navigate to another PennKey-protected web resource.
If you require access to [app/resource name] or have questions, please contact [resource-specific email or phone number].

NOTES:

  1. "Terminate..." should link to
    https://weblogin.pennkey.upenn.edu/logout.
  2. To avoid having a contact email address harvested for use by spammers, consider using a format such as “remoteassistance2009 at lists.upenn.edu” or a similar technique.

Suggested language for a single 401 screen on a server that has several protected resources, all of which are PennKey-protected:

Not authorized

Although you successfully authenticated with your PennKey and password, you are not authorized to access this resource.

Your WebLogin session remains active.
Terminate your Penn WebLogin session now
OR
Navigate to another PennKey-protected web resource.
If you require access to [app/resource name] or have questions, please contact [provide desired contact information].

NOTES:

  1. "Terminate..." should link to
    https://weblogin.pennkey.upenn.edu/logout.
  2. Contact info could be a single general email address or phone number, or a list by resource:
    Resource: A Contact: A
    Resource: B Contact: B
    Resource: C Contact: C
  3. To avoid having a contact email address harvested for use by spammers, consider using a format such as “remoteassistance2009 at lists.upenn.edu” or a similar technique.

Suggested language for a single 401 screen on a server that has several protected resources, not all of which use PennKey:

Not authorized

If you entered your PennKey and password to access any web resource, your WebLogin session remains active.

Terminate your Penn WebLogin session now
OR
Navigate to another PennKey-protected web resource.
If you require access to [app/resource name] or have questions, please contact [provide desired contact information].

NOTES:

  1. "Terminate..." should link to
    https://weblogin.pennkey.upenn.edu/logout.
  2. Contact info could be a single general email address or phone number, or a list by resource:
    Resource: A Contact: A
    Resource: B Contact: B
    Resource: C Contact: C
  3. To avoid having a contact email address harvested for use by spammers, consider using a format such as “remoteassistance2009 at lists.upenn.edu” or a similar technique.

Service Alerts

top

Information Systems and Computing
University of Pennsylvania
Comments & Questions


Penn Computing University of Pennsylvania
Information Systems and Computing, University of Pennsylvania