[LON-CAPA-admin] SSO with Luminus?
Guy Albertelli II
guy at albertelli.com
Wed Apr 25 20:51:48 EDT 2007
Hi Todd,
> Is this one of the "solved" systems with LON-CAPA?
I've not seen this one yet.
We gotten it working with both CAS and Sentinel (and MSU homegrown
one)
> Our Luminus people
> and I have started to get something going, but I think we're at a point
> where some guidance could be useful. In particular at this point, with
> other systems they've set up, it has been relatively easy to grab the
> "username" and "password" variables, but it seems that those variable
> names vary within lon-capa.
We've built it such that we expect the SSO system to act like a normal
Apache authentication handler and thus supplant our login-screen for
the SSO's login screen.
It's not expecting the SSO to be using lon-capa's normal login screen
in the process in anyway.
In some more detail the expected process is:
- lon-capa get's a request for a url
- it tries to find if there is an active session or if not, if the
url is a public one
- if neither of these are true then it attempts to hand the user
request off to the SSO
- the SSO is then expected to do whatever it wants to with the user,
eventually hand ing the user back with the Apache request 'user' field
filled in)
This is how Apache Authentication handlers work.
Thus in the case of SSO we don't expect to ever have the username or
password to hand off.
If this isn't how Luminus is expecting to work I'd need to know more
about it. (Is this actually Luminis? Is there some public docs I could
look at?)
--
guy at albertelli.com 0-7-0-9-27,137
More information about the LON-CAPA-admin
mailing list