[LON-CAPA-admin] SSO with Luminus?

Guy Albertelli II guy at albertelli.com
Wed Apr 25 20:51:48 EDT 2007

Hi Todd,

> Is this one of the "solved" systems with LON-CAPA? 

I've not seen this one yet.

We gotten it working with both CAS and Sentinel (and MSU homegrown

> Our Luminus people
> and I have started to get something going, but I think we're at a point
> where some guidance could be useful.  In particular at this point, with
> other systems they've set up, it has been relatively easy to grab the
> "username" and "password" variables, but it seems that those variable
> names vary within lon-capa.

We've built it such that we expect the SSO system to act like a normal
Apache authentication handler and thus supplant our login-screen for
the SSO's login screen.

It's not expecting the SSO to be using lon-capa's normal login screen
in the process in anyway.

In some more detail the expected process is:

- lon-capa get's a request for a url
   - it tries to find if there is an active session or if not, if the
     url is a public one
- if neither of these are true then it attempts to hand the user
  request off to the SSO
- the SSO is then expected to do whatever it wants to with the user,
  eventually hand ing the user back with the Apache request 'user' field
  filled in)

This is how Apache Authentication handlers work.

Thus in the case of SSO we don't expect to ever have the username or
password to hand off.

If this isn't how Luminus is expecting to work I'd need to know more
about it. (Is this actually Luminis? Is there some public docs I could
look at?)

guy at albertelli.com   0-7-0-9-27,137

More information about the LON-CAPA-admin mailing list