[LON-CAPA-admin] lonBalancer and SSO
lon-capa-admin@mail.lon-capa.org
lon-capa-admin@mail.lon-capa.org
Tue, 31 Jul 2007 17:31:53 -0400 (EDT)
Hi,
I'm trying to get my head wrapped around SSO (I'm working with shibboleth
here at Ohio University) and how this mucks with the flexibility of
LON-CAPA.
We are currently using kerberos 5 for our central authentication. This
will be removed in the future at some point.
I have Shibboleth set up and working on our development machine, but I'm
trying to sort out what this will look like in production.
Is there any documentation on lonbalancer around? Does this have to be a
separate machine or can it be one of the access servers?
I know that /adm/login will bring up the regular login and /adm/roles (or
also just the machine url) will bring up SSO. I'm presuming the best route
will be to point all activity to the balancing machine.
How do I let LON-CAPA know students will be authenticated through
shibboleth? Is there any way to shunt an attempted login from a student
who needs to use shibboleth to the proper place?
Will students be able to log in elsewhere (MSU)? and work on materials?
I'm presuming not.
Any help visualizing what this will look like, with associated advantages
and disadvantages would be greatly appreciate.
Thanks!
Mark
----------------------------------------------------------------------------
Mark Lucas email: lucasm@ohiou.edu
252D Clippinger Lab phone: (740)597-2984
Department of Physics and Astronomy fax: (740)593-0433
Ohio University
Athens, OH 45701