[LON-CAPA-admin] lonBalancer and SSO

lucasm at ohiou.edu lucasm at ohiou.edu
Tue Jul 31 17:31:53 EDT 2007


Hi,

I'm trying to get my head wrapped around SSO (I'm working with shibboleth 
here at Ohio University) and how this mucks with the flexibility of 
LON-CAPA.

We are currently using kerberos 5 for our central authentication. This 
will be removed in the future at some point.

I have Shibboleth set up and working on our development machine, but I'm 
trying to sort out what this will look like in production.

Is there any documentation on lonbalancer around? Does this have to be a 
separate machine or can it be one of the access servers?

I know that /adm/login will bring up the regular login and /adm/roles (or 
also just the machine url) will bring up SSO. I'm presuming the best route 
will be to point all activity to the balancing machine.

How do I let LON-CAPA know students will be authenticated through 
shibboleth? Is there any way to shunt an attempted login from a student 
who needs to use shibboleth to the proper place?

Will students be able to log in elsewhere (MSU)? and work on materials? 
I'm presuming not.

Any help visualizing what this will look like, with associated advantages 
and disadvantages would be greatly appreciate.

Thanks!
Mark

----------------------------------------------------------------------------
Mark Lucas					email: lucasm at ohiou.edu
252D Clippinger Lab  				phone: (740)597-2984
Department of Physics and Astronomy             fax:   (740)593-0433
Ohio University
Athens, OH 45701



More information about the LON-CAPA-admin mailing list