[LON-CAPA-admin] JA-SIG/Yale CAS with LON-CAPA

Thu Apr 2 04:31:03 EDT 2009

Hi Mike,

I don't know JA-SIG CAS, but some general comments which may be helpful:

We are using the university's LDAP server to offer centralized
authentication for LON-CAPA. All students re-use their already existing
user account. However, LON-CAPA has its own user management and new
users need a) to create their own LON-CAPA accounts, e.g. in the process
of self-enrollment or b) are automatically provided with the account,
e.g. by using auto-enrollment with the data from the registrar's office
or by uploading classlists.

Technically, the server script lonlocal.pm is adjusted so that the LDAP
server is connected to authenticate all locally authenticated LON-CAPA
users. No special login screen is needed (and doesn't make much sense
with regard to what I explained above). Just set the user's
authentication to locally.

All this is confirmed to make many things much easier and works fine
with only few special configuration needed.

Stefan Bisitz

On 31.03.2009, 14:13 -0700, Mike Stanger wrote:
> We're considering integrating JA-SIG CAS (Central Authentication
> System) with LON-CAPA.  I'm wondering what other schools' experience
> has been with using CAS in LON-CAPA? Is there a 'right way' to go
> about it?  My initial thought on how to put it in place is to protect
> the entire space with mod_cas and grab the authenticated users from
> apache's REMOTE-USER env var, completely overriding the initial login
> page, which seems a bit kludgy.  
> 
> 
> Any comments from those have experimented with, or are currently
> running LON-CAPA with CAS would be greatly appreciated.
> 
> 
> Cheers,
> Mike
> 
> 
> 
> 
> 
> 
> +------------------------
> |Mike Stanger
> |Systems Consultant, ICAT
> |SH1023 Simon Fraser University
> |Burnaby, BC Canada V5A 1S6
> |Phone: (778) 782-3361
> |FAX: (778) 782-4242
> |email: mstanger at sfu.ca
> |http://www.sfu.ca/~mstanger