[LON-CAPA-cvs] cvs: loncom /html/adm/help/tex Institutional_Integration_Shibboleth.tex

raeburn raeburn at source.lon-capa.org
Thu Mar 26 12:03:55 EDT 2015

raeburn		Thu Mar 26 16:03:55 2015 EDT

  Modified files:              
    /loncom/html/adm/help/tex	Institutional_Integration_Shibboleth.tex 
  - Document lonSSOUserLogoutHeadFile and lonSSOUserLogoutHeadFile_$dom.
Index: loncom/html/adm/help/tex/Institutional_Integration_Shibboleth.tex
diff -u loncom/html/adm/help/tex/Institutional_Integration_Shibboleth.tex:1.2 loncom/html/adm/help/tex/Institutional_Integration_Shibboleth.tex:1.3
--- loncom/html/adm/help/tex/Institutional_Integration_Shibboleth.tex:1.2	Fri Mar 13 03:33:57 2015
+++ loncom/html/adm/help/tex/Institutional_Integration_Shibboleth.tex	Thu Mar 26 16:03:55 2015
@@ -255,8 +255,8 @@
 is domain, to include items such as:
-PerlSetVar lonSSOUserLogoutMessageFile 
+PerlSetVar lonSSOUserLogoutHeadFile_<dom>/home/httpd/html/adm/sso_logout_head_frag
+PerlSetVar lonSSOUserLogoutMessageFile_<dom> /home/httpd/html/adm/sso_logout_body_frag
 PerlSetVar lonSSOUserUnknownRedirect /adm/sso_failed_login.html
 PerlSetVar lonSSOUserDomain <dom>
@@ -266,9 +266,19 @@
-Both files contain HTML mark-up, but the logout link is just a fragment which will
-be inserted into the standard LON-CAPA logout page, whereas the sso\_failed\_login.html file
-should be a complete HTML document.
+All files will contain HTML mark-up, but the sso\_logout\_head\_frag item is a fragment 
+inserted into the head block of the standard LON-CAPA logout page, and similarly,
+the sso\_logout\_body\_frag is a fragment inserted into the body of the page, 
+whereas the sso\_failed\_login.html file should be a complete HTML document.
+If the name of the PerlVar ends \_$<$dom$>$ then the HTML fragment is only displayed
+to SSO users from that particular domain.  It is possible that a LON-CAPA user from another
+domain might have used SSO authentication on a server in his/her home domain, and then switched
+session to your server, (e.g., for co-author access to an Authoring Space in your domain).
+In that particular case, if you wanted to display custom HTML, you should add a PerlVar with a 
+name ending in \_$<$otherdom$>$. If you include PerlVars for lonSSOUserLogoutHeadFile
+and/or lonSSOUserLogoutMessageFile they will be included for SSO users who use the Logout link
+on your LON-CAPA regardless of the user's domain.
 SAML 2 Single Logout (SLO) has limited support starting with IdP's running Shibboleth 2.4.

More information about the LON-CAPA-cvs mailing list