[LON-CAPA-admin] External Links to Courses

Stuart Raeburn raeburn at msu.edu
Thu Dec 15 13:56:45 EST 2016

Hello Lee,

If a query string specifying the target role is appended to a request  
for the URL: /adm/roles then, as long as the user actually has been  
assigned the specified role (and it has neither an expired nor future  
role), then that role will be initialized after login (and after  
session transfer to the session-hosting server -- if load balanced) in  
all of the following cases:

(a) User logs-in using Single Sign On (SSO) via a load balancer server
(b) User logs-in using the regular (non-SSO) LON-CAPA log-in via a  
load balancer
(c) User logs-in using SSO to a server which also hosts the user session.
(d) User logs-in using the regular (non-SSO) LON-CAPA log-in to a  
server which also hosts the user session.

Cases (a) and (c) work in the msu domain for MSU's CAS-type SSO  
(Sentinel). I have also had success in the msu domain for case (c)  
with Shibboleth within a test environment.  I expect Shibboleth would  
also work with case (a) but I don't currently have a test environment  
at MSU configured for a Shibboleth-enabled load balancer.

If the user is already logged-in to a LON-CAPA server "hostname", then  
the roles screen will be displayed for a URL of  
https://hostname/adm/roles?role=cc./domain/course_identifier, and the  
role will not be automatically changed/initialized.

> I tend to be sent to the non-sso login page  when it fails, even if  
> I am already logged in.

I have not seen that behavior in the cases I've tested in the msu  
domain in either production, or in the testdrive cluster.

It would be straightforward to change the behavior of /adm/roles for  
logged-in users from displaying the standard LON-CAPA roles screen to  
initializing the role when passed a query string containing  

Currently to force role initialization for a logged-in user you would  
use a URL with a different query string, i.e.,


Note: if you include symb=unique_resource_identifier as an additional  
item in the query string, you can jump directly to a specific item in  
a course.

Stuart Raeburn
LON-CAPA Academic Consortium

Quoting "Bynum, Lee Hamilton" <leebynum at illinois.edu>:

> Hello Everyone,
> I am working on building links to our courses from the outside.    
> I've been having some success with links of the following format:
> https://server/adm/roles?role=cc./domain/course_identifier
> Unfortunately, this doesn't seem to work once I am logged into the   
> server.  It also fails if I attempt to use the st role.  I suspect   
> that something is getting mixed up or lost in either the balancer or  
>  the sso interaction.  I tend to be sent to the non-sso login page   
> when it fails, even if I am already logged in.
> Has anyone had any success in similar things?
> Thanks,
> Lee
> _______________________________________________
> LON-CAPA-admin mailing list
> LON-CAPA-admin at mail.lon-capa.org
> http://mail.lon-capa.org/mailman/listinfo/lon-capa-admin

More information about the LON-CAPA-admin mailing list