Different Approaches to Single-Sign-On Jeff Kahn, Verbena Consulting

Topics We Will Cover Problem Domain Uninteresting Cases Simple Cases –Username and Password –Provisioning a License Key More Complicated Cases –Desktop Application Push –Account Mapping –Standards-Based Approach (IMS Basic LTI)

Problem Domain Communication between Blackboard and some other system Other system requires a login User logs in at most once (via user interface)

Uninteresting

Uninteresting Case URL in Blackboard to a site without login, e.g. weather.com

Uninteresting Case

Push Content to Blackboard

Simple Challenge to Login to Blackboard

Simple

Simple Cases Building Block holds credentials such as username / password –Managed through Properties / Settings pages Ways to Send Credentials –In the clear –Basic Authentication (not so secure) –Digest access authentication (more secure) –Set a Cookie –Encryption

Provisioning (redirect) Skip case of process outside Blackboard Request a key by redirecting to a sign-up site Useful with an approval workflow Note change in look and feel –Loss of Blackboard look –Reinforce other systems brand

Properties / Settings Pages

Requested by Notification of events –Request key, enter key, etc. –Support business purposes such as credit for a sign-up. Issues –Sending mail from Blackboard may not be enabled – should not be sent to a specific person

Identifying Instances Uniquely Dynamically provisioned once –Submit a customer ID, get a web services key in response. –Systems are now paired. Distribute shared secret.

Portal Info Classes PortalExtraInfo pei = PortalUtil.loadPortalExtraInfo(null, null, myConfig"); ExtraInfo ei = pei.getExtraInfo(); ei.setValue(foo", some value); myVar = ei.getValue(foo"); PortalUtil.savePortalExtraInfo(pei); import blackboard.portal.data.ExtraInfo; import blackboard.portal.data.PortalExtraInfo; import blackboard.portal.servlet.PortalUtil;

More Complex

Access as Specific bbUser

Desktop Application to Blackboard Publishing content to Blackboard –Unknown Bb access method in place Step 1: User Accesses Building Block –Requires login –Creates access token mapped to bbUsername –Copy token and paste into application

SoftChalk Key Creation

Step 2: NOSESSION holds REST handler

Step 3: Application passes access token with each request

Recap User logs in somehow We generate a token and associate it with their bbUsername. Application stores this token. Application passes this token to JSP in the NOSESSION folder –a folder containing files without Bb page tags that can be accessed without an access challenge. JSP maps token back to bbUsername. We now have a logged in user.

Map to External Account

Account Mapping Associate Bb user with same user in other system Optimistic Mapping (never a UI challenge) Declared Mapping (user facilitated mapping)

Optimistic Account Mapping Both accounts exist –Accounts can be mapped with Bb user data ( ) Fetch out of Bb use for login Wrinkles – not in place – address not the same multiple accounts, different address purpose Variant: Provision accounts in the other system from bbUsernames or s.

Create or Map

Map

Create

Declared Mapping First Time –Try using Bb data –Offer an option to substitute Allow for account creation –Redirect to site or sign-up form in B2 –Store what worked configuration file UserRegistry classes Next Time –Fetch what was stored the first time –Allow for a change it what will work Depends on Remote System API

UserRegistry Classes UserRegistryEntry ure = UserRegistryEntryDbLoader.Default.getInstance(). loadByKeyAndUserId(fooKey", userId); String fooKey = ure.getValue(); import blackboard.data.registry.*; import blackboard.persist.registry.*;

Standards-Based Launch Data

IMS Basic Learning Tools Interoperability Required and optional parameters: –User ID, Role, Name, –Resource and Context ID –Custom Key and secret (OAuth) Alliance Allure of single development effort –wrapped inside building block

Issues No data returned ( there is Outcomes) Subtle LMS-specific integration –e.g. name and description with link –Single or multiple –LMS not required User part of key to identify Documentation and Support –Admin and Instructor Controls –How to add a BLTI Link BLTI Links part of Common Cartridge v1.1

Barnes & Noble NOOK Study Textbook list and links no longer stored in Blackboard –Move from license key to key and secret. –Textbook and link list no longer stored in Blackboard Converted Building Block to BLTI Tool Provider

Distribute a Shared Encryption Secret Website to request key and secret. Back-end generates pair and s to provider, end-user, or both. User enters key and secret.

Barnes & Noble NOOK Study Same code supports –Angel, D2L, Jenzabar, Moodle, Sakai, WebCT Blackboard supports BLTI in SP4 –Also supports BLTI links in Common Cartridges

Jeff Kahn Q&A

Please provide feedback for this session by ing The title of this session is: Different Approaches to Single-Sign-On from Blackboard to Other Systems