Presentation is loading. Please wait.

Presentation is loading. Please wait.

Different Approaches to Single-Sign-On Jeff Kahn, Verbena Consulting.

Published byMustafa Gubbins Modified over 10 years ago

Similar presentations

Presentation on theme: "Different Approaches to Single-Sign-On Jeff Kahn, Verbena Consulting."— Presentation transcript:

1 Different Approaches to Single-Sign-On Jeff Kahn, Verbena Consulting

2 Topics We Will Cover Problem Domain Uninteresting Cases Simple Cases –Username and Password –Provisioning a License Key More Complicated Cases –Desktop Application Push –Account Mapping –Standards-Based Approach (IMS Basic LTI)

3 Problem Domain Communication between Blackboard and some other system Other system requires a login User logs in at most once (via user interface)

4

5 Uninteresting

6 Uninteresting Case URL in Blackboard to a site without login, e.g. weather.com

7 Uninteresting Case

8 Push Content to Blackboard

9 Simple Challenge to Login to Blackboard

10 Simple

11 Simple Cases Building Block holds credentials such as username / password –Managed through Properties / Settings pages Ways to Send Credentials –In the clear –Basic Authentication (not so secure) –Digest access authentication (more secure) –Set a Cookie –Encryption

12 Provisioning (redirect) Skip case of process outside Blackboard Request a key by redirecting to a sign-up site Useful with an approval workflow Note change in look and feel –Loss of Blackboard look –Reinforce other systems brand

13 Properties / Settings Pages

14

15 Requested by E-mail Notification of events –Request key, enter key, etc. –Support business purposes such as credit for a sign-up. Issues –Sending mail from Blackboard may not be enabled –E-mail should not be sent to a specific person

16

17 Identifying Instances Uniquely Dynamically provisioned once –Submit a customer ID, get a web services key in response. –Systems are now paired. Distribute shared secret.

18

19 Portal Info Classes PortalExtraInfo pei = PortalUtil.loadPortalExtraInfo(null, null, myConfig"); ExtraInfo ei = pei.getExtraInfo(); ei.setValue(foo", some value); myVar = ei.getValue(foo"); PortalUtil.savePortalExtraInfo(pei); import blackboard.portal.data.ExtraInfo; import blackboard.portal.data.PortalExtraInfo; import blackboard.portal.servlet.PortalUtil;

20 More Complex

21 Access as Specific bbUser

22 Desktop Application to Blackboard Publishing content to Blackboard –Unknown Bb access method in place Step 1: User Accesses Building Block –Requires login –Creates access token mapped to bbUsername –Copy token and paste into application

23 SoftChalk Key Creation

24

25 Step 2: NOSESSION holds REST handler

26 Step 3: Application passes access token with each request

27 Recap User logs in somehow We generate a token and associate it with their bbUsername. Application stores this token. Application passes this token to JSP in the NOSESSION folder –a folder containing files without Bb page tags that can be accessed without an access challenge. JSP maps token back to bbUsername. We now have a logged in user.

28 Map to External Account

29 Account Mapping Associate Bb user with same user in other system Optimistic Mapping (never a UI challenge) Declared Mapping (user facilitated mapping)

30 Optimistic Account Mapping Both accounts exist –Accounts can be mapped with Bb user data (email) Fetch email out of Bb use for login Wrinkles –Email not in place –Email address not the same multiple accounts, different address purpose Variant: Provision accounts in the other system from bbUsernames or e-mails.

31 Create or Map

32 Map

33 Create

34 Declared Mapping First Time –Try using Bb data –Offer an option to substitute Allow for account creation –Redirect to site or sign-up form in B2 –Store what worked configuration file UserRegistry classes Next Time –Fetch what was stored the first time –Allow for a change it what will work Depends on Remote System API

35 UserRegistry Classes UserRegistryEntry ure = UserRegistryEntryDbLoader.Default.getInstance(). loadByKeyAndUserId(fooKey", userId); String fooKey = ure.getValue(); import blackboard.data.registry.*; import blackboard.persist.registry.*;

36 Standards-Based Launch Data

37 IMS Basic Learning Tools Interoperability http://www.imsglobal.org Required and optional parameters: –User ID, Role, Name, Email –Resource and Context ID –Custom Key and secret (OAuth) Alliance Allure of single development effort –wrapped inside building block

38 Issues No data returned ( there is Outcomes) Subtle LMS-specific integration –e.g. name and description with link –Single or multiple –LMS not required User part of key to identify Documentation and Support –Admin and Instructor Controls –How to add a BLTI Link BLTI Links part of Common Cartridge v1.1

39 Barnes & Noble NOOK Study Textbook list and links no longer stored in Blackboard –Move from license key to key and secret. –Textbook and link list no longer stored in Blackboard Converted Building Block to BLTI Tool Provider

40 Distribute a Shared Encryption Secret Website to request key and secret. Back-end generates pair and emails to provider, end-user, or both. User enters key and secret.

41 Barnes & Noble NOOK Study Same code supports –Angel, D2L, Jenzabar, Moodle, Sakai, WebCT Blackboard supports BLTI in SP4 –Also supports BLTI links in Common Cartridges

42 Jeff Kahn jeffkahn@verbenaconsulting.com www.verbenaconsulting.com Q&A

43 Please provide feedback for this session by emailing DevConFeedback@blackboard.com. DevConFeedback@blackboard.com The title of this session is: Different Approaches to Single-Sign-On from Blackboard to Other Systems

Download ppt "Different Approaches to Single-Sign-On Jeff Kahn, Verbena Consulting."

Similar presentations

MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.

MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.
Course Readings in Learning Management Systems Mike Waugh Louisiana State University Eric Frierson EBSCO Information Services CNI Spring Meeting 2014.

Course Readings in Learning Management Systems Mike Waugh Louisiana State University Eric Frierson EBSCO Information Services CNI Spring Meeting 2014.
Blackboard/Common Cartridge and Open Educational Resources with SoftChalk Jeff Kahn.

Blackboard/Common Cartridge and Open Educational Resources with SoftChalk Jeff Kahn.
Financial Aid Management System Account Registration and Confirmation.

Financial Aid Management System Account Registration and Confirmation.
FI-WARE Testbed Access Control temporary solution.

FI-WARE Testbed Access Control temporary solution.
Research and Innovation Participant Portal How to register for an ECAS account NEXT.

Research and Innovation Participant Portal How to register for an ECAS account NEXT.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Leverage Blackboard Web Services

Leverage Blackboard Web Services
Learning Tools Interoperability (LTI) Presentation to SMUG 4 th October 2012, Forth Valley College Simon Booth (University of Stirling), Stephen Vickers.

Learning Tools Interoperability (LTI) Presentation to SMUG 4 th October 2012, Forth Valley College Simon Booth (University of Stirling), Stephen Vickers.
A Blackboard Building Block™ Crash Course for Web Developers

A Blackboard Building Block™ Crash Course for Web Developers
Linking External Tools with Sakai David Ross Educational Technology, Albany Medical College.

Linking External Tools with Sakai David Ross Educational Technology, Albany Medical College.
The Sports Authority Fundraising Sign-up Instructions.

The Sports Authority Fundraising Sign-up Instructions.
Members Only & Login Modules Members Only works with the Login module to provide password protection to Web pages and files. Login Groups may be created.

Members Only & Login Modules Members Only works with the Login module to provide password protection to Web pages and files. Login Groups may be created.
Comergence 3/14/13. What Does Comergence Do? Comergence provides streamlined processing and centralized storage of Correspondent applications nationwide.

Comergence 3/14/13. What Does Comergence Do? Comergence provides streamlined processing and centralized storage of Correspondent applications nationwide.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
My First Building Block Presented By Tracy Engwirda 28 September, 2005.

My First Building Block Presented By Tracy Engwirda 28 September, 2005.
Objectives Moodle is an online learning environment where instructors & their students interact. In this workshop you will learn: 1.Configure system requirements.

Objectives Moodle is an online learning environment where instructors & their students interact. In this workshop you will learn: 1.Configure system requirements.
Kabel Nathan Stanwicks, Head Circulation and Media Services Department Electronic Reserves Introductory Tutorial for Faculty.

Kabel Nathan Stanwicks, Head Circulation and Media Services Department Electronic Reserves Introductory Tutorial for Faculty.
Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.

Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.

Similar presentations

Ads by Google