100 likes | 242 Views
Blackboard Learning System r6 and Shibboleth. Barry Ribbeck U.Texas Health Science Center at Houston Christopher Etesse Blackboard Inc. Blackboard Learning System. Requirements Shib 1.0 or greater* Blackboard 6.0.11 or higher Support
E N D
Blackboard Learning System r6and Shibboleth Barry Ribbeck U.Texas Health Science Center at Houston Christopher Etesse Blackboard Inc.
Blackboard Learning System • Requirements • Shib 1.0 or greater* • Blackboard 6.0.11 or higher • Support • Shibboleth will be fully supported as a custom authentication option in Bb (currently in a limited Alpha release) • Disclaimer • Limited support, tested only on Red Hat Linux andSun Solaris implementations
Connection Details • User connecting to {shib(Bb)} is redirected to Wayf as expected • Target requires eppn and eduPersonEntitlement • If AA assertions are accepted, Bb remote user is populated with eppn • BbShibbolethAuthModule gets the remote user and creates the user object in BbLS • Can be extended via “Bb Advanced Data and Authentication Manual” • See next slide • Bb can create user account in DB on login (User Account Generation on Gateway: Enable) or it can be created a priori • Currently, course admin must add user to respective courses manually or in batch process * * This assumes a particular database management model
Authentication Implementation BbShibbolethAuthModule.
Processes • Get a list of eppns from remote site authority for proper assignment into BB and course • Populate into BB • Agree on assertion exchange for authZ • Agree on what to do with the data after the course is completed
Yet to be done • Standardization on value to populate remote user • A way to mix local and shib users by redirection at portal by user choice or failover to Shib • A way to utilize an assertion for adding a user to a course so that course managers do not have to add them manually • Discussions about how to support remote users who are not under your institutions domain of control
Ongoing Work • Standardized Course attributes in LDAP • Shibboleth protected Portals • Non-Web based shibboleth protected resources • RBAC space
Shibboleth and Blackboard by Barry Ribbeck, UTHSC-Houston 11 Logged onto Bb Home University Browser Resource Provider ORIGIN 1. I would like access? TARGET 4. I am from HU, logged in? Authentication System (ISO/SSO/Cert) 3. Where are you from? SHIRE Allow HomeU AA 2. Can you authenticate via my Wayf ? Federation WAYF SERVICE (IN COMMON) 5. Authenticate me to HU SHAR Handle Service 6. AuthN ok send handle X to Target 8. Link Handle X touser and Lookup attributes Resource Manager 7. Need eppn & eduPersonEntitlemnt for X? Attribute Authority Bb remoteuser=eppnauto acct generation = off 9. Attributes found and Released 10. If ARP allows, attributes are sent to Target. If attributes are sufficient, access is granted by Resource Manager on Target RBAC Authorization System - LDAP(eduperson) Shib Software =
Educause Meeting • If you are planning to be at Educause, and would like to get together to discuss BB/Shib at that meeting, contact Chris
References • Official Bb documentation - soon • Barry RibbeckDirector of Systems Integration University of Texas Health Science Center at Houston Barry.R.Ribbeck@uth.tmc.edu • Christopher EtesseSenior Director of TechnologyBlackboard Inc.cetesse@blackboard.com