May 20 - Development Meeting John, Phil, and Kirky
---------------------------------------------------------------------
Principals - Mapping iLab user and authentication sceem and credentials that authenticate use
Walk though
User from LMS, authenticated user who is going through the LMS and hits an activity - goto iLabs
how smoothly can we have this happen - without breaking iLabs
ASP.NET either have IIS do authentication (active directory, windows authentication, http authentication)
- problem with windows authentication - have to have account on machine - not viable
- http authentication will not work - not viable
- active directory authentication
ASP.NET forms authentication
- currently using - when you open a form the pages checks the session and if not valid redirects to login
Build system to allow - select from alternative authentication modules
- local database
- external module like active directory
Single-signon system provides who user and possibly a few attributes (CAS, SHIBelth)
URL to point in SB that requires authentication
SHIBLTH modelue intercept - redirect to central SHIBITH - redirect to SB forms authentication
Master Authenticator
multiple authentication modules - one for each type
Authentication done by LMS - don't want to create account manually the first time - need to get info from LSMs to create account and assign groups
Notification that user is coming in - hopefully know user - if not get info and create the account-
LMS redirect to my clients page
user name and group and client and authentication entity .....
Forms authenticator - create session cookie, context object
****************************************
groups will already exist - done offline
external authentication - requires modules to be written in each system
single signon - configure forms authenticator - UQ - Active Directory
Forms authenticator that delegates to multiple types of authentication
John - interested in single-signon - active directory
Master Authenticator - which authority and what type of authority