Blackboard Learning System r 6 and Shibboleth Barry
Blackboard Learning System r 6 and Shibboleth Barry Ribbeck U. Texas Health Science Center at Houston Christopher Etesse Blackboard Inc.
Blackboard Learning System • Requirements – Shib 1. 0 or greater* – Blackboard 6. 0. 11 or higher • Support – Shibboleth will be fully supported as a custom authentication option in Bb (currently in a limited Alpha release) • Disclaimer – Limited support, tested only on Red Hat Linux and. Sun Solaris implementations
Connection Details • User connecting to {shib(Bb)} is redirected to Wayf as expected • Target requires eppn and edu. Person. Entitlement • If AA assertions are accepted, Bb remote user is populated with eppn – Bb. Shibboleth. Auth. Module gets the remote user and creates the user object in Bb. LS • • Can be extended via “Bb Advanced Data and Authentication Manual” • See next slide Bb can create user account in DB on login (User Account Generation on Gateway: Enable) or it can be created a priori • Currently, course admin must add user to respective courses manually or in batch process * * This assumes a particular database management model
Authentication Implementation Bb. Shibboleth. Auth. Module.
Processes • Get a list of eppns from remote site authority for proper assignment into BB and course • Populate into BB • Agree on assertion exchange for auth. Z • Agree on what to do with the data after the course is completed
Yet to be done • Standardization on value to populate remote user • A way to mix local and shib users by redirection at portal by user choice or failover to Shib • A way to utilize an assertion for adding a user to a course so that course managers do not have to add them manually • Discussions about how to support remote users who are not under your institutions domain of control
Ongoing Work • Standardized Course attributes in LDAP • Shibboleth protected Portals • Non-Web based shibboleth protected resources • RBAC space
Shibboleth and Blackboard by Barry Ribbeck, UTHSC-Houston Home University ORIGIN Authentication System (ISO/SSO/Cert) Browser 4. I am from HU, logged in? Handle Service 8. Link Handle X to user and Lookup attributes Resource Provider 1. I would like access? 3. Where are you from? Federation 5. Authenticate me to HU WAYF SERVICE RBAC Authorization System - LDAP (eduperson) TARGET SHIRE 2. Can you authenticate via my Wayf ? Allow Home. U AA (IN COMMON) SHAR 6. Auth. N ok send handle X to Target 7. Need eppn & edu. Person. Entitlemnt for X? Attribute Authority 9. Attributes found and Released 11 Logged onto Bb Resource Manager Bb 10. If ARP allows, attributes are sent to Target. If attributes are sufficient, access is granted by Resource Manager on Target Shib Software = remoteuser=eppn auto acct generation = off
Educause Meeting • If you are planning to be at Educause, and would like to get together to discuss BB/Shib at that meeting, contact Chris
References • Official Bb documentation - soon • Barry Ribbeck Director of Systems Integration University of Texas Health Science Center at Houston Barry. R. Ribbeck@uth. tmc. edu • Christopher Etesse Senior Director of Technology Blackboard Inc. cetesse@blackboard. com
- Slides: 10