You can implement your plan after:
- Planning your authentication framework.
- Identifying your authentication providers.
- Identifying the order of your authentication providers.
- Identifying the host names your authentication providers are mapped to.
The Authentication page is located on the Administrator Panel in the Building Blocks section. On this page, you can manage your providers. You can create, view, and edit providers, and you can set provider states of Active or Inactive. You can also access the provider order and view the Authentication Logs pages.
If you are locked out of the user interface due to a bad configuration of the new authentication framework, use the AuthenticationOneTimeLogin backend script. If the Legacy provider is Active, then this is not needed as changes are made to the authentication.properties and bb-config.properties, and you can use these to revert problematic configurations.
Common authentication provider settings
All Authentication Providers, other than the special Legacy Authentication Provider, have a group of common settings that you can customize.
- Name (Required): Set a provider name that easily distinguishes one provider from another.
- Description (Optional): Provide a description that easily distinguishes one provider from another, in particular when creating providers of the same type or when providers will be mapped to specific host names.
- Authentication Provider Availability (Active/Inactive): When creating a new provider, keep the provider as Inactive until configuration and testing is completed.
- User Lookup Method (Username/Batch Uid): Use to select the logon name field mapping. If your provider's logon name does not map to the Learn username, you can propagate the logon name to the Batch_Uid field using the Data Integration framework or Snapshot.
- Restrict by host name: Use this option to map a provider to one or more host names. Select either Use this provider for any host names or Restrict this provider only to the specified host name.
- Restricted Host Names: Type one or more host names in the text box, with one host name per line.
Default authentication provider
The Learn Internal provider is the default Authentication Provider, which authenticates a user's login credentials against the Blackboard Learn database.
You can map this provider to one or more host names and edit it to make it Active or Inactive, but you can't delete it. If all other providers are set to Inactive, this provider is made Active automatically.
Default authentication doesn't support password complexity or reuse constraints and provides no mechanism to limit failed login attempts. We recommend that clients with more complex requirements use external authentication such as LDAP, CAS or SAML.
Create an authentication provider
You can create Authentication Providers with the three authentication provider types that currently ship with Learn-CAS, LDAP, and Shibboleth. You can also create and add Custom Provider types to the authentication framework.
Use the following steps to create a provider.
- Move your mouse pointer over Create Provider and select the provider type.
- Type a Name for the provider and optionally, provide a Description. Choose a naming convention or description that easily distinguishes one provider from another, in particular when creating providers of the same type or when providers are mapped to specific host names. These names are only for administrators and are not seen by end users.
- Optionally, set the:
Authentication Provider Availability as Active. Inactive is selected by default. Keep the provider as Inactive until configuration and testing is completed.
User Lookup Method as Batch Uid. Username is selected by default. If your provider's logon name does not map to the Learn username, you can propagate the logon name to the Batch_Uid field using the Data Integration framework or Snapshot.
Restrict by host name as Restrict this provider only to the specified host name. Select this option to map this provider to a host name. Type one or more host names in the Restricted Host Names text box, with one host name per line. Use this provider for any host names is selected by default.
Adding commas to separate multiple host names results in an error.
If you are creating a CAS or Shibboleth provider type, in the Provider Settings section, type the Link Text and optionally, browse for an icon.
When multiple providers are Active, this icon and link text appear in the Sign In Using section of the login page. To learn more, see CAS Authentication Provider Type or Shibboleth Authentication Provider Type.
- Select Save and Configure to move to the configuration page for the specific provider type you are creating.