The Blackboard Learn authentication framework enables users providing ID and password credentials to validate and initiate a session in Blackboard Learn. The framework also enables integrating Blackboard Learn with one or more external authentication providers.
The Blackboard Learn authentication framework is provided using Building Block technology with full user interface installation, management, and logging. This use of Building Blocks to provide authentication integration removes barriers and issues with system management related to custom authentication.
Authentication providers
Blackboard Learn ships with four providers by default.
- Learn Internal: This is the default authentication provider. You can make it Inactive, but you cannot delete it.
- CAS: This represents an external Central Authentication Service (CAS) provider.
- LDAP: This represents an external Lightweight Directory Access Protocol (LDAP) provider.
- Shibboleth: This is supported as a custom authentication option for Blackboard Learn on Linux operating systems.
In the authentication framework, you can map authentication providers to one or more hostnames. The following table provides an example of mapping hosting names.
| Hostname | Log a User With |
|---|---|
| education.blackboard.com | LDAP education provider |
| medicine.blackboard.com | CAS medicine provider |
| externals.blackboard.com | Learn Internal provider |
Provider order
You arrange the providers in order of preference enabling an authentication cascade where each provider is sequentially queried until a user is logged in or fails to be authenticated. Users are only passed through to the next provider in the chain when two conditions exist:
- The provider does not know the username, for example, known usernames with bad passwords do not fall through.
- A provider error occurs and error fall through is enabled.
You want to set provider order to use for failover if one of the providers' sources is broken. For example, if you have three LDAP servers, the authentication framework checks the first server, and if that fails, checks each server until authentication is achieved.
To reorder the providers, use the drag-and-drop function available on the Provider Order page. Press and drag the providers into descending order, from top to bottom.
Note: Providers are skipped that do not match the set of rules the authentication framework is checking. For example, if a user is logging in using the externals.blackboard.com hostname and the first two providers listed are mapped to education.blackboard.com and medicine.blackboard.com, the first two providers are skipped.
Legacy provider
The Legacy Authentication Provider type has been removed from the Authentication section of the Administrator Panel as of Learn 9.1 version Q4 2019.
Blackboard recommends creating new authentication providers using the Building Block authentication framework and rewriting any custom authentication modules to use the new framework. If this is not viable, you can use the legacy framework to manage authentication.
The Legacy Authentication Provider type bypasses the Building Block authentication framework introduced in Blackboard Learn SP8. Making this provider Active makes all other providers in the authentication framework Inactive.
Webserver (web delegation) authentication has not been created in the new framework along with other partner authentications such as Datatel. If needed, you can manage these using the Legacy Authentication Provider using the authentication.properties and bb-config.properties files.
When upgrading from SP7 or earlier to SP8, some existing provider types are updated automatically to use the new authentication framework. These migrated providers include the default Learn Internal provider and LDAP. If your Active configured provider is not on the migrated list, it remains Active and functions as a Legacy Authentication Provider.
