Rev 5755 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
5563 | reyssat | 1 | Several authentication methods are available in WIMS: |
2 | |||
3 | <ol><li> |
||
4 | Authentication by WIMS. |
||
5 | </li><li> |
||
6 | CAS authentication to authenticate users with single sign on (SSO). |
||
7 | The teacher must know the URL address supplied to him by the organization |
||
8 | he belongs to as well as his students. |
||
9 | </li><li> |
||
10 | Authentication by an ldap directory (depends on the permissions given |
||
11 | to the WIMS server by the directory). |
||
12 | </li><li> |
||
13 | Authentication by a php script (uses wims's raw module and needs for now |
||
14 | installing simpleSAMLphp). |
||
15 | </li></ol> |
||
16 | |||
17 | <p> |
||
18 | On the other hand, at the time of registration, data concerning the |
||
19 | participant's identity (name, firstname, email address, etc.) can be |
||
20 | searched in an ldap directory (same restriction as above for the ldap). |
||
21 | </p><p> |
||
22 | Here is some information about the registration or authentication process for each case: |
||
23 | </p> |
||
24 | <h3> |
||
25 | WIMS authentication (default) |
||
26 | </h3> |
||
27 | This is the original authentication in WIMS. |
||
28 | <ul><li> |
||
29 | Either the teacher registers all participants by choosing for each one his |
||
30 | username, identity and a password. |
||
31 | </li><li> |
||
32 | Or each participant enters the password for the class given by the teacher |
||
33 | and registers by choosing a username and stating his identity, and a password. |
||
34 | </li></ul> |
||
35 | The participant then enters the class using this username and password. |
||
36 | |||
37 | <h3> |
||
38 | CAS authentication |
||
39 | </h3> |
||
40 | <ul><li> |
||
41 | The teacher must have configured his class by entering the address |
||
42 | of the CAS host he want to use, either when creating the class, |
||
5903 | bpr | 43 | or using the <span class="tt wims_code_words">Configuration/Maintenance</span> |
44 | page (clic on <span class="tt wims_code_words">Authentication</span> in the |
||
5563 | reyssat | 45 | left menu) . |
46 | </li><li> |
||
47 | The teacher then gives the password of the class to future participants. |
||
48 | </li><li> |
||
49 | The participant clicks the enter button on the line showing his class. |
||
50 | The CAS authentication window appears. He enters his CAS login. |
||
51 | If he is not yet registered, the class password is requested. |
||
52 | If successful, he is asked for his username and password. |
||
53 | He should also accept the terms of use. |
||
54 | If he is already registered, he enters directly into the class. |
||
55 | </li><li> |
||
56 | The teacher can also register himself participants. In this case, |
||
57 | the participant only needs to accept the conditions of use. |
||
58 | </li></ul> |
||
59 | <h3> |
||
60 | CAS authentication and ldap identification. |
||
61 | </h3> |
||
62 | The teacher must have configured his class by entering the address |
||
63 | of the CAS host he want to use, using the |
||
5903 | bpr | 64 | <span class="tt wims_code_words">Configuration/Maintenance</span> |
65 | page (clic on <span class="tt wims_code_words">Authentication</span> in the left |
||
5563 | reyssat | 66 | menu) and entering the technical ldap parameters. He must also verify that |
67 | the directory server accepts requests from WIMS server (contact the manager of the directory). |
||
68 | <p> |
||
69 | Everything goes as in the case of a simple authentication by CAS, |
||
70 | but the identifiers (name, ...) are automatically filled. |
||
71 | The CAS and ldap username must be the same. |
||
72 | </p> |
||
73 | |||
74 | <h3> |
||
75 | ldap authentication and ldap identification. |
||
76 | </h3> |
||
77 | |||
78 | Everything works as in CAS authentication and ldap identification. |
||
79 | |||
80 | <h3>Notes</h3> |
||
81 | <ul><li> |
||
82 | <span class="wims_warning"> |
||
83 | It is not advisable to change the authentication type when participants |
||
84 | are already registered. |
||
85 | </span> |
||
86 | </li><li> |
||
87 | In the case of external (to WIMS) authentication, an <i>internal</i> |
||
88 | identifier is assigned automatically. It will not be used for authentication |
||
89 | but remains the identifier of the WIMS participant. |
||
90 | There is no more WIMS password (more precisely it is hidden). |
||
91 | </li><li> |
||
92 | Default settings may have been defined by the site manager if the |
||
93 | classes depend primarily on a single institution. |
||
94 | You may redefine them for your own class. |
||
5755 | bpr | 95 | <br/> |
5565 | reyssat | 96 | Here is an example of parameters for an ldap authentication : |
97 | <pre> |
||
98 | ldap_host: ldap.u-psud.fr |
||
99 | ldap_port: 389 |
||
100 | ldap_version: 3 |
||
101 | ldap_base: ou=people,dc=u-psud,dc=fr |
||
102 | ldap_branch: ou=people,dc=u-psud,dc=fr |
||
103 | ldap_uid: uid |
||
104 | ldap_login: supannAliasLogin |
||
105 | </pre></li><li> |
||
106 | |||
107 | If the ldap authentication fails, the default wims authentication |
||
108 | is automatically proposed. |
||
5563 | reyssat | 109 | </li></ul> |
5565 | reyssat | 110 |