Rev 5755 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 5563 | reyssat | 1 | Several authentication methods are available in WIMS: |
| 2 | |||
| 3 | <ol><li> |
||
| 4 | Authentication by WIMS. |
||
| 5 | </li><li> |
||
| 6 | CAS authentication to authenticate users with single sign on (SSO). |
||
| 7 | The teacher must know the URL address supplied to him by the organization |
||
| 8 | he belongs to as well as his students. |
||
| 9 | </li><li> |
||
| 10 | Authentication by an ldap directory (depends on the permissions given |
||
| 11 | to the WIMS server by the directory). |
||
| 12 | </li><li> |
||
| 13 | Authentication by a php script (uses wims's raw module and needs for now |
||
| 14 | installing simpleSAMLphp). |
||
| 15 | </li></ol> |
||
| 16 | |||
| 17 | <p> |
||
| 18 | On the other hand, at the time of registration, data concerning the |
||
| 19 | participant's identity (name, firstname, email address, etc.) can be |
||
| 20 | searched in an ldap directory (same restriction as above for the ldap). |
||
| 21 | </p><p> |
||
| 22 | Here is some information about the registration or authentication process for each case: |
||
| 23 | </p> |
||
| 24 | <h3> |
||
| 25 | WIMS authentication (default) |
||
| 26 | </h3> |
||
| 27 | This is the original authentication in WIMS. |
||
| 28 | <ul><li> |
||
| 29 | Either the teacher registers all participants by choosing for each one his |
||
| 30 | username, identity and a password. |
||
| 31 | </li><li> |
||
| 32 | Or each participant enters the password for the class given by the teacher |
||
| 33 | and registers by choosing a username and stating his identity, and a password. |
||
| 34 | </li></ul> |
||
| 35 | The participant then enters the class using this username and password. |
||
| 36 | |||
| 37 | <h3> |
||
| 38 | CAS authentication |
||
| 39 | </h3> |
||
| 40 | <ul><li> |
||
| 41 | The teacher must have configured his class by entering the address |
||
| 42 | of the CAS host he want to use, either when creating the class, |
||
| 5903 | bpr | 43 | or using the <span class="tt wims_code_words">Configuration/Maintenance</span> |
| 44 | page (clic on <span class="tt wims_code_words">Authentication</span> in the |
||
| 5563 | reyssat | 45 | left menu) . |
| 46 | </li><li> |
||
| 47 | The teacher then gives the password of the class to future participants. |
||
| 48 | </li><li> |
||
| 49 | The participant clicks the enter button on the line showing his class. |
||
| 50 | The CAS authentication window appears. He enters his CAS login. |
||
| 51 | If he is not yet registered, the class password is requested. |
||
| 52 | If successful, he is asked for his username and password. |
||
| 53 | He should also accept the terms of use. |
||
| 54 | If he is already registered, he enters directly into the class. |
||
| 55 | </li><li> |
||
| 56 | The teacher can also register himself participants. In this case, |
||
| 57 | the participant only needs to accept the conditions of use. |
||
| 58 | </li></ul> |
||
| 59 | <h3> |
||
| 60 | CAS authentication and ldap identification. |
||
| 61 | </h3> |
||
| 62 | The teacher must have configured his class by entering the address |
||
| 63 | of the CAS host he want to use, using the |
||
| 5903 | bpr | 64 | <span class="tt wims_code_words">Configuration/Maintenance</span> |
| 65 | page (clic on <span class="tt wims_code_words">Authentication</span> in the left |
||
| 5563 | reyssat | 66 | menu) and entering the technical ldap parameters. He must also verify that |
| 67 | the directory server accepts requests from WIMS server (contact the manager of the directory). |
||
| 68 | <p> |
||
| 69 | Everything goes as in the case of a simple authentication by CAS, |
||
| 70 | but the identifiers (name, ...) are automatically filled. |
||
| 71 | The CAS and ldap username must be the same. |
||
| 72 | </p> |
||
| 73 | |||
| 74 | <h3> |
||
| 75 | ldap authentication and ldap identification. |
||
| 76 | </h3> |
||
| 77 | |||
| 78 | Everything works as in CAS authentication and ldap identification. |
||
| 79 | |||
| 80 | <h3>Notes</h3> |
||
| 81 | <ul><li> |
||
| 82 | <span class="wims_warning"> |
||
| 83 | It is not advisable to change the authentication type when participants |
||
| 84 | are already registered. |
||
| 85 | </span> |
||
| 86 | </li><li> |
||
| 87 | In the case of external (to WIMS) authentication, an <i>internal</i> |
||
| 88 | identifier is assigned automatically. It will not be used for authentication |
||
| 89 | but remains the identifier of the WIMS participant. |
||
| 90 | There is no more WIMS password (more precisely it is hidden). |
||
| 91 | </li><li> |
||
| 92 | Default settings may have been defined by the site manager if the |
||
| 93 | classes depend primarily on a single institution. |
||
| 94 | You may redefine them for your own class. |
||
| 5755 | bpr | 95 | <br/> |
| 5565 | reyssat | 96 | Here is an example of parameters for an ldap authentication : |
| 97 | <pre> |
||
| 98 | ldap_host: ldap.u-psud.fr |
||
| 99 | ldap_port: 389 |
||
| 100 | ldap_version: 3 |
||
| 101 | ldap_base: ou=people,dc=u-psud,dc=fr |
||
| 102 | ldap_branch: ou=people,dc=u-psud,dc=fr |
||
| 103 | ldap_uid: uid |
||
| 104 | ldap_login: supannAliasLogin |
||
| 105 | </pre></li><li> |
||
| 106 | |||
| 107 | If the ldap authentication fails, the default wims authentication |
||
| 108 | is automatically proposed. |
||
| 5563 | reyssat | 109 | </li></ul> |
| 5565 | reyssat | 110 |