Subversion Repositories wimsdev

Rev

Rev 5903 | Blame | Compare with Previous | Last modification | View Log | RSS feed

  1. <p>
  2. Several authentication methods are available in WIMS:
  3. </p>
  4. <ol><li>
  5. Authentication by WIMS.
  6. </li><li>
  7. CAS authentication to authenticate users with single sign on (SSO).
  8. The teacher must know the URL address supplied to him by the organization
  9. he belongs to as well as his students.
  10. </li><li>
  11.  Authentication by an ldap directory (depends on the permissions given
  12. to the WIMS server by the directory).
  13. </li><li>
  14. Authentication by a php script (uses wims's raw module and needs for now
  15. installing simpleSAMLphp).
  16. </li></ol>
  17.  
  18. <p>
  19. On the other hand, at the time of registration, data concerning the
  20. participant's identity (name, firstname, email address, etc.) can be
  21. searched in an ldap directory (same restriction as above for the ldap).
  22. </p><p>
  23. Here is some information about the registration or authentication process for each case:
  24. </p>
  25. <h3>
  26. WIMS authentication (default)
  27. </h3>
  28. <p>This is the original authentication in WIMS.</p>
  29. <ul><li>
  30. Either the teacher registers all participants by choosing for each one his
  31. username, identity and a password.
  32. </li><li>
  33. Or each participant enters the password for the class given by the teacher
  34. and registers by choosing a username and stating his identity, and a password.
  35. </li></ul>
  36. <p>The participant then enters the class using this username and password.</p>
  37.  
  38. <h3>
  39. CAS authentication
  40. </h3>
  41. <ul><li>
  42. The teacher must have configured his class by entering the address
  43. of the CAS host he want to use, either when creating the class,
  44. or using the <span class="tt wims_code_words">Configuration/Maintenance</span>
  45. page (clic on <span class="tt wims_code_words">Authentication</span> in the
  46. left menu) .
  47. </li><li>
  48. The teacher then gives the password of the class to future participants.
  49. </li><li>
  50. The participant clicks the enter button on the line showing his class.
  51. The CAS authentication window appears. He enters his CAS login.
  52. If he is not yet registered, the class password is requested.
  53. If successful, he is asked for his username and password.
  54. He should also accept the terms of use.
  55. If he is already registered, he enters directly into the class.
  56. </li><li>
  57. The teacher can also register himself participants. In this case,
  58. the participant only needs to accept the conditions of use.
  59. </li></ul>
  60. <h3>
  61. CAS authentication and ldap identification.
  62. </h3>
  63. <p>The teacher must have configured his class by entering the address
  64. of the CAS host he want to use, using the
  65. <span class="tt wims_code_words">Configuration/Maintenance</span>
  66. page (clic on <span class="tt wims_code_words">Authentication</span> in the left
  67. menu) and entering the technical ldap parameters. He must also verify that
  68. the directory server accepts requests from WIMS server (contact the manager of the directory).
  69. </p><p>
  70. Everything goes as in the case of a simple authentication by CAS,
  71. but the identifiers (name, ...) are automatically filled.
  72. The CAS and ldap username must be the same.
  73. </p>
  74.  
  75. <h3>
  76. ldap authentication and ldap identification.
  77. </h3>
  78.  
  79. <p>Everything works as in CAS authentication and ldap identification.</p>
  80.  
  81. <h3>Notes</h3>
  82. <ul><li>
  83. <span class="wims_warning">
  84. It is not advisable to change the authentication type when participants
  85. are already registered.
  86. </span>
  87. </li><li>
  88. In the case of external (to WIMS) authentication, an <i>internal</i>
  89. identifier is assigned automatically. It will not be used for authentication
  90.  but remains the identifier of the WIMS participant.
  91. There is no more WIMS password (more precisely it is hidden).
  92. </li><li>
  93. Default settings may have been defined by the site manager if the
  94. classes depend primarily on a single institution.
  95. You may redefine them for your own class.
  96. <br/>
  97. Here is an example of parameters for an ldap authentication :
  98. <pre>
  99. ldap_host: ldap.u-psud.fr
  100. ldap_port: 389
  101. ldap_version: 3
  102. ldap_base: ou=people,dc=u-psud,dc=fr
  103. ldap_branch: ou=people,dc=u-psud,dc=fr
  104. ldap_uid: uid
  105. ldap_login: supannAliasLogin
  106. </pre></li><li>
  107.  
  108. If the ldap authentication fails, the default wims authentication
  109. is automatically proposed.
  110. </li></ul>
  111.