Top Banner
Openness and Extending Blackboard Software Asbed Bedrossian Otto Khera USC
15

Openness and Extending Blackboard Software Asbed Bedrossian Otto Khera USC.

Jan 03, 2016

Download

Documents

Kathryn Byrd
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Openness and Extending Blackboard Software Asbed Bedrossian Otto Khera USC.

Openness and ExtendingBlackboard Software

Asbed BedrossianOtto Khera

USC

Page 2: Openness and Extending Blackboard Software Asbed Bedrossian Otto Khera USC.

Blackboard @ USC

Blackboard has been at USC since 1997.

In the Fall 2009 Semester USC will teach courses on Blackboard version 9.0.

3,600+ Courses

2,400+ Instructors

1,250+ TAs

29,000+ Students

2.5 TB of content, 140GB Oracle 10g database

Originally worked with Database authentication, then LDAP authentication,

and since January 2008, Shibboleth based Single Sign-On (SSO)

authentication.

Page 3: Openness and Extending Blackboard Software Asbed Bedrossian Otto Khera USC.

Current and Potential Benefits of Shibboleth

Single Signon across applications – including potentially Web 2.0 /

cloud apps that are part of the standard.

Authentication (that you are you) and Authorization (that you may

access specific resources) designed to meet the educational

institutional needs.

Data for assessment, accreditation, evaluation.

Institutional equivalent of market open standards identity

management (OpenID, Oauth, AuthD) and therefore NOT

proprietary.

Long-Term Prospect: Provides an identity management solution for

the institution that can transition users (aka ‘lifelong learners’) to an

individual identity management solution.

Page 4: Openness and Extending Blackboard Software Asbed Bedrossian Otto Khera USC.

Shibboleth @ USC

USC has been a member of the InCommonFederation(.org) since its early

testbed days as InQueue.

USC technologists have been involved with the Shibboleth project for many

years.

Some of our Shibboleth project friends may be online with us right now:

Steven Carmody, IT Architect, Brown university, Internet2 Shibboleth project manager

John Krienke, InCommonFederation Operations Manager

USC has run Shibboleth for campus-wide SSO since 2003.

USC was the earliest adopter of Shibboleth 2.0 and integrated it with

Google Apps @ USC in January 2008 and Blackboard in May 2008.

USC’s SSO umbrella has 80+ Applications

Page 5: Openness and Extending Blackboard Software Asbed Bedrossian Otto Khera USC.

What’s Important about SSO and LMS?

Integrates different Learner-centric spaces into a seamless space

Blackboard

Google Apps

Blogs (Movable Type)

Wikis (Confluence)

Campus Portal (uPortal)

Video Streaming (mediabase)

Library & Electronic Resources (EZ Proxy)

Grading and Roster Systems

Digital Measures

Other LMS (Sakai, Moodle, etc)

Removes the chore or multiple logins

Consolidates the user’s identity and profile

Page 6: Openness and Extending Blackboard Software Asbed Bedrossian Otto Khera USC.

Blackboard and Shibboleth

The InCommonFederation has 114 Higher Ed and Government institutions,

and 41 sponsored corporations as participants.

Blackboard is not a sponsored partner of the InCommon Federation.

USC and many other institutions would like to see Blackboard join the

InCommon Federation and officially support Shibboleth as an enterprise-

wide Authentication and Authorization method for Blackboard.

Page 7: Openness and Extending Blackboard Software Asbed Bedrossian Otto Khera USC.

WebCT and Shibboleth

Blackboard has a WebCT manual describing how to integrate WebCT with

campus SSO systems.

https://behind.blackboard.com/s/faculty/refcenter/docs/details.Bb?

DocumentID=2767&pid=12000&rid=5686&dt=

Title page in manual references a “Blackboard Learning System”

Vista Enterprise and Blackboard Learning System, CE Enterprise

Automatic Signon Protocol

Vista (Release 4) and CE (Release 6)

WebCT 8.x supports the same interface

There's a bug in the PHP code included in the appendix

Working version of code, plus additional info, will soon be posted

to:https://spaces.internet2.edu/display/SHIB2/ShibEnabled

Page 8: Openness and Extending Blackboard Software Asbed Bedrossian Otto Khera USC.

Blackboard Shib Resources

Blackboard’s documentation on Shibboleth Integration.

Visit the Shibboleth site

http://shibboleth.internet2.edu/

Visit the Shibboleth Wiki at Internet2

https://spaces.internet2.edu/display/SHIB2/Home

Blackboard-specific page on the wiki:

https://spaces.internet2.edu/display/SHIB2/BlackboardShibProposal

Special Interest Group (SIG) mailing list: InC-Blackboard

Send email to [email protected]

In the body of the email say: sub inc-blackboard FirstName LastName

Colleagues around the country!

Join the community:

Sign the sheet going around

Join the Inc-Blackboard mailing list

Tell Blackboard Inc. that you are interested in integrating your LMS with Shibboleth SSO, that

there is business value in fully supporting Shibboleth as an AuthX method.

Page 9: Openness and Extending Blackboard Software Asbed Bedrossian Otto Khera USC.

Integrating Blackboard with Shibboleth

Authentication @ USC

Eric Hattemer

USC

Page 10: Openness and Extending Blackboard Software Asbed Bedrossian Otto Khera USC.

Setting up Shibboleth

Find the 500 page "Administrator Manual" for your release of Blackboard

Go to the "Shibboleth Integration" Section and follow those instructions

You need a Shibboleth IDP (not in the scope of this presentation)

Generate a shibboleth*.xml according to your IDP specs

We use https://shibboleth.usc.edu/docs/sp/install/#configure

Add a shibboleth account as admin to Blackboard before restarting

Page 11: Openness and Extending Blackboard Software Asbed Bedrossian Otto Khera USC.

Shibboleth Configuration

apache.conf that Blackboard recommends:

<Location /webapps>

  AuthType shibboleth

  require affiliation ~ ^member@.+$

  require user ~ ^.+$

</Location>

[[[Second Column, preferably]]]

USC uses:

<Location /webapps>

    AuthType shibboleth

    ShibRequireSession Off

    Require shibboleth

</Location>

<Location /webapps/login>

  AuthType shibboleth

  ShibRequireSession On

   require valid-user

</Location>

shibboleth2.xml:            <Host name="blackboard.usc.edu">

         <Path name="webapps"

            applicationId="blackboard"

            authType="shibboleth"

            *requireSession="false" *

            exportAssertion="false" />

      </Host>

Page 12: Openness and Extending Blackboard Software Asbed Bedrossian Otto Khera USC.

Timeouts and Sessions

Heavily flawed in Blackboard with or without Shibboleth.

Force Completion checkbox in tests is evil.

shibboleth*.xml:<Sessions...  lifetime="4294967295" timeout="10800" ... />

Page 13: Openness and Extending Blackboard Software Asbed Bedrossian Otto Khera USC.

Logout

By default, logging out of Blackboard doesn't work.

Don't set Persistent Cookies in the Blackboard System Admin

Panel.

Page 14: Openness and Extending Blackboard Software Asbed Bedrossian Otto Khera USC.

Provisioning and Administration

Anyone not in your Shibboleth database can't login to Blackboard

There is no fail-to-RDBMS option

Add-ons that don't know your IDP format can't login to Blackboard

Much less of a problem if you protect only /webapps/login (mentioned earlier)

Possible Solution: LDAP Admin Server

Run an extra app server with a secret URL or IP whitelist

Configure it for LDAP or RDBMS auth

Use it for test accounts, building block registration, WebDAV, etc.

Page 15: Openness and Extending Blackboard Software Asbed Bedrossian Otto Khera USC.

Q & A

Asbed Bedrossian <[email protected]>

Director, Enterprise Applications and Operations

Otto Khera <[email protected]>

Director, Center for Scholarly Technology

Eric Hattemer <[email protected]>

Blackboard Administrator