Child pages
  • Sakai Admin Guide - Advanced Configuration Topics
Skip to end of metadata
Go to start of metadata

Advanced Configuration Topics

This document covers advanced topics that may be of use in supporting and growing your Sakai installation.

Web Services

For information about Sakai's web services implementation, please visit:

For a good body of working examples, take a look at the Web services scripts available in the contrib space:

Quartz Scheduler

User Directory, Authentication, and Authorization Providers

A number of institutions have created providers to allow a Sakai install to authenticate and authorize users based on the contents of an external service. This section provides links to some of the documentation for the most commonly supported Auth/Auth mechanisms.

General

LDAP

CAS

Shibboleth

SakaiPortalLogin Web Service

The SakaiPortalLogin Web service is used to allow a user who has been authenticated in a trusted external system (in most cases this would be a portal) to get into Sakai without having to log in again. Sometimes described as Single Sign On (SSO) this allows a user to move seamlessly from an external system into Sakai without having to login twice. To set this up use the following procedure:

1) Enable Sakai Web Services by adding the following entry to sakai.properties (by default Sakai Web Services are disabled):

  1. Indicates whether or not we allow web-service logins
    webservices.allowlogin=true

1) Add the following entry in your sakai.properties file:

webservice.portalsecret = somePassword

This portalsecret is shared by Sakai and your trusted external system. When the trusted external system passes it to Sakai, Sakai knows that the Web service request is coming from a trusted server.

2) In your trusted external system (e.g. your portal) code a SakaiPortalLogin Web service to communicate with Sakai after the user has authenticated into the external system. Here is an example written in Coldfusion:

<cfinvoke webservice="http://#request.SakaiURL#/sakai-axis/SakaiPortalLogin.jws?wsdl" method="login" returnVariable="returnCode">
<cfinvokeargument name="id" value="the_User's_unique_identifier_in_Sakai"/>
<cfinvokeargument name="pw" value="the_portalSecret"/>
</cfinvoke>

If Sakai accepts the user's id and the portalsecret passed by the SakaiPortalLogin it will return a session (in the above Coldfusion example that session is contained in the variable "returnCode").

3) Add the following link to a Web page in the external system:

<a href=http://#request.SakaiURL#/portal?sakai.session=#returnCode#' >SSO to Sakai</a>

Modify the above link so that the sakai.session parameter contains the session returned by your SakaiPortalLogin Web service.

When the user clicks on the above link they get into Sakai through single-sign-on (SSO)!

Note 1: SakaiPortalLogin requires Sakai to have accounts that are identified using an identifier that matches the id passed by the SakaiPortalLogin Web service. You can pre-load these accounts using Sakai Web services or you can add them on the fly using Web services.

Note 2: Make sure your trusted external system and Sakai communicate in ways that can't be overheard – otherwise somebody might be able to figure out what the portalSecret is.

Note 3: If you want Sakai users to exclusively navigate (and authenticate) into Sakai through the external portal you can configure Sakai so that the top login on Sakai links to the external system. To do this set the following parameters in sakai.properties:

top.login=false
login.text=Login
login.url=url_of_external_system/portal

Admins can still log into Sakai directly by going to

http://yourCollegesSakaiURL/portal/xlogin

Course Management Integration

http://confluence.sakaiproject.org/confluence/display/ENTR/Course+Management+Integration

3 Comments

  1. Some suggestions:

    • The "Authorization/Authentication Providers" section should be called "User Directory, Authentication, and Authorization Providers". It should mention provision of user data as well as authn/authz integration.
    • As of 2.5.0, Sakai is able to let an external authentication service supply its own user data. Here's a guide.
    • There should be a "Course Management Integration" section pointing to the Course Management Integration Tutorial.

    I don't have edit access to this page, so feel free to delete this comment if you incorporate the changes.

    1. Thanks, Ray, I've added your comments to the page. I'll remove the comment in a bit.

  2. Hi,

    my page has changed to my new username at steve.swinsburg (then CASifying Sakai). Could you update the link? Thanks.