New Mechanism to Verify Authenticated Permission.

Idea created by abdullah.shabbab on Dec 20, 2016
    Under review
    Score0

    Dear Sir/Madam,

    Problem Description:

    it has been noticed that organizations face problems especially that LDAP SAMusername are NOT similar to BB user_id. Therefore, it was imposiible to activate SSO Features.. For example,  organisation developers want to use CAS that was impossible with the default configurations.

    Suggested Solution:

    The suggested solution is that in addition to the default access verification we have added a new layer of security checking. for the default security checking it compares the LDAP SAMusername with BB user_id. if LDAP and BB are using similar login usernames they will be given the permission to access the blackboard GUI. if LDAP and BB are different, the new security layer will be activated for further  checking. Instead of using LDAP SAMusername, ExtensionAttribute3, which contains the same username of BB (user_id), will be used to compare it with user_id in BB. if they are identical,  they will be given the permission to access.

    Steps to activate the suggested Solution:

    1- For the the management host website and do the following:.

    2 - Add new services

      3  - fill out the form.

    4  - Add this to in the configuration .xml file.

     

    <bean id="ldapAuthenticationHandler"

          class="org.jasig.cas.authentication.LdapAuthenticationHandler"

    p:principalIdAttribute="sAMAccountName"

    c:authenticator-ref="authenticator">

        <property name="principalAttributeMap">

            <map>

    <entry key="extensionAttribute1" value="extensionAttribute1" />

    <entry key="extensionAttribute2" value="extensionAttribute2" />

    <entry key="extensionAttribute3" value="extensionAttribute3" />

    <entry key="displayName" value="displayName" />

    <entry key="mail" value="mail" />

    <entry key="memberOf" value="memberOf" />

            </map>

        </property>

    </bean>

     

     

    NOTE: if you want to force the users to access through the CAS GUI you need to do the following step.

    5- by adding the following script, you can redirect the blackboard login to the CAS login page:

    <bbNG:jsBlock>     <script type="text/javascript">       function loadLoginPage()       {    window.location = "https://login.nu.edu.sa/cas/login";      if ( top != self )      {      top.location.replace( self.location.href );     }      if(document.forms.login.user_id != undefined)     {      document.forms.login.user_id.focus();     }      setTimeout("triggerScreenreaderAlert()", 500);       }              function triggerScreenreaderAlert()       {     if ( document.getElementById( 'loginErrorMessage' ) )      {      $( 'loginErrorMessage' ).update( $('loginErrorMessage').innerHTML );      }       }     </script>   </bbNG:jsBlock >

    NOTE: if you are using Loader Balance you need to redirect your Blackboard GUI to the CAS login page.

     

    I hope that is useful.

     

     

    Warm Regard.

    Product Version (if applicable):0