HomeForumsCPIP Connectors

SSO to Angel help needed

Thu, 2008-07-10 14:04 — mccullarsj

Hi, I'm trying to get a SSO to Angel Learning Systems working from Luminis using the hints from this thread: http://www.lumdev.net/node/1843 (thanks for posting your angel.properties file, it was a big help). I am close, just not there yet. I followed the steps in the GCF Implementation Guide to create the SSO and then a bookmark in Luminis and when I try to go there, I get this message:

CPIP ERROR angelbkup Failed to set default CPIP login info with params '{ExternalSystemName=angelbkup}' for person 'James McCullars' with external ID 'null'

The documentation says that this error is caused by usePDSCredentials being set to false and having no external ID associated with the application. However, I set es.angelbkup.usePDSCredentials to true using configman and restarted the cpipconnector and still got the error. I have tried setting the log level in cpiplog4j.properties to DEBUG per the docs and restarted cpipconnector and got a lot of messages in cpipconnector.log but nothing about that error. I don't know where to look next. Any hints or advice would be most welcome. Thanks!

0
No votes yet
‹ No redirection to URL value after CPIP SSO NetPartner/PowerFAIDS SSO - need help ›

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Fri, 2008-07-11 13:58 — ziptiespec

I set up SSO for Lum III.3.3 and Angel LMS

Jim,

I'm the "Jesse" that Reuben refers to in his post. I've also posted info about my experience w/ Angel LMS CPIP/SSO in this thread: http://www.lumdev.net/node/637

When creating the CPIP connector for Angel in my environment, I didn't run into the issue that you have. I used Jon's CPIP into LDN (http://www.lumdev.net/node/44) as a starting point.

One of the two places where I got hung up was that I told Luminis to sync passwords with the external system. With our environment this was actually not the desired configuration as the user's Angel password is in most cases not going to be the same as the Luminis password. So, to work around that I just had to set the external account user/pass with this cptool command:

cptool set user user ExternalAccount='angel|user|password'

I don't know if your set up is the same re: Luminis/Angel authentication.

The other issue I had was w/ the Angel frames, or rather the main Angel page loading outside of the frame. This was addressed by including a hidden input field called "REDIR" with a value of "/" to the angel.properties file.

I've attached my congifman import file, .properties file, and .xml file.

Fri, 2008-07-11 14:12 — ziptiespec

Hmm, can't seem to attach

Hmm, can't seem to attach anything to my post. Here are the contents of the files though:

angel.configman
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 

es.angel.configURL = http://luminis_host:81/cpipconnector/angel/GetConfigVersion2
es.angel.configsleeptime = 10000
es.angel.configattempts = 60
es.angel.shortcircuitlogin = false
es.angel.autosync = true
es.angel.systemdescription = Angel LMS

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

angel.properties
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 

angel.externalSystemName    = angel
angel.license.issued        = Blah blah blah
angel.license.key           = XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX
angel.pickup.response       = \
<html> \
<body> \
<div style="display: block;"> \
        <form method="POST" action="http://angel_host/signon/authenticate.asp" name="frmLogon"> \
        <input type="hidden" name="COOKIEPATH" value="/" /> \
        <input type="hidden" name="REDIR" value="/" /> \
        <input type="text" name="username" value="~{_CPUSERNAME}" /> \
        <input type="text" name="password" value="~{_PASSWORD}" /> \
<!-- \
        <input type="submit" /> \
--> \
        </form> \
</div> \
<script type="text/javascript">document.frmLogon.submit();</script> \
</body> \
</html>

angel.coursemap.enabled     = false
angel.convertSiteCookies    = true
angel.externalSystemURL     = http://angel_host
angel.operations            = ${SSOROOT}/config/angel.xml
angel.sso.operations.class                            = com.campuspipeline.sso.authenticator.SSOOperations
angel.urlBase                                         = ${cpipconnector.urlBase}/${angel.externalSystemName}
angel.cpipconnector.getconfig.createonlogin           = 0
angel.cpipconnector.getconfig.authenticate            = ${angel.urlBase}/Authenticate
angel.cpipconnector.getconfig.authenticateOIDlist     = 1.3.6.1.4.1.4409.1.1.4.2
angel.cpipconnector.getconfig.deauthenticate          = ${angel.urlBase}/Deauthenticate
angel.cpipconnector.getconfig.deauthenticateOIDlist   = 1.3.6.1.4.1.4409.1.1.6.1
angel.cpipconnector.getconfig.lastactive              = ${angel.urlBase}/LastActive
angel.cpipconnector.getconfig.lastactiveOIDlist       = 1.3.6.1.4.1.4409.1.1.5.1
angel.cpipconnector.getconfig.sessionPlaceHolder      = sessionPlaceHolder
angel.cpipconnector.getconfig.sendcpsession           = false
angel.cpipconnector.getconfig.sendtimeout             = false
angel.cpipconnector.getconfig.desturl_parmname        = destURL
angel.cpipconnector.getconfig.sendlogin               = true
angel.cpipconnector.getconfig.useSISCredentials       = false
angel.cpipconnector.getconfig.configsleeptime         =
angel.cpipconnector.getconfig.configattempts          =
angel.cpipconnector.getconfig.shortcircutlogin        =
angel.pickup.destURLParameter                         = url

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

angel.xml
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 

<operations>
    <authenticate>
        <CLIENT>
            <SESSION a:server="${properties.externalSystemURL}" >
                <RESULT a:value="TRUE" />
            </SESSION>
        </CLIENT>
    </authenticate>
    <deauthenticate>
        <CLIENT>
            <SESSION>
                <RESULT a:value="TRUE" />
            </SESSION>
        </CLIENT>
    </deauthenticate>
    <checkstate>
        <CLIENT>
            <SESSION>
                <RESULT a:value="TRUE" />
            </SESSION>
        </CLIENT>
    </checkstate>
</operations>

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Tue, 2008-07-15 12:22 — mccullarsj

Getting closer, but...

Hi Jesse, thanks for the reply. I followed your suggestion of using cptool to define an external account username and that did indeed get me further along than I had been. But I am still having two problems:

Now when I click on the link that I created for the Angel SSO, it opens a new window and goes into what appears to be some sort of "POST loop". Just keeps posting the same thing over and over. What does the URL in your connector look like? Mine looks like this:

http://lumtest.uah.edu/cp/ip/login?sys=angelbkup&url=http%3A%2F%2Fangelbkup.uah.edu

I have tried that with appending %2Aframes.aspx and %2Asignon%2Aauthenticate.asp at the end and I still get the same result. The browser just loops trying to log in. The URL in the browser window looks like this:

http://lumtest.uah.edu:8008/cpipconnector/angelbkup/Pickup?sid=B2gayXKrU7KGdR72ZHeC%2Bw__&url=http%3A%2F%2Fangelbkup.uah.edu

The second problem is with having to define the external account username and password for each user that will use the SSO. We use an EAS, and Angel will use the same EAS so we need to just pass the Luminis username and password to the Angel SSO because they will be the same. Any suggestions welcome.

Tue, 2008-07-22 13:50 — ziptiespec

Angel CPIP troubleshooting

Jim,

Re: the trouble you're having with the "POST loop", have you tried creating a small HTML file containing the necessary form elements/info outside of Luminis? Doing this should help you fine-tune the external login process for Angel's .properties file. Another helpful tool for figuring out this loop issue might be Wireshark, a network analyzer. It'll show you what the TCP communication between client/server is and may provide some clues to the cause of the loop.

Re: the URL in my connector, it's similar to yours. My system name is different and I'm passing a value of "null" for url (...&url=null) since this is not used by pickup.response, only pickup.html connectors.

Re: having to define the EAS user/pass for each user, I didn't realize you were authenticating against an EAS. In that case you will probably want to review these two threads re: sync password and the use of Luminis system credentials:

Using System credentials in a CPIP connector

CPIP and sync password

-J

Mon, 2008-08-04 14:37 — mccullarsj

Working

My apologies for not following up on my original request for help. We finally did get this working. The POST loop seems to have been caused by a typographical error that I had in the pickup response code. And I got Luminis to pass the Luminis credentials by setting this:

angel.cpipconnector.getconfig.usePDSCredentials

to true. I knew that usePDSCredentials came into play somewhere but I wasn't sure where. Thanks to all who responded and thanks for the help and examples.