Home » forums » GCF / CPIP / CAS Connectors

Way to pass in username/password?

Submitted by JulieMac on Tue, 2010-08-24 22:07

I'm trying to create a single sign on to a system that will pass in a generic user name and password.

We already have a SSO created for users who have their own user name and password. They enter them the first time when logging in. That works fine. We would like to allow students to also use the system with a generic user name and password that will give them limited rights.

I have tried to pass the user name and password in the xml both in the set command and using a:credentials in the session command. It still will prompt me for my user name and password. When I turn off autosync it still tries to grab it from the secret store even though it isn't there.

Has any body tried to do this? We are restricting it to students in Luminis under section audience in the Targeted Content Manager.

Thanks,

Julie McClendon
Southern Oregon University

‹ Blackboard 9 GCF Connector StarRez ›

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

please post code

Submitted by cfont on Tue, 2010-08-24 23:35.

Julie, are you trying to create a GCF connector that POSTs a generic username/password? If so, it should be no problem. You should know that part of the CPIP defines a requirement that the Luminis portal should send a username and password to the cpipconnector whether it is used or not.

Please post your XML and/or PROPERTIES file and we may be able to help better. Of course, you may want to obfuscate the generic un/pw. But really, you should be able to do this without any problems.

The Code...

Submitted by JulieMac on Wed, 2010-08-25 13:21.

I've been tweaking it a bit to try to get it to work. Currently it isn't asking me to put in the user name and password, but it is still trying to get it from the secret store.

XML file (don't know if it is going to show... it isn't in my preview):

[ substitute < for &lt; and > for &gt; libdms ]
[ also put in some non breaking spaces i.e. &nbsp; so that indentation is kept. libdms ]
<operations>
  <authenticate>
    <CLIENT>
      <SESSION a:server="${properties.externalSystemURL}" >
        <GET a:url="/VirtualEMS/Login.aspx" a:query="" a:redirects="no" />
        <SEARCH a:symbol="viewToken" a:source="${_RESPONSE}" a:value="${_VALUE}" >
          <GRAB a:start="id="__VIEWSTATE" value="" a:end=""" />
        </SEARCH>
        <SEARCH a:symbol="eventToken" a:source="${_RESPONSE}" a:value="${_VALUE}" >
          <GRAB a:start="id="__EVENTVALIDATION" value="" a:end=""" />
        </SEARCH>
        <LOADFORM a:symbol="LoginForm" a:tagname="aspnetForm" />
         <SET a:symbol="LoginForm.__LASTFOCUS" a:value="" />
         <SET a:symbol="LoginForm.__EVENTTARGET" a:value="" />
         <SET a:symbol="LoginForm.__EVENTARGUMENT" a:value="" />
         <SET a:symbol="LoginForm.__VIEWSTATE" a:value="${viewToken}" />
         <SET a:symbol="LoginForm.__EVENTVALIDATION" a:value="${eventToken}" />
         <SET a:symbol="LoginForm.ctl00$pc$UserId$box" a:value="dummyusername" />
         <SET a:symbol="LoginForm.ctl00$pc$Password$box" a:value="dummypassword" />
         <SET a:symbol="LoginForm.ctl00$pc$btnLogin" a:value="Login" />
        <POST a:url="/VirtualEMS/Login.aspx" a:query="" a:redirects="yes" >
          <PARAM a:list="LoginForm" />
        </POST>
        <SEARCH a:symbol="RetVal" a:source="${_RESPONSE}" a:value="${_VALUE}" >
          <EXISTS a:string="Log Out" a:found="TRUE" a:notfound="FALSE" />
        </SEARCH>
        <RESULT a:value="${RetVal}" />
      </SESSION>
    </CLIENT>
  </authenticate>
  <deauthenticate>
    <CLIENT>
      <SESSION a:server="${properties.externalSystemURL}" >
        <GET a:url="/VirtualEMS/LogOut.aspx" a:query="" a:redirects="no" />
        <SEARCH a:symbol="RetVal" a:source="${_RESPONSE}" a:value="${_VALUE}" >
          <EXISTS a:string="Log Out" a:found="FALSE" a:notfound="TRUE" />
        </SEARCH>
        <RESULT a:value="${RetVal}" />
      </SESSION>
    </CLIENT>
  </deauthenticate>
  <lastActive>
    <CLIENT>
      <SESSION a:server="${properties.externalSystemURL}" >
        <GET a:url="/VirtualEMS/Default.aspx" a:query="" a:redirects="no" />
        <SEARCH a:symbol="RetVal" a:source="${_RESPONSE}" a:value="${_VALUE}" >
          <EXISTS a:string="Log Out" a:found="TRUE" a:notfound="FALSE" />
        </SEARCH>
        <RESULT a:value="${RetVal}" />
      </SESSION>
    </CLIENT>
  </lastActive>
  <checkstate>
    <CLIENT>
      <SESSION a:server="${properties.externalSystemURL}" >
        <GET a:url="/VirtualEMS/Default.aspx" a:query="" a:redirects="no" />
        <SEARCH a:symbol="RetVal" a:source="${_RESPONSE}" a:value="${_VALUE}" >
          <EXISTS a:string="Log Out" a:found="TRUE" a:notfound="FALSE" />
        </SEARCH>:
        <RESULT a:value="${RetVal}" />
      </SESSION>
    </CLIENT>
  </checkstate>
</operations>

Properties File:

##############################################################
# ems connector for creating a new GCF connector configuration
##############################################################
# External System Properties
##############################################################

emslib.externalSystemName  = emslib
emslib.externalSystemURL   = http://apems01v.home.ad1.sou.edu
emslib.pickup.remoteurl = http://apems01v.home.ad1.sou.edu/virtualEMS/pickup.html
emslib.operations      = ${SSOROOT}/config/emslib.xml

##############################################################
# GetConfigVersion2 settings
##############################################################

emslib.sso.operations.class  = com.campuspipeline.sso.authenticator.SSOOperations
emslib.urlBase                     = ${cpipconnector.urlBase}/${emslib.externalSystemName}

emslib.cpipconnector.getconfig.createonlogin     = 1

emslib.cpipconnector.getconfig.authenticate      = ${emslib.urlBase}/Authenticate
emslib.cpipconnector.getconfig.authenticateOIDlist   = 1.3.6.1.4.1.4409.1.1.4.2
emslib.cpipconnector.getconfig.deauthenticate     = ${emslib.urlBase}/Deauthenticate
emslib.cpipconnector.getconfig.deauthenticateOIDlist = 1.3.6.1.4.1.4409.1.1.6.1
emslib.cpipconnector.getconfig.lastactive       = ${emslib.urlBase}/LastActive
emslib.cpipconnector.getconfig.lastactiveOIDlist   = 1.3.6.1.4.1.4409.1.1.5.1

emslib.cpipconnector.getconfig.sessionPlaceHolder   = sessionPlaceHolder
emslib.cpipconnector.getconfig.sendcpsession     = false
emslib.cpipconnector.getconfig.sendtimeout       = false
emslib.cpipconnector.getconfig.desturl_parmname    = destURL
emslib.cpipconnector.getconfig.sendlogin       = true
emslib.cpipconnector.getconfig.useSISCredentials   = false
emslib.cpipconnector.getconfig.usePDSCredentials   = false
emslib.cpipconnector.getconfig.configsleeptime     =
emslib.cpipconnector.getconfig.configattempts     =
emslib.cpipconnector.getconfig.shortcircutlogin    =

#set the following to true to get the newly added CPIP parameter 'immutableid'
#This can be accessed using the macro "_IMMUTABLE_ID"

emslib.cpipconnector.getconfig.sendimmutableid     =

posting xml?

Submitted by JulieMac on Wed, 2010-08-25 13:41.

How do I get my XML to show in my comment?

getting xml to show

Submitted by libdms on Thu, 2010-10-07 07:03.

When I try and present HTML or XML in Lumdev, I put my text into an editor (vi is my favourite but I suppose that notepad or anything else would do)

Then I change all the < and > into the html entity references (i.e. &lt;)

That way things should show in the preview and in the posted content.

At the moment your post has some html which breaks the Lumdev markup.

I will have a look and see what needs changing. [have done so in the Post itself - hope you don't mind]

Derek
University of Leeds, UK

Still unclear what the aim is

Submitted by libdms on Thu, 2010-10-07 07:44.

Hi Julie,

In an attempt to grasp what you are trying to do (and see where there are overlaps with what we would like to do) I will try and precis from your posts:

1) Allow users to supply credentials for emslib (the ES) so that luminis knows to do SSO with this username and password to emslib.
2) If user has supplied credentials (1), then have SSO to emslib using these.
3) If user has not supplied credentials (1), then have SSO to emslib using other credentials (that give limited rights in emslib)
3a) are these "no account yet" credentials the username and password used for luminis?
3b) or a choice of fixed guest account (emslib) credentials
3c) or a generated set of credentials to a formula understood by emslib
3d) does an emslib account get created for the user as part of this?

Sorry, not a very good precis. We are interested in understanding how to do step 1). Currently most (all?) of our ES use the same credentials as our Luminis log in. When we branch out into SSO to other systems (i.e. Facebook - not via the Sungard mechanisms, or our Alumni community system) we need to provide a way of having the first part of the SSO asking the user for their credentials.
Step 2) and 3) are also interesting, although we would probably not try to authenticate. It should allow logic like - if Luminis knows your credentials, perform SSO and end up at URLx; if Luminis doesn't then test if already signed in via browser session and end up at URLy; if Luminis doesn't then go to the ES login page (or alternative page).

Derek
University of Leeds, UK

Syndicate content