SlideShare une entreprise Scribd logo
1  sur  22
Télécharger pour lire hors ligne
IMS LTI and SAML / SSO
       DRAFT - 01
                           Charles Severance, Ph.D.
                   IMS Global Learning Consortium (IMS GLC)

                                       http://www.imsglobal.org/
                                       http://www.dr-chuck.com/

© Copyright 2012 IMS Global Learning Consortium
All Rights Reserved.                                               1
Thanks to

• Keith Hazelton, University of Wisconsin
• Scott Fullerton, University of Wisconsin




© Copyright 2012 IMS Global Learning Consortium
All Rights Reserved.                              2
Problem Statement

• We need a way to align IMS Learning Tools
       Interoperability and (SAML)




© Copyright 2012 IMS Global Learning Consortium
All Rights Reserved.                              3
Use Cases

• When a LMS is protected using an SSO and launches an
  external tool using LTI, we to communicate the SSO
  identity to the external tool
• This enables the external tool to connect the user_id
  value from LTI with an SSO identity
• This allows the user to connect directly to the
  external tool and log in using their SSO

© Copyright 2012 IMS Global Learning Consortium
All Rights Reserved.                                      4
Scenario

• We have three LMS's at three schools, one
  protected using SAML, one protected using CAS,
  and one that has no SSO
• They all connect to an external tool that is
  capable of LTI, CAS, and SAML and has
  relationships with the appropriate SAMLE IDP and
  CAS Server
© Copyright 2012 IMS Global Learning Consortium
All Rights Reserved.                                 5
mod_saml                                     mod_cas
                       saml.edu                     nada.edu        cas.edu



saml.edu                                            Scenario                  cas.edu
  IDP                                                                          Server


                              mod_saml              /launch      mod_cas
                                                  hyperlti.com



© Copyright 2012 IMS Global Learning Consortium
All Rights Reserved.                                                               6
Essential Design Concept

• The LTI Launch is completely normal providing the
  normal within-LMS data like user_id, role,
  context_id, etc.
• If the LMS is protected using an SSO and the
  current user is logged in through the SSO, we add
  the type of SSO (SAML, CAS, etc) and the identity
  provider for the SSO.
© Copyright 2012 IMS Global Learning Consortium
All Rights Reserved.                                  7
Essential Design Concept (cont)

• The LTI launch does *not* include the SSO identity
       as there is no way to do this reliably.




© Copyright 2012 IMS Global Learning Consortium
All Rights Reserved.                                    8
Design For External Tool

• The external tool has an unprotected LTI launch
       URL to receive LTI requests (/launch)
• The external tool has SSO-protected URLs for all
       the identity providers and SSO types it has a
       relationship with (/cas_edu, /saml_edu)



© Copyright 2012 IMS Global Learning Consortium
All Rights Reserved.                                   9
Design for External Tool

• If the LTI launch code receives a launch with an SSO
       type and Identity provider that it is capable of
       handling, it sets up the LTI data (user, course, role,
       etc) in the session and forwards to the appropriate
       SSO-protected url on its own server
• Since the user is already signed on via the SSO, they
       simply fall through with REMOTE_USER properly set

© Copyright 2012 IMS Global Learning Consortium
All Rights Reserved.                                            10
Design for External Tool

• Under the SSO-protected URL, the code knows the
       LTI user course, and role as well as the Identity
       provider and enterprise identity.
• The tool can link all of these together within its
       data structures.



© Copyright 2012 IMS Global Learning Consortium
All Rights Reserved.                                       11
External Tool Design

• From that point forward, the tool can identify the
       user either via an LTI launch through user_id or
       through a direct login to an SSO-protected URL
       that provides REMOTE_USER




© Copyright 2012 IMS Global Learning Consortium
All Rights Reserved.                                      12
B                                              mod_saml     lms.saml.edu
                r                                 2
                o                                     1              (1) User accesses
                w
                                                                     LMS, (2) redirected
                s
                                                                     to SSO, (3) SSO
                e                                         saml.edu   displays login page.
                r                                           IDP
                                                  3



                                                                 /launch
                                                                             hyperlti.com
                                                                mod_saml

© Copyright 2012 IMS Global Learning Consortium
All Rights Reserved.                                                                        13
B                                              mod_saml     lms.saml.edu
                                                  2
                r
                o
                                                      3              (1) User enters
                w
                                                                     login submits to
                s
                                                                     IDP, (2) IDP sets
                e                                         saml.edu   cookie and
                r                                           IDP
                                                  1                  redirects to LMS,
                                                                     (3) LMS displays
                                                                     screen

                                                                 /launch
                                                                             hyperlti.com
                  saml_cookie                                   mod_saml

© Copyright 2012 IMS Global Learning Consortium
All Rights Reserved.                                                                        14
B                                              mod_saml     lms.saml.edu
                                                  2
                r
                o
                                                  1                  (1) User selects LTI
                w
                                                                     tool. (2) LMS sends
                s
                                                                     signed LTI data
                e                                         saml.edu   form to browser (3)
                r                                           IDP      browser submits
                                                                     data to LTI launch
                       user_id=12
                                                                     url
                       sso_type=saml
                       sso_idp=saml.edu               3          /launch
                                                                             hyperlti.com
                  saml_cookie                                   mod_saml

© Copyright 2012 IMS Global Learning Consortium
All Rights Reserved.                                                                        15
B                                          mod_saml     lms.saml.edu
                r
                o
                                                                 (1) Tool stores the
                w
                                                                 LTI launch data in
                s
                                                                 a session for the
                e                                     saml.edu   browser and then
                r                                       IDP      (2) redirects to the
                                                                 mod_saml URL
                                                                         user_id=12     1
                                                                         sso_type=saml
                                                  2          /launch     sso_idp=saml.edu
                                                                         hyperlti.com
                  saml_cookie                               mod_saml

© Copyright 2012 IMS Global Learning Consortium
All Rights Reserved.                                                                        16
B                                          mod_saml    lms.saml.edu
                r
                o
                                                                 (4) The user's browser
                w
                                                                 follows the redirect,
                s
                                                                 adding the SAML cookie,
                e                                     saml.edu   (5) the mod passes the
                r                                       IDP      request through setting
                                                                 SAML identity
                                                                        user_id=12     1
                                                                        sso_type=saml
                                                  2          /launch    sso_idp=saml.edu
                                                                        hyperlti.com
                  saml_cookie                         4     mod_saml    remote_user=csev

                                                                                           5
© Copyright 2012 IMS Global Learning Consortium
All Rights Reserved.                                                                       17
B                                          mod_saml     lms.saml.edu
                r
                o
                                                                 (6)The mod requests
                w
                                                                 and receives an
                s
                                                                 attribute from the IDP
                e                                     saml.edu   and (7) adds it to the
                r                                       IDP      user data

                                                  6
                                                                         user_id=12
                                                                         sso_type=saml
                                                             /launch     sso_idp=saml.edu
                                                                        hyperlti.com
                  saml_cookie                               mod_saml     remote_user=csev
                                                                         phone=763-0300
                                                                                            7
© Copyright 2012 IMS Global Learning Consortium
All Rights Reserved.                                                                        18
B                                          mod_saml     lms.saml.edu
                r
                o                                                User has new browser.
                w                                                (1) Access the tool
                s                                                directly at SSO-
                e                             3       saml.edu   protected URL. (2)
                r                                       IDP      mod redirects to IDP,
                                                                 (3) IDP produces login
                                                                 page
                                                  1

                                                             /launch
                                                                        hyperlti.com
                                                  2         mod_saml

© Copyright 2012 IMS Global Learning Consortium
All Rights Reserved.                                                                   19
B                                          mod_saml     lms.saml.edu
                r
                o
                                                                 (1) User enters login
                w
                                                                 submits to IDP, (2) IDP
                s                                 1              sets cookie and
                e                                     saml.edu   redirects to tool. (3)
                r                                       IDP      Tool looks up user
                           2                                     data based on SAML id
                                                                         user_id=12
                                                                         sso_type=saml
                                                             /launch     sso_idp=saml.edu
                                                                         hyperlti.com
                  saml_cookie                               mod_saml     remote_user=csev
                                                                         phone=763-0300
                                                                                            3
© Copyright 2012 IMS Global Learning Consortium
All Rights Reserved.                                                                        20
Notes

• This extends easily to multiple types of SSO
       providers and multiple identity providers per SSO.
• This carefully avoids the LMS forwarding the SSO
       identity, but instead provides a mechanism for the
       tool to "add" the SSO identity to a session through
       a redirect

© Copyright 2012 IMS Global Learning Consortium
All Rights Reserved.                                         21
Questions / Comments

• This is a draft – comments welcome




© Copyright 2012 IMS Global Learning Consortium
All Rights Reserved.                              22

Contenu connexe

En vedette

Learning Tools Interoperability - Why the big deal? - Stephen Vickers | Talis...
Learning Tools Interoperability - Why the big deal? - Stephen Vickers | Talis...Learning Tools Interoperability - Why the big deal? - Stephen Vickers | Talis...
Learning Tools Interoperability - Why the big deal? - Stephen Vickers | Talis...Talis
 
E Tmf Tutorial
E Tmf TutorialE Tmf Tutorial
E Tmf Tutorialrammellel
 
IMS Learning Tools Interoperability (Smart ICT Korea)
IMS Learning Tools Interoperability (Smart ICT Korea)IMS Learning Tools Interoperability (Smart ICT Korea)
IMS Learning Tools Interoperability (Smart ICT Korea)Charles Severance
 
Hosting Moodle at the OU
Hosting Moodle at the OUHosting Moodle at the OU
Hosting Moodle at the OUTim Hunt
 
Creative learning spaces
Creative learning spacesCreative learning spaces
Creative learning spacesLiam Dunphy
 
Simplifying Integration of Publisher Content: A Real World LTI Example with L...
Simplifying Integration of Publisher Content: A Real World LTI Example with L...Simplifying Integration of Publisher Content: A Real World LTI Example with L...
Simplifying Integration of Publisher Content: A Real World LTI Example with L...D2L Barry
 
New Opportunites to Connect Learning with LIS and LTI
New Opportunites to Connect Learning with LIS and LTINew Opportunites to Connect Learning with LIS and LTI
New Opportunites to Connect Learning with LIS and LTIJohn Lewis
 
235470379 rfc-destination-sap-srm
235470379 rfc-destination-sap-srm235470379 rfc-destination-sap-srm
235470379 rfc-destination-sap-srmManish Nangalia
 
IMS Learning Tools Interoperability @ UCLA
IMS Learning Tools Interoperability @ UCLAIMS Learning Tools Interoperability @ UCLA
IMS Learning Tools Interoperability @ UCLACharles Severance
 
Adobe Experience Manager (AEM) - Multilingual SIG on SEO - Dave Lloyd
Adobe Experience Manager (AEM) - Multilingual SIG on SEO - Dave LloydAdobe Experience Manager (AEM) - Multilingual SIG on SEO - Dave Lloyd
Adobe Experience Manager (AEM) - Multilingual SIG on SEO - Dave LloydDave Lloyd
 
Integrating SAP the Java EE Way - JBoss One Day talk 2012
Integrating SAP the Java EE Way - JBoss One Day talk 2012Integrating SAP the Java EE Way - JBoss One Day talk 2012
Integrating SAP the Java EE Way - JBoss One Day talk 2012hwilming
 
Building Scalable IMS LTI Tools Using the TSUGI Framework
Building Scalable IMS LTI Tools Using the TSUGI FrameworkBuilding Scalable IMS LTI Tools Using the TSUGI Framework
Building Scalable IMS LTI Tools Using the TSUGI FrameworkCharles Severance
 
Sap java connector / Hybris RFC
Sap java connector / Hybris RFCSap java connector / Hybris RFC
Sap java connector / Hybris RFCMonsif Elaissoussi
 
RFC destination step by step
RFC destination step by stepRFC destination step by step
RFC destination step by stepRipunjay Rathaur
 
Transforming Moodle - United for Wildlife Implementation Case Study
Transforming Moodle - United for Wildlife Implementation Case StudyTransforming Moodle - United for Wildlife Implementation Case Study
Transforming Moodle - United for Wildlife Implementation Case StudyThomas Bell
 

En vedette (20)

Learning Tools Interoperability - Why the big deal? - Stephen Vickers | Talis...
Learning Tools Interoperability - Why the big deal? - Stephen Vickers | Talis...Learning Tools Interoperability - Why the big deal? - Stephen Vickers | Talis...
Learning Tools Interoperability - Why the big deal? - Stephen Vickers | Talis...
 
E Tmf Tutorial
E Tmf TutorialE Tmf Tutorial
E Tmf Tutorial
 
IMS Learning Tools Interoperability (Smart ICT Korea)
IMS Learning Tools Interoperability (Smart ICT Korea)IMS Learning Tools Interoperability (Smart ICT Korea)
IMS Learning Tools Interoperability (Smart ICT Korea)
 
Moodle user group – 08/06/11
Moodle user group – 08/06/11Moodle user group – 08/06/11
Moodle user group – 08/06/11
 
Ley 1286 2009
Ley 1286 2009Ley 1286 2009
Ley 1286 2009
 
Hosting Moodle at the OU
Hosting Moodle at the OUHosting Moodle at the OU
Hosting Moodle at the OU
 
Creative learning spaces
Creative learning spacesCreative learning spaces
Creative learning spaces
 
IMS Basic LTI Certification
IMS Basic LTI CertificationIMS Basic LTI Certification
IMS Basic LTI Certification
 
Simplifying Integration of Publisher Content: A Real World LTI Example with L...
Simplifying Integration of Publisher Content: A Real World LTI Example with L...Simplifying Integration of Publisher Content: A Real World LTI Example with L...
Simplifying Integration of Publisher Content: A Real World LTI Example with L...
 
New Opportunites to Connect Learning with LIS and LTI
New Opportunites to Connect Learning with LIS and LTINew Opportunites to Connect Learning with LIS and LTI
New Opportunites to Connect Learning with LIS and LTI
 
235470379 rfc-destination-sap-srm
235470379 rfc-destination-sap-srm235470379 rfc-destination-sap-srm
235470379 rfc-destination-sap-srm
 
IMS Learning Tools Interoperability @ UCLA
IMS Learning Tools Interoperability @ UCLAIMS Learning Tools Interoperability @ UCLA
IMS Learning Tools Interoperability @ UCLA
 
Adobe Experience Manager (AEM) - Multilingual SIG on SEO - Dave Lloyd
Adobe Experience Manager (AEM) - Multilingual SIG on SEO - Dave LloydAdobe Experience Manager (AEM) - Multilingual SIG on SEO - Dave Lloyd
Adobe Experience Manager (AEM) - Multilingual SIG on SEO - Dave Lloyd
 
Integrating SAP the Java EE Way - JBoss One Day talk 2012
Integrating SAP the Java EE Way - JBoss One Day talk 2012Integrating SAP the Java EE Way - JBoss One Day talk 2012
Integrating SAP the Java EE Way - JBoss One Day talk 2012
 
Building Scalable IMS LTI Tools Using the TSUGI Framework
Building Scalable IMS LTI Tools Using the TSUGI FrameworkBuilding Scalable IMS LTI Tools Using the TSUGI Framework
Building Scalable IMS LTI Tools Using the TSUGI Framework
 
Sap java connector / Hybris RFC
Sap java connector / Hybris RFCSap java connector / Hybris RFC
Sap java connector / Hybris RFC
 
eTMF ppt
eTMF ppteTMF ppt
eTMF ppt
 
SAP NetWeaver Gateway - RFC & BOR Generators
SAP NetWeaver Gateway - RFC & BOR GeneratorsSAP NetWeaver Gateway - RFC & BOR Generators
SAP NetWeaver Gateway - RFC & BOR Generators
 
RFC destination step by step
RFC destination step by stepRFC destination step by step
RFC destination step by step
 
Transforming Moodle - United for Wildlife Implementation Case Study
Transforming Moodle - United for Wildlife Implementation Case StudyTransforming Moodle - United for Wildlife Implementation Case Study
Transforming Moodle - United for Wildlife Implementation Case Study
 

Similaire à Connecting IMS LTI and SAML (Draft)

Meet Bravais Webinar Deck
Meet Bravais Webinar DeckMeet Bravais Webinar Deck
Meet Bravais Webinar DeckXyleme
 
Advanced Learning Tools Interoperability
Advanced Learning Tools InteroperabilityAdvanced Learning Tools Interoperability
Advanced Learning Tools InteroperabilityCharles Severance
 
Rob Abels keynote at JISC CETIS conference 2012
Rob Abels keynote at JISC CETIS conference 2012Rob Abels keynote at JISC CETIS conference 2012
Rob Abels keynote at JISC CETIS conference 2012Christina Smart
 
Eunis federation2
Eunis federation2Eunis federation2
Eunis federation2HEAnet
 
Ibm software network2012 claudio cinquepalmi #ibmsocialbiz
Ibm software network2012 claudio cinquepalmi  #ibmsocialbiz Ibm software network2012 claudio cinquepalmi  #ibmsocialbiz
Ibm software network2012 claudio cinquepalmi #ibmsocialbiz Claudio Cinquepalmi
 
Threat model express agile 2012
Threat model express agile 2012Threat model express agile 2012
Threat model express agile 2012drewz lin
 
Using OSGi as a Cloud Platform - Jan Rellermeyer
Using OSGi as a Cloud Platform - Jan RellermeyerUsing OSGi as a Cloud Platform - Jan Rellermeyer
Using OSGi as a Cloud Platform - Jan Rellermeyermfrancis
 
Eclipse Labs for Improving DSL Development - Eclipse DemoCamp Juno 2012 in Na...
Eclipse Labs for Improving DSL Development - Eclipse DemoCamp Juno 2012 in Na...Eclipse Labs for Improving DSL Development - Eclipse DemoCamp Juno 2012 in Na...
Eclipse Labs for Improving DSL Development - Eclipse DemoCamp Juno 2012 in Na...Hugo Bruneliere
 
Real World Identity Managment
Real World Identity ManagmentReal World Identity Managment
Real World Identity ManagmentJohn Lewis
 
Interoperable cloud storage with the cdmi standard
Interoperable cloud storage with the cdmi standardInteroperable cloud storage with the cdmi standard
Interoperable cloud storage with the cdmi standardWalter Moriconi
 
SCORM in the Cloud: Simplifying eLearning Delivery
SCORM in the Cloud: Simplifying eLearning DeliverySCORM in the Cloud: Simplifying eLearning Delivery
SCORM in the Cloud: Simplifying eLearning DeliveryXyleme
 
Journey to end user computing dallas vmug may 2013
Journey to end user computing   dallas vmug may 2013Journey to end user computing   dallas vmug may 2013
Journey to end user computing dallas vmug may 2013Tommy Trogden
 

Similaire à Connecting IMS LTI and SAML (Draft) (14)

Meet Bravais Webinar Deck
Meet Bravais Webinar DeckMeet Bravais Webinar Deck
Meet Bravais Webinar Deck
 
Advanced Learning Tools Interoperability
Advanced Learning Tools InteroperabilityAdvanced Learning Tools Interoperability
Advanced Learning Tools Interoperability
 
Rob Abels keynote at JISC CETIS conference 2012
Rob Abels keynote at JISC CETIS conference 2012Rob Abels keynote at JISC CETIS conference 2012
Rob Abels keynote at JISC CETIS conference 2012
 
Eunis federation2
Eunis federation2Eunis federation2
Eunis federation2
 
Ibm software network2012 claudio cinquepalmi #ibmsocialbiz
Ibm software network2012 claudio cinquepalmi  #ibmsocialbiz Ibm software network2012 claudio cinquepalmi  #ibmsocialbiz
Ibm software network2012 claudio cinquepalmi #ibmsocialbiz
 
OMG DDS Security, 3rd revised submission
OMG DDS Security, 3rd revised submissionOMG DDS Security, 3rd revised submission
OMG DDS Security, 3rd revised submission
 
Threat model express agile 2012
Threat model express agile 2012Threat model express agile 2012
Threat model express agile 2012
 
OMG DDS Security. 4th Revised Submission
OMG DDS Security. 4th Revised SubmissionOMG DDS Security. 4th Revised Submission
OMG DDS Security. 4th Revised Submission
 
Using OSGi as a Cloud Platform - Jan Rellermeyer
Using OSGi as a Cloud Platform - Jan RellermeyerUsing OSGi as a Cloud Platform - Jan Rellermeyer
Using OSGi as a Cloud Platform - Jan Rellermeyer
 
Eclipse Labs for Improving DSL Development - Eclipse DemoCamp Juno 2012 in Na...
Eclipse Labs for Improving DSL Development - Eclipse DemoCamp Juno 2012 in Na...Eclipse Labs for Improving DSL Development - Eclipse DemoCamp Juno 2012 in Na...
Eclipse Labs for Improving DSL Development - Eclipse DemoCamp Juno 2012 in Na...
 
Real World Identity Managment
Real World Identity ManagmentReal World Identity Managment
Real World Identity Managment
 
Interoperable cloud storage with the cdmi standard
Interoperable cloud storage with the cdmi standardInteroperable cloud storage with the cdmi standard
Interoperable cloud storage with the cdmi standard
 
SCORM in the Cloud: Simplifying eLearning Delivery
SCORM in the Cloud: Simplifying eLearning DeliverySCORM in the Cloud: Simplifying eLearning Delivery
SCORM in the Cloud: Simplifying eLearning Delivery
 
Journey to end user computing dallas vmug may 2013
Journey to end user computing   dallas vmug may 2013Journey to end user computing   dallas vmug may 2013
Journey to end user computing dallas vmug may 2013
 

Plus de Charles Severance

LTI Advantage: The Next Big Thing in LMS Integration
LTI Advantage: The Next Big Thing in LMS IntegrationLTI Advantage: The Next Big Thing in LMS Integration
LTI Advantage: The Next Big Thing in LMS IntegrationCharles Severance
 
Sakai Hierarchy Framework Changes Overview (not implemented)
Sakai Hierarchy  Framework Changes Overview (not implemented)Sakai Hierarchy  Framework Changes Overview (not implemented)
Sakai Hierarchy Framework Changes Overview (not implemented)Charles Severance
 
Building the NGDLE with Tsugi (次) and Koseu(코스)
Building the NGDLE with Tsugi (次) and Koseu(코스)Building the NGDLE with Tsugi (次) and Koseu(코스)
Building the NGDLE with Tsugi (次) and Koseu(코스)Charles Severance
 
Exploring the Next Generation Digital Learning Ecosystem
Exploring the Next Generation Digital Learning EcosystemExploring the Next Generation Digital Learning Ecosystem
Exploring the Next Generation Digital Learning EcosystemCharles Severance
 
Exploring the Next Generation Digital Learning Environment with Tsugi
Exploring the Next Generation Digital Learning Environment with TsugiExploring the Next Generation Digital Learning Environment with Tsugi
Exploring the Next Generation Digital Learning Environment with TsugiCharles Severance
 
Building the Next Generation Teaching and Learning Environment with Tsugi (次)
Building the Next Generation Teaching and Learning Environment with Tsugi (次)Building the Next Generation Teaching and Learning Environment with Tsugi (次)
Building the Next Generation Teaching and Learning Environment with Tsugi (次)Charles Severance
 
Beyond MOOCs: Open Education at Scale
Beyond MOOCs: Open Education at ScaleBeyond MOOCs: Open Education at Scale
Beyond MOOCs: Open Education at ScaleCharles Severance
 
Building the Next Generation Teaching and Learning Environment
Building the Next Generation Teaching and Learning EnvironmentBuilding the Next Generation Teaching and Learning Environment
Building the Next Generation Teaching and Learning EnvironmentCharles Severance
 
CloudSocial: A New Approach to Enabling Open Content for Broad Reuse
CloudSocial: A New Approach to Enabling Open Content for Broad ReuseCloudSocial: A New Approach to Enabling Open Content for Broad Reuse
CloudSocial: A New Approach to Enabling Open Content for Broad ReuseCharles Severance
 
Next Generation Teaching and Learning
Next Generation Teaching and LearningNext Generation Teaching and Learning
Next Generation Teaching and LearningCharles Severance
 
Next Generation Teaching and Learning
Next Generation Teaching and LearningNext Generation Teaching and Learning
Next Generation Teaching and LearningCharles Severance
 
A View on the Future of Sakai
A View on the Future of SakaiA View on the Future of Sakai
A View on the Future of SakaiCharles Severance
 
The Next Generation of Teaching and Learning Tools
The Next Generation of Teaching and Learning ToolsThe Next Generation of Teaching and Learning Tools
The Next Generation of Teaching and Learning ToolsCharles Severance
 
Standards to Enable an Open Learning Ecosystem
Standards to Enable an Open Learning EcosystemStandards to Enable an Open Learning Ecosystem
Standards to Enable an Open Learning EcosystemCharles Severance
 
Updated Version: Tsugi Overview
Updated Version: Tsugi OverviewUpdated Version: Tsugi Overview
Updated Version: Tsugi OverviewCharles Severance
 
Standards Update: Apereo 2015
Standards Update: Apereo 2015Standards Update: Apereo 2015
Standards Update: Apereo 2015Charles Severance
 
Apereo 2015: The State of Sakai
Apereo 2015: The State of SakaiApereo 2015: The State of Sakai
Apereo 2015: The State of SakaiCharles Severance
 
The Trials and Tribulations of Predicting the Future of Educational Technology
The Trials and Tribulations of Predicting the Future of Educational TechnologyThe Trials and Tribulations of Predicting the Future of Educational Technology
The Trials and Tribulations of Predicting the Future of Educational TechnologyCharles Severance
 

Plus de Charles Severance (20)

LTI Advantage: The Next Big Thing in LMS Integration
LTI Advantage: The Next Big Thing in LMS IntegrationLTI Advantage: The Next Big Thing in LMS Integration
LTI Advantage: The Next Big Thing in LMS Integration
 
Hierarchy requirements
Hierarchy requirements Hierarchy requirements
Hierarchy requirements
 
Sakai Hierarchy Framework Changes Overview (not implemented)
Sakai Hierarchy  Framework Changes Overview (not implemented)Sakai Hierarchy  Framework Changes Overview (not implemented)
Sakai Hierarchy Framework Changes Overview (not implemented)
 
Building the NGDLE with Tsugi (次) and Koseu(코스)
Building the NGDLE with Tsugi (次) and Koseu(코스)Building the NGDLE with Tsugi (次) and Koseu(코스)
Building the NGDLE with Tsugi (次) and Koseu(코스)
 
Exploring the Next Generation Digital Learning Ecosystem
Exploring the Next Generation Digital Learning EcosystemExploring the Next Generation Digital Learning Ecosystem
Exploring the Next Generation Digital Learning Ecosystem
 
Exploring the Next Generation Digital Learning Environment with Tsugi
Exploring the Next Generation Digital Learning Environment with TsugiExploring the Next Generation Digital Learning Environment with Tsugi
Exploring the Next Generation Digital Learning Environment with Tsugi
 
Building the Next Generation Teaching and Learning Environment with Tsugi (次)
Building the Next Generation Teaching and Learning Environment with Tsugi (次)Building the Next Generation Teaching and Learning Environment with Tsugi (次)
Building the Next Generation Teaching and Learning Environment with Tsugi (次)
 
Beyond MOOCs: Open Education at Scale
Beyond MOOCs: Open Education at ScaleBeyond MOOCs: Open Education at Scale
Beyond MOOCs: Open Education at Scale
 
Building the Next Generation Teaching and Learning Environment
Building the Next Generation Teaching and Learning EnvironmentBuilding the Next Generation Teaching and Learning Environment
Building the Next Generation Teaching and Learning Environment
 
CloudSocial: A New Approach to Enabling Open Content for Broad Reuse
CloudSocial: A New Approach to Enabling Open Content for Broad ReuseCloudSocial: A New Approach to Enabling Open Content for Broad Reuse
CloudSocial: A New Approach to Enabling Open Content for Broad Reuse
 
Next Generation Teaching and Learning
Next Generation Teaching and LearningNext Generation Teaching and Learning
Next Generation Teaching and Learning
 
Next Generation Teaching and Learning
Next Generation Teaching and LearningNext Generation Teaching and Learning
Next Generation Teaching and Learning
 
The Game of MOOCs
The Game of MOOCsThe Game of MOOCs
The Game of MOOCs
 
A View on the Future of Sakai
A View on the Future of SakaiA View on the Future of Sakai
A View on the Future of Sakai
 
The Next Generation of Teaching and Learning Tools
The Next Generation of Teaching and Learning ToolsThe Next Generation of Teaching and Learning Tools
The Next Generation of Teaching and Learning Tools
 
Standards to Enable an Open Learning Ecosystem
Standards to Enable an Open Learning EcosystemStandards to Enable an Open Learning Ecosystem
Standards to Enable an Open Learning Ecosystem
 
Updated Version: Tsugi Overview
Updated Version: Tsugi OverviewUpdated Version: Tsugi Overview
Updated Version: Tsugi Overview
 
Standards Update: Apereo 2015
Standards Update: Apereo 2015Standards Update: Apereo 2015
Standards Update: Apereo 2015
 
Apereo 2015: The State of Sakai
Apereo 2015: The State of SakaiApereo 2015: The State of Sakai
Apereo 2015: The State of Sakai
 
The Trials and Tribulations of Predicting the Future of Educational Technology
The Trials and Tribulations of Predicting the Future of Educational TechnologyThe Trials and Tribulations of Predicting the Future of Educational Technology
The Trials and Tribulations of Predicting the Future of Educational Technology
 

Dernier

Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxYounusS2
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIUdaiappa Ramachandran
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataSafe Software
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdfJamie (Taka) Wang
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceMartin Humpolec
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?SANGHEE SHIN
 

Dernier (20)

Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptx
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AI
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your Salesforce
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?
 

Connecting IMS LTI and SAML (Draft)

  • 1. IMS LTI and SAML / SSO DRAFT - 01 Charles Severance, Ph.D. IMS Global Learning Consortium (IMS GLC) http://www.imsglobal.org/ http://www.dr-chuck.com/ © Copyright 2012 IMS Global Learning Consortium All Rights Reserved. 1
  • 2. Thanks to • Keith Hazelton, University of Wisconsin • Scott Fullerton, University of Wisconsin © Copyright 2012 IMS Global Learning Consortium All Rights Reserved. 2
  • 3. Problem Statement • We need a way to align IMS Learning Tools Interoperability and (SAML) © Copyright 2012 IMS Global Learning Consortium All Rights Reserved. 3
  • 4. Use Cases • When a LMS is protected using an SSO and launches an external tool using LTI, we to communicate the SSO identity to the external tool • This enables the external tool to connect the user_id value from LTI with an SSO identity • This allows the user to connect directly to the external tool and log in using their SSO © Copyright 2012 IMS Global Learning Consortium All Rights Reserved. 4
  • 5. Scenario • We have three LMS's at three schools, one protected using SAML, one protected using CAS, and one that has no SSO • They all connect to an external tool that is capable of LTI, CAS, and SAML and has relationships with the appropriate SAMLE IDP and CAS Server © Copyright 2012 IMS Global Learning Consortium All Rights Reserved. 5
  • 6. mod_saml mod_cas saml.edu nada.edu cas.edu saml.edu Scenario cas.edu IDP Server mod_saml /launch mod_cas hyperlti.com © Copyright 2012 IMS Global Learning Consortium All Rights Reserved. 6
  • 7. Essential Design Concept • The LTI Launch is completely normal providing the normal within-LMS data like user_id, role, context_id, etc. • If the LMS is protected using an SSO and the current user is logged in through the SSO, we add the type of SSO (SAML, CAS, etc) and the identity provider for the SSO. © Copyright 2012 IMS Global Learning Consortium All Rights Reserved. 7
  • 8. Essential Design Concept (cont) • The LTI launch does *not* include the SSO identity as there is no way to do this reliably. © Copyright 2012 IMS Global Learning Consortium All Rights Reserved. 8
  • 9. Design For External Tool • The external tool has an unprotected LTI launch URL to receive LTI requests (/launch) • The external tool has SSO-protected URLs for all the identity providers and SSO types it has a relationship with (/cas_edu, /saml_edu) © Copyright 2012 IMS Global Learning Consortium All Rights Reserved. 9
  • 10. Design for External Tool • If the LTI launch code receives a launch with an SSO type and Identity provider that it is capable of handling, it sets up the LTI data (user, course, role, etc) in the session and forwards to the appropriate SSO-protected url on its own server • Since the user is already signed on via the SSO, they simply fall through with REMOTE_USER properly set © Copyright 2012 IMS Global Learning Consortium All Rights Reserved. 10
  • 11. Design for External Tool • Under the SSO-protected URL, the code knows the LTI user course, and role as well as the Identity provider and enterprise identity. • The tool can link all of these together within its data structures. © Copyright 2012 IMS Global Learning Consortium All Rights Reserved. 11
  • 12. External Tool Design • From that point forward, the tool can identify the user either via an LTI launch through user_id or through a direct login to an SSO-protected URL that provides REMOTE_USER © Copyright 2012 IMS Global Learning Consortium All Rights Reserved. 12
  • 13. B mod_saml lms.saml.edu r 2 o 1 (1) User accesses w LMS, (2) redirected s to SSO, (3) SSO e saml.edu displays login page. r IDP 3 /launch hyperlti.com mod_saml © Copyright 2012 IMS Global Learning Consortium All Rights Reserved. 13
  • 14. B mod_saml lms.saml.edu 2 r o 3 (1) User enters w login submits to s IDP, (2) IDP sets e saml.edu cookie and r IDP 1 redirects to LMS, (3) LMS displays screen /launch hyperlti.com saml_cookie mod_saml © Copyright 2012 IMS Global Learning Consortium All Rights Reserved. 14
  • 15. B mod_saml lms.saml.edu 2 r o 1 (1) User selects LTI w tool. (2) LMS sends s signed LTI data e saml.edu form to browser (3) r IDP browser submits data to LTI launch user_id=12 url sso_type=saml sso_idp=saml.edu 3 /launch hyperlti.com saml_cookie mod_saml © Copyright 2012 IMS Global Learning Consortium All Rights Reserved. 15
  • 16. B mod_saml lms.saml.edu r o (1) Tool stores the w LTI launch data in s a session for the e saml.edu browser and then r IDP (2) redirects to the mod_saml URL user_id=12 1 sso_type=saml 2 /launch sso_idp=saml.edu hyperlti.com saml_cookie mod_saml © Copyright 2012 IMS Global Learning Consortium All Rights Reserved. 16
  • 17. B mod_saml lms.saml.edu r o (4) The user's browser w follows the redirect, s adding the SAML cookie, e saml.edu (5) the mod passes the r IDP request through setting SAML identity user_id=12 1 sso_type=saml 2 /launch sso_idp=saml.edu hyperlti.com saml_cookie 4 mod_saml remote_user=csev 5 © Copyright 2012 IMS Global Learning Consortium All Rights Reserved. 17
  • 18. B mod_saml lms.saml.edu r o (6)The mod requests w and receives an s attribute from the IDP e saml.edu and (7) adds it to the r IDP user data 6 user_id=12 sso_type=saml /launch sso_idp=saml.edu hyperlti.com saml_cookie mod_saml remote_user=csev phone=763-0300 7 © Copyright 2012 IMS Global Learning Consortium All Rights Reserved. 18
  • 19. B mod_saml lms.saml.edu r o User has new browser. w (1) Access the tool s directly at SSO- e 3 saml.edu protected URL. (2) r IDP mod redirects to IDP, (3) IDP produces login page 1 /launch hyperlti.com 2 mod_saml © Copyright 2012 IMS Global Learning Consortium All Rights Reserved. 19
  • 20. B mod_saml lms.saml.edu r o (1) User enters login w submits to IDP, (2) IDP s 1 sets cookie and e saml.edu redirects to tool. (3) r IDP Tool looks up user 2 data based on SAML id user_id=12 sso_type=saml /launch sso_idp=saml.edu hyperlti.com saml_cookie mod_saml remote_user=csev phone=763-0300 3 © Copyright 2012 IMS Global Learning Consortium All Rights Reserved. 20
  • 21. Notes • This extends easily to multiple types of SSO providers and multiple identity providers per SSO. • This carefully avoids the LMS forwarding the SSO identity, but instead provides a mechanism for the tool to "add" the SSO identity to a session through a redirect © Copyright 2012 IMS Global Learning Consortium All Rights Reserved. 21
  • 22. Questions / Comments • This is a draft – comments welcome © Copyright 2012 IMS Global Learning Consortium All Rights Reserved. 22