Hi Malcolm,
Sorry, my last reply was a bit brief.
We've got an infrastructure composed mainly of Windows and Solaris servers, although there is a steady movement towards Windows - e.g. all email is moving to Exchange. We authenticate against AD on Windows, using OpenLDAP for our UNIX services. We've now removed all our NIS authentication.

We will run Shib on a Linux server for initial trials, then probably scale up to Solaris. One of my concerns is that if we move to Shib-only authentication for Blackboard, we'll have to provide the same level of resilience that we currently provide for AD, which was not the intention of this small project! Blackboard is running on UNIX. I'm not sure at this stage (as it's Christmas and everyone is on leave) what mechanism BB uses to authenticate against AD, or what we will use for our Shib IdP to authenticate against AD - CAS sounds like a step too far at this stage.

Regards,
Nigel




________________________________

Nigel Frost
Directories and Database Management
Information Systems Services
University of Southampton
SOUTHAMPTON SO17 1BJ

email:  [log in to unmask]
phone:  023 8059 8826 (ext 28826)

________________________________


-----Original Message-----
From: Blackboard/Courseinfo userslist [mailto:[log in to unmask]] On Behalf Of MURRAY M.R.
Sent: 17 December 2007 17:05
To: [log in to unmask]
Subject: Re: Shibboleth with Blackboard

Hi Nigel,

Are you running on Linux or Windows?
I'm not sure of the current support status for Windows - check with your
account manager, as it used to be Linux/Unix only for Shibb.

Malcolm.


---
Dr Malcolm Murray

Learning Technologies Team Leader
IT Service
Durham University

-----Original Message-----
From: Blackboard/Courseinfo userslist
[mailto:[log in to unmask]] On Behalf Of Frost N.J.
Sent: Monday, December 17, 2007 4:15 PM
To: [log in to unmask]
Subject: Re: Shibboleth with Blackboard

Malcolm,
We use Active Directory for all our authentication and authorisation -
including SSO to a Luminis portal.

Nigel


-----Original Message-----
From: Blackboard/Courseinfo userslist
[mailto:[log in to unmask]] On Behalf Of MURRAY M.R.
Sent: 17 December 2007 15:43
To: [log in to unmask]
Subject: Re: Shibboleth with Blackboard

If you know your way around Apache and have a decent knowledge of Java
then it might be possible! What sort of Institutional Idenity Management
Architecture have you in place at present?

Malcolm.


---
Dr Malcolm Murray

Learning Technologies Team Leader
IT Service
Durham University

-----Original Message-----
From: Blackboard/Courseinfo userslist
[mailto:[log in to unmask]] On Behalf Of Frost N.J.
Sent: Monday, December 17, 2007 3:23 PM
To: [log in to unmask]
Subject: Re: Shibboleth with Blackboard

Malcolm,
Thanks very much for the quick reply - though I'm a bit worried by the
sound of 'in theory' and 'after a fight'!
How feasible do you think it is to get this running, with a custom
authentication class, in a production environment within a couple of
months?

Regards,
Nigel

-----Original Message-----
From: Blackboard/Courseinfo userslist
[mailto:[log in to unmask]] On Behalf Of MURRAY M.R.
Sent: 17 December 2007 14:45
To: [log in to unmask]
Subject: Re: Shibboleth with Blackboard

Hi Nigel,

In theory it is possible to do this.

You can get Bb to work with Shibboleth after a fight using "simple" web
server delegation, but this is an all or nothing activity.

To get the choice of AD or Shibb, then you will need to write a custom
authentication class that offers the user the choice. Alternatively (or
possibly additionally) you could look to switching to something like CAS
to handle your authentication. This can be used as the WebISO required
by Shibb (e.g. in place of something like PubCookie, which we used). CAS
can "chain" authentication authorities, which is what you want to do.

Cheers,

Malcolm.


---
Dr Malcolm Murray

Learning Technologies Team Leader
IT Service
Durham University

-----Original Message-----
From: Blackboard/Courseinfo userslist
[mailto:[log in to unmask]] On Behalf Of Frost N.J.
Sent: Monday, December 17, 2007 2:26 PM
To: [log in to unmask]
Subject: Shibboleth with Blackboard

Hi,

I'm just starting on a project to implement Shibboleth authentication
for Blackboard, specifically for students from another institution.

I've got a bit of learning to do on the Shibboleth side, but there is
one question that particularly concerns me...

Is it possible to maintain the current LDAP/AD authentication for
internal students, while at the same time providing Shibboleth WAYF for
a few external students?

If we have to move all access to Shibboleth, that will massively
increase the scope of the project. Is it feasible to simply provide a
different URL for the Shibboleth route?

Has anyone had any experience of this?

Regards,
Nigel

________________________________

Nigel Frost
Project Manager
Information Systems Services
University of Southampton
SOUTHAMPTON SO17 1BJ

email:  [log in to unmask]
phone:  023 8059 8826 (ext 28826)

________________________________