--- loncom/html/adm/help/tex/Domain_Configuration_Login_Page.tex 2021/12/25 03:15:47 1.12.2.1
+++ loncom/html/adm/help/tex/Domain_Configuration_Login_Page.tex 2022/08/24 22:23:15 1.13
@@ -99,14 +99,21 @@ instead to display /adm/login configured
Check the ``Yes'' radio button for each of the domain's servers which will offer dual login and then set:
\begin{itemize}
-\item SSO: Text, Image, Alt Text, URL, Tool Tip
+\item SSO: Text, Image, Alt Text, URL, Tool Tip, Pop-up if iframe
\item non-SSO: Text
\end{itemize}
The value in the URL field will be /adm/sso for Shibboleth, and an uploaded image file will provide the button to be clicked
to load /adm/sso (i.e., to prompt an SSO login). The alt and title attributes for the button can also be set.
-With this in effect the LON-CAPA login page /adm/login will display the following:
+In some circumstances the default may be to attempt display of the SSO log-in dialog within an iframe, e.g.,
+when link protection has been enabled for LTI mediated deep link access from another learning management system,
+and a user is also required to authenticate in LON-CAPA. In such cases, ``sameorigin'' requirements for the SSO login
+page may dictate that the SSO login must be displayed in a pop-window instead of the iframe. Setting ``Pop-up if iframe''
+to ``Yes'' will ensure a pop-up is launched when the button and/or link for SSO login is clicked and the login page is
+within an iframe.
+
+With dual login in effect the LON-CAPA login page /adm/login will display the following:
\begin{itemize}
\item Log-in type:
@@ -133,5 +140,8 @@ If the SSO service is something other th
been set to a preferred URL (e.g., /adm/sentinel), then the URL item in the SSO entry in the dual login options
should be set to that same preferred URL.
-Note: if the original page request by an unauthenticated user included a query string containing role and symb (i.e.,
-the unique resource instance identifier) then they will be stored in a token file on the server, for access later to support deep-linking.
+Note: if the original page request by an unauthenticated user included a query string with any of the following items:
+role, symb, and linkkey, then they will be stored in a token file on the server, for access later to support deep-linking.
+Similarly, if the query string contained an ltoken item from successful launch from an LTI Consumer, where LON-CAPA is the LTI Provider,
+and for that Consumer LON-CAPA is not configured to accept user information, and the destination is a deep-link URL:
+/tiny/domain/uniqueID, then the LTI number, type (c or d), and tiny URL will be saved as the linkprot item in a token file.