Annotation of loncom/html/adm/help/tex/Domain_Configuration_Login_Page.tex, revision 1.14
1.1 raeburn 1: \label{Domain_Configuration_Login_Page}
1.10 raeburn 2:
3: \textbf{Log-in Service}
4:
1.4 raeburn 5: If your domain has more than one server you have the option to configure whether
1.7 raeburn 6: any of the servers will redirect to another server whenever the log-in page is requested. This can be useful if you maintain a portal or ``Load Balancer'' server which
1.4 raeburn 7: forms your institution's gateway to LON-CAPA. You can specify the path to which
8: the user should be redirected, and also whether log-in page requests from specific
9: IP addresses should be exempt from the redirection. The exemption is useful
10: if you run a monitoring script which tests log-in, course display, and logout periodically for each of your LON-CAPA servers.
11:
1.10 raeburn 12: \hfill{}
13:
14: \textbf{Log-in Page Items}
15:
1.4 raeburn 16: If your domain only has one LON-CAPA server, or you have multiple servers and will
17: display their log-in pages, their appearance can be customized as follows:
1.1 raeburn 18:
19: \begin{itemize}
1.11 raeburn 20: \item upload of custom image files
21: \item changes to colors of text, links or backgrounds
22: \item enabled/disabled display of specific links
1.1 raeburn 23: \end{itemize}
1.11 raeburn 24: Note: logos displayed in the login page configuration panel are scaled down
25: from the full size used in the log-in page itself.
1.1 raeburn 26:
27: \hfill{}
28:
29: \noindent The following elements are configurable:
30:
31: \begin{itemize}
32: \item Header image at the top of the page
1.2 raeburn 33: \item Main Logo centered in the upper part of the main panel
1.1 raeburn 34: \item Domain logo in the lower left corner of the main panel
1.8 raeburn 35: \item Header above the login panel - can also be set to use text ``Login''
36: instead of an image.
1.2 raeburn 37: \item Background colors for the page itself, the main panel, and the left
1.1 raeburn 38: (side) panel.
39: \item Text color used for text on the page
1.5 raeburn 40: \item Text colors used for active, visited and unvisited links
1.11 raeburn 41: \item Enabled/disabled display for four links:
1.1 raeburn 42:
43: \begin{itemize}
1.3 bisitz 44: \item Course/Community Catalog, for a catalog of courses and communities
1.2 raeburn 45: \item Admin E-mail, for the e-mail address of the administrator
1.5 raeburn 46: \item Contact Helpdesk, to display a web form used to submit a help request
1.2 raeburn 47: \item New User, for users to create their own accounts
1.1 raeburn 48: \end{itemize}
1.11 raeburn 49: \item Default colors used for links in the page, depending on status: either
50: active or visited (or default, if neither apply).
1.1 raeburn 51: \end{itemize}
1.5 raeburn 52:
53: \hfill{}
54:
1.9 raeburn 55: A ``Log-in Help'' link will be displayed immediately above any of the four optional links:
56: Catalog, Contact Helpdesk, Admin Email, and New User. Configuration options determine to which
1.5 raeburn 57: file(s) the ``Log-in Help'' points. The default file can be replaced with a custom HTML file
58: containing information pertinent to your institution. In addition, versions of the custom
59: file, translated into the twelve languages supported by LON-CAPA can be uploaded, and the
60: link will automatically point to the appropriate (localized) file, depending on the viewer's
61: language preference (as reported by the client web browser).
62:
63: \hfill{}
64:
1.10 raeburn 65: \textbf{Log-in Help}
66:
1.5 raeburn 67: Where the ``Contact Helpdesk'' web form is in use it can be configured to include a CAPTCHA
68: mechanism to discourage robotic form completion. There are two types of CAPTCHA to choose
69: from -- the ``original'' CAPTCHA which uses a self-contained perl module included with the
1.14 ! raeburn 70: LONCAPA prerequisites, or ReCAPTCHA, which uses an external service --
1.5 raeburn 71: https://google.com/recaptcha -- and requires you to create an account and generate public
72: and private keys which will be entered in the domain configuration form. If you have more
73: than one server in your domain, you should request ``global'' keys, as the same keys will be
1.9 raeburn 74: used by the Contact Helpdesk ReCAPTCHA on all servers in your domain. If using ReCAPTCHA, you
75: can indicate whether version 1 or 2 should be used.
1.7 raeburn 76:
77: \hfill{}
78:
1.10 raeburn 79: \textbf{Custom HTML in document head}
80:
1.7 raeburn 81: The head portion of the log-in page may contain custom mark up (e.g., a script block containing
82: javascript for page analytics) in a file which will be uploaded and published public.
83: Different custom markup may be uploaded for each server in a domain, and a comma separated list
1.14 ! raeburn 84: of IP addresses may be specified for which the custom markup will not be included in the page,
1.7 raeburn 85: when the request for the log-in page originates from one of those addresses. A use case for the
86: exempt IP addresses is where robotic requests for the log-in page and made from a monitoring
1.10 raeburn 87: machine, used to detect when a LON-CAPA server is not working correctly.
88:
89: \hfill{}
90:
91: \textbf{Dual login: SSO and non-SSO}
92:
93: For a LON-CAPA node configured to support Single Sign On (SSO), e.g., by operating as a Shibboleth SP,
1.12 raeburn 94: entries in Apache config files (loncapa\_apache.conf, if Shibboleth) will cause display of an SSO login page
1.11 raeburn 95: whenever a user accesses /adm/roles without a cookie for an unexpired LON-CAPA session. If it is preferred
96: instead to display /adm/login configured to offer dual SSO log-in (e.g., Shibboleth), and non-SSO login
97: (i.e., LON-CAPA), that will be set via the ``Dual login: SSO and non-SSO options'' section.
1.10 raeburn 98:
1.11 raeburn 99: Check the ``Yes'' radio button for each of the domain's servers which will offer dual login and then set:
1.10 raeburn 100:
101: \begin{itemize}
1.13 raeburn 102: \item SSO: Text, Image, Alt Text, URL, Tool Tip, Pop-up if iframe
1.10 raeburn 103: \item non-SSO: Text
104: \end{itemize}
105:
1.11 raeburn 106: The value in the URL field will be /adm/sso for Shibboleth, and an uploaded image file will provide the button to be clicked
107: to load /adm/sso (i.e., to prompt an SSO login). The alt and title attributes for the button can also be set.
1.10 raeburn 108:
1.13 raeburn 109: In some circumstances the default may be to attempt display of the SSO log-in dialog within an iframe, e.g.,
110: when link protection has been enabled for LTI mediated deep link access from another learning management system,
111: and a user is also required to authenticate in LON-CAPA. In such cases, ``sameorigin'' requirements for the SSO login
112: page may dictate that the SSO login must be displayed in a pop-window instead of the iframe. Setting ``Pop-up if iframe''
113: to ``Yes'' will ensure a pop-up is launched when the button and/or link for SSO login is clicked and the login page is
114: within an iframe.
115:
116: With dual login in effect the LON-CAPA login page /adm/login will display the following:
1.10 raeburn 117:
118: \begin{itemize}
119: \item Log-in type:
1.11 raeburn 120: Immediately followed by the text for either SSO, or non-SSO login, as set via the ``Dual login: SSO and non-SSO options''
1.10 raeburn 121: textboxes for SSO and non-SSO.
122:
123: \item Change?
124: A link below the ``Login type:'' line which can be used to toggle between the SSO and non-SSO logins
125:
126: \item Button (SSO) or Log-in box (non-SSO)
127:
128: \begin{itemize}
129:
1.11 raeburn 130: \item SSO - an image (i.e., clickable button) which was uploaded in the SSO option item, with alt text, and a tool tip
1.10 raeburn 131: shown when hovering over the button.
132:
133: \item Non-SSO - standard LON-CAPA login box for username, password, domain and "Log In" button.
134:
135: \end{itemize}
136:
137: \end{itemize}
138:
139: If the SSO service is something other than Shibboleth (e.g., CAS or Sentinel) and the PerlVar lonOtherAuthenUrl has
140: been set to a preferred URL (e.g., /adm/sentinel), then the URL item in the SSO entry in the dual login options
1.11 raeburn 141: should be set to that same preferred URL.
1.10 raeburn 142:
143: Note: if the original page request by an unauthenticated user included a query string with any of the following items:
144: role, symb, and linkkey, then they will be stored in a token file on the server, for access later to support deep-linking.
145: Similarly, if the query string contained an ltoken item from successful launch from an LTI Consumer, where LON-CAPA is the LTI Provider,
146: and for that Consumer LON-CAPA is not configured to accept user information, and the destination is a deep-link URL:
147: /tiny/domain/uniqueID, then the LTI number, type (c or d), and tiny URL will be saved as the linkprot item in a token file.
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>