Return to Domain_Configuration_Login_Page.tex CVS log

Up to [LON-CAPA] / loncom / html / adm / help / tex

- For 2.11
  Remove information about features not included in 2.11.

    1: \label{Domain_Configuration_Login_Page}
    2: 
    3: \textbf{Log-in Service}
    4: 
    5: If your domain has more than one server you have the option to configure whether 
    6: any of the servers will redirect to another server whenever the log-in page is requested.  This can be useful if you maintain a portal or ``Load Balancer'' server which 
    7: forms your institution's gateway to LON-CAPA. You can specify the path to which 
    8: the user should be redirected, and also whether log-in page requests from specific
    9: IP addresses should be exempt from the redirection.  The exemption is useful 
   10: if you run a monitoring script which tests log-in, course display, and logout periodically for each of your LON-CAPA servers.
   11: 
   12: \hfill{}
   13: 
   14: \textbf{Log-in Page Items}
   15: 
   16: If your domain only has one LON-CAPA server, or you have multiple servers and will 
   17: display their log-in pages, their appearance can be customized as follows:
   18: 
   19: \begin{itemize}
   20: \item upload of custom image files 
   21: \item changes to colors of text, links or backgrounds 
   22: \item enabled/disabled display of specific links 
   23: \end{itemize}
   24: Note: logos displayed in the login page configuration panel are scaled down
   25: from the full size used in the log-in page itself. 
   26: 
   27: \hfill{}
   28: 
   29: \noindent The following elements are configurable: 
   30: 
   31: \begin{itemize}
   32: \item Header image at the top of the page
   33: \item Main Logo centered in the upper part of the main panel 
   34: \item Domain logo in the lower left corner of the main panel 
   35: \item Header above the login panel - can also be set to use text ``Login''
   36: instead of an image. 
   37: \item Background colors for the page itself, the main panel, and the left
   38: (side) panel. 
   39: \item Text color used for text on the page
   40: \item Text colors used for active, visited and unvisited links
   41: \item Enabled/disabled display for four links: 
   42: 
   43: \begin{itemize}
   44: \item Course/Community Catalog, for a catalog of courses and communities
   45: \item Admin E-mail, for the e-mail address of the administrator 
   46: \item Contact Helpdesk, to display a web form used to submit a help request 
   47: \item New User, for users to create their own accounts 
   48: \end{itemize}
   49: \item Default colors used for links in the page, depending on status: either
   50: active or visited (or default, if neither apply).
   51: \end{itemize}
   52: 
   53: \hfill{}
   54: 
   55: A ``Log-in Help'' link will be displayed immediately above any of the four optional links:
   56: Catalog, Contact Helpdesk, Admin Email, and New User.  Configuration options determine to which
   57: file(s) the ``Log-in Help'' points. The default file can be replaced with a custom HTML file
   58: containing information pertinent to your institution.  In addition, versions of the custom
   59: file, translated into the twelve languages supported by LON-CAPA can be uploaded, and the
   60: link will automatically point to the appropriate (localized) file, depending on the viewer's 
   61: language preference (as reported by the client web browser).
   62: 
   63: \hfill{}
   64: 
   65: \textbf{Log-in Help}
   66: 
   67: Where the ``Contact Helpdesk'' web form is in use it can be configured to include a CAPTCHA
   68: mechanism to discourage robotic form completion.  There are two types of CAPTCHA to choose
   69: from -- the ``original'' CAPTCHA which uses a self-contained perl module included with the
   70: LONCAPA prerequisites, or ReCAPTCHA, which uses an external web service --
   71: https://google.com/recaptcha -- and requires you to create an account and generate public
   72: and private keys which will be entered in the domain configuration form.  If you have more
   73: than one server in your domain, you should request ``global'' keys, as the same keys will be
   74: used by the Contact Helpdesk ReCAPTCHA on all servers in your domain. If using ReCAPTCHA, you
   75: can indicate whether version 1 or 2 should be used.
   76: 
   77: \hfill{}
   78: 
   79: \textbf{Custom HTML in document head}
   80: 
   81: The head portion of the log-in page may contain custom mark up (e.g., a script block containing
   82: javascript for page analytics) in a file which will be uploaded and published public.
   83: Different custom markup may be uploaded for each server in a domain, and a comma separated list
   84: of IP addresses may be specified for which the custom markup will not not be included in the page, 
   85: when the request for the log-in page originates from one of those addresses. A use case for the
   86: exempt IP addresses is where robotic requests for the log-in page and made from a monitoring
   87: machine, used to detect when a LON-CAPA server is not working correctly.
   88: 
   89: \hfill{}
   90: 
   91: \textbf{Dual login: SSO and non-SSO}
   92: 
   93: For a LON-CAPA node configured to support Single Sign On (SSO), e.g., by operating as a Shibboleth SP,
   94: entries in Apache config files (loncapa\_apache.conf, if Shibboleth) will cause display of an SSO login page
   95: whenever a user accesses /adm/roles without a cookie for an unexpired LON-CAPA session.  If it is preferred
   96: instead to display /adm/login configured to offer dual SSO log-in (e.g., Shibboleth), and non-SSO login
   97: (i.e., LON-CAPA), that will be set via the ``Dual login: SSO and non-SSO options'' section.
   98: 
   99: Check the ``Yes'' radio button for each of the domain's servers which will offer dual login and then set:  
  100: 
  101: \begin{itemize}
  102: \item SSO: Text, Image, Alt Text, URL, Tool Tip
  103: \item non-SSO: Text
  104: \end{itemize}
  105: 
  106: The value in the URL field will be /adm/sso for Shibboleth, and an uploaded image file will provide the button to be clicked
  107: to load /adm/sso (i.e., to prompt an SSO login). The alt and title attributes for the button can also be set.
  108: 
  109: With this in effect the LON-CAPA login page /adm/login will display the following:
  110: 
  111: \begin{itemize}
  112: \item Log-in type:
  113: Immediately followed by the text for either SSO, or non-SSO login, as set via the ``Dual login: SSO and non-SSO options'' 
  114: textboxes for SSO and non-SSO.
  115: 
  116: \item Change?
  117: A link below the ``Login type:'' line which can be used to toggle between the SSO and non-SSO logins
  118: 
  119: \item Button (SSO) or Log-in box (non-SSO)
  120: 
  121: \begin{itemize}
  122: 
  123: \item SSO - an image (i.e., clickable button) which was uploaded in the SSO option item, with alt text, and a tool tip
  124: shown when hovering over the button.
  125: 
  126: \item Non-SSO - standard LON-CAPA login box for username, password, domain and "Log In" button.
  127: 
  128: \end{itemize}
  129: 
  130: \end{itemize}
  131: 
  132: If the SSO service is something other than Shibboleth (e.g., CAS or Sentinel) and the PerlVar lonOtherAuthenUrl has
  133: been set to a preferred URL (e.g., /adm/sentinel), then the URL item in the SSO entry in the dual login options
  134: should be set to that same preferred URL.
  135: 
  136: Note: if the original page request by an unauthenticated user included a query string containing role and symb (i.e., 
  137: the unique resource instance identifier) then they will be stored in a token file on the server, for access later to support deep-linking.