Uploaded image for project: 'OpenOLAT'
  1. OpenOLAT
  2. OO-1062

User import to allow importing of users with Sibboleth authentication

    XMLWordPrintable

    Details

    • Funded by:

      Description

      When using shibboleth authentication user accounts are generated on-the-fly on the first login attempt. There is no way OpenOLAT could query the shibboleth authentication provider to pre-populate the database.

      However, the big disadvantage is that by this method it is not possible to assign users to courses before they logged in the first time. Students have to login first, then teachers can assign classes. In many cases it is needed that teachers can prepare this assignments before the term starts.

      In the user management users can be imported via copy/paste from an excel sheet. In that mechanism users can have passwords, however they can also have an empty password if the password is set later on. Shibboleth users could theoretically be imported that way, however there is no way to identify the user accounts during the shibboleth login process because the shibboleth authentication token is missing.

      This issue is about to solve this problem.

      To-do
      The user import must be extended in a way that passwords are treated as follows:

      • Empty passwords are ignored - user is created without password
      • Passwords that start with "SHIBBOLETH::" are parsed as shibboleth unique ID - user is created with shibboleth authentication token
      • Other passwords - user is created and password is used as OLAT authentication token

      Example:

      gabi.lustig		de	Gabi Lustig	lustig@openolat.org
      fritz.mueller	abc123	de	Fritz	Muller	fmuel@openolat.org
      thomas.est	SHIBBOLETH::23456@openolat.org	de	Thomas	Est	thomas.est@openolat.org
      

      this will create

      • An account gabi.lustig without passord
      • An account fritz.mueller with a local OLAT password abc123
      • An account thomas.est with a shibboleth authentication identity 23456@openolat.org

      Accounts that already exist are updated or ignored depending on the configuration.

        Attachments

          Activity

            People

            Assignee:
            srosse Stéphane Rossé
            Reporter:
            gnaegi Florian Gnägi
            Tester:
            Florian Gnägi
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 1 day, 3 hours, 30 minutes
                1d 3h 30m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 5 hours, 30 minutes Time Not Required
                5h 30m