Single Sign on for LMS

Request Type: 
Feature Request
Forums: 
Module configuration
Author: 
Thomas Breen
Issue/Request: 

We are looking to set up some kind of single sign on feature that connects our YaleSites Drupal site, located at http://encounterschinese.com/, with a LMS like Canvas. Is this possible? Are there any modules currently supported by YaleSites that would allow for this? We are currently in communication with the ITS-approved YaleSites developer Last Call Media, and they are concerned that building out a single sign on authentication system that connects a Drupal user management system in ITS with courses and gradebooks in Canvas would require a lot of back and forth between ITS and the developer.

Thanks, and please feel free to reach out if you have any questions about this request!

Best,

Tom

Josue Rodriguez on September 19, 2016:

Hello Tom,

We don’t have that kind of functionality. The issue would be that since you guys are not using CAS (which Canvas uses), we cannot make that connection. It would require using a third party verification feature which Canvas would not support. As Last Call stated, it would be a ton of work and configuration.

Josue

Thomas Breen on September 21, 2016:

Thanks very much for the prompt response, Josue! I’ve got two quick follow up questions for you:

1) Do you know of any current examples of YaleSites websites that are connected to instances of the Canvas LMS at Yale? Are there any current examples at the university of that connection between the user management of a YaleSite and user authentication on Canvas?

2) The developer we’ve been speaking with (Last Call Media) is concerned that, even after they build out an authentication workflow that connects our YaleSite with Canvas, there would be a lot of back and forth between them and ITS because of the potential security implications of hosting this new code on the YaleSites platform. Below is the quotation taken directly from our conversation with the developer. In theory, would you all at ITS be willing to host this new code that allows for single sign on between YaleSites and Canvas?

“While the protocols Canvas supports for single sign on through a third party are pretty standard, there is no native support on the Drupal side for providing login services to a third party site (there is no checkbox that says “act as a SAML IDP”). In addition, we anticipate a lengthy negotiation with Yale ITS, since this code will have to live on the YaleSites platform, and this has security implications.”

I know this is a lot to communicate via email. Please let me know if there is a time this week that you can hop on the phone to chat! My number is 203-432-6666.

Best,

Tom

Josue Rodriguez on November 22, 2016:

This was addressed via Office Hours.