In this section: |
You can implement any of four different types of security:
Allow All, the default security module, requires no authentication.
Authentication Required allows you to authenticate users against the user profile information on the ESS or against a configured Trusted System such as CAS or Shibboleth or other third-party system.
LDAP integrates the ESS with an existing LDAP security system. See LDAP Authentication for additional information and instructions. If necessary, you may want to refer to this KB (Knowledge Base) article (LDAP security module configuration) for details on configuring the ESS for LDAP.
Seamless Only provides the ability for a trusted system, such as an LMS, to perform authentication and authorization for ESS content links. This allows a user to seamlessly log in to content hosted by ESS from publishers such as Blackboard and Moodle.
If you are using LTI-Based Publishing, you MUST use either Seamless Only or Authentication Required as the security module for user authorization.
If you are using Seamless Only to provide access through an LMS or other third-party system, users can only access Echoes through that system, and only if you have installed the building block or plug-in that provides seamless authentication into an EchoSystem. Echo360 provides downloads for supported systems via the Customer Portal.
{multi-excerpt-include:pageTitle=Include Library|name=Note to Use When You Refer to the Knowledge Base|nopanel=true} |
If Seamless Only is used on a section, then students must be authorized via an LTI or Seamless link for the specific section in the LMS in order to view content for that section.
If Authentication Required is used on a section, then any authenticated student can access the content for that section.
{multi-excerpt-include:pageTitle=Include Library|name=LDAP Security Module|nopanel=true} |
In certain specific circumstances, the Seamless Only security module can prevent users from logging in to an EchoCenter page. This happens when the section associated with the EchoCenter page has the Seamless Only security module specified and one of the following is true:
Because the user has not been authenticated, the EchoCenter does not allow access. The user is told that the user name or password is incorrect, as shown below.
To prevent the System Missing case from occurring, make sure you configure a trusted system if you configure a Seamless Only security module. See Trusted Systems.
To address the User Not Authenticated case, follow these practices:
Follow these steps to create the security module.
Enter a Name for the module, preferably using one that indicates its function, such as "ldap_content_module".
Enter a Description of the module. This appears in the Security Modules list on the ESS.
You can only delete custom security modules. You cannot delete the Allow All, Authentication Required, LDAP, or Seamless Only security modules.
When you delete a custom security module, you must specify the alternate security module to use. If the custom security module is specific to a certain child organization, the alternate security module must be:
Upon deletion, when a replacement security module is chosen, any applicable properties of the deleted security module should be copied over to the replacement security module.
If you do not specify an alternate module, the Allow All security module will be applied to sections that were associated with the deleted security module.
Before deleting a custom security module, review the sections that will be affected and determine which security module you want to apply to those sections. |