I am trying a new version of D2L and seeing two values that are missing from the LTI links. The values are context_id and ext_d2l_username both of these exist previously, is there any setting we need to do to make these values flow with the rest of the html post?
To enable sending context_id and ext_d2l_username, you first have to configure tool consumer information to allow sending them, and then make sure you also enabled it for that LTI link.
To configure tool consumer information:
Using an account with necessary privileges, from the Admin Tools choose External Learning Tools.
Click on the Settings link located close to the top right corner of the page.
Enable "Allow sending context information to tool provider" for context_id, and "Allow sending system username to tool provider" for ext_d2l_username.
After that, choose your LTI Link and under its configuration do the following:
Enable "Send context information to tool provider" for context_id. Note: this option will only be available if "Allow sending context information to tool provider" has been enabled in the Configure Tool Consumer Information screen.
Enable "Send system username too tool provider" for ext_d2l_username. Note: this option will only be available if "Allow sending system username to tool provider" has been enabled in the Configure Tool Consumer Information screen.
In order for the context_id to be sent when LTI link is launched, the link has to be launched from a course context. It will be be sent if it was added from a top org level.
Related
When I log in with an account which does not belong to the expected domain, this message is shown (which is correct).
I think this message is kind of ugly and not understandable for a non-developer person. Is there a way to modify this message in the Google Cloud Console or inside the OAuth code? I would like to display for example:
The email you used does not belong to the happy.com domain.
I fount this Feature Request In the Public Issue Tracker, and there they suggest to follow the steps of Customize the rejected-app message. Basically it mentions:
Your current account, user#domain.com, doesn't have permission to do these steps. To continue, switch to an administrator account. This will open the Google Admin console.
Switch to administrator account now or Learn more
From the Admin console Home page, go to "" and then Security and then API controls.
Under App access control, go to the Settings section.
Type your custom text in the box under the following message: Show this message if a user tries to use an app that can’t access restricted Google services.
Click SAVE.
If this doesn't make it, I would recommend you to comment on that FR in which they mentioned:
I have filed this feature request internally.
You might also want to ‘star’ the FR to ensure that you receive updates about it. You can also adjust notification settings by clicking the gear icon in the top right corner and selecting settings.
there are multiple posts / blogs how to configure a WSO2 IS resident IdP. Great. Is there a way how to configure the resident SAML IdP (EntityId) ?
g.
Yes there is a way to configure.
Log in to IS management console and In "Home" under "Identity" section click on "List" in "Identity Providers" subsection. Once you get to "Identity Providers" page, You'll see a "Resident Identity Provider" Link with a red icon. Click that link and you will go to Resident Identity Provider configuration page. In that page click on the "Inbound Authentication Configuration" (It will expand) then click "SAML2 Web SSO Configuration", it will also expand and there you will see a text box to edit the idpEntityId, with the label "Identity Provider Entity Id"
I'm able to create a user specifically for integrations and enter the corresponding credentials when configuring my WSS send port. This works fine, however, as expected, when I view the document in SharePoint, the "Modified By" user on the document is the integration user.
Is there a way that I can set the modified by field in SharePoint dynamically? That is, the user that actually initiates the integration? (I have the user's information available when the adapter sends the document to SharePoint, I'm just unsure of how to tell SharePoint to impersonate the integration as a specific user).
Does box.com support 'Autonomous Client' or client credentials grant?
I need to generate access_token programmatically and cannot do the web-server flow.
Can we obtain the access_token using the 'Autonomous Client' or 'client credentials grant' method for box.com APIs?
Box supports a client-credentials grant, but only for access to information that would be available for an anonymous user. It can be used to download openly shared content, or to get information about your application.
For machine-2-machine integrations with Box, Box recommends creating a system-account, and signing in with that account once through the user-flow. If you put the resulting Refresh token into a bootstrap location for your application (like a config file, or a database entry that's used only once) then you can bootstrap your application.
I want to modify CAS 3.5 to store some data in Session right after the authentication is correct. (not sure if it's the right method)
My CAS server is linked to a Kerberos one, which is connected to my Active Directory. I want to retrieve data from AD when authentication is successfully done. Then to store this data in a session attribute to easily use it in a controller.
Does someone have a clue about where to do thing in this very large CAS server project ?
Thanks,
CAS has a mechanism for retrieving and associating user attributes with a user's SSO session.
The implementation is based on the Jasig Person Directory project:
https://wiki.jasig.org/display/PDM15/Person+Directory+1.5+Manual
You can then use the built-in services management tool to "release" those attributes to particular clients: https://wiki.jasig.org/display/CASUM/Attributes
Certain clients (the Java client, PHP, etc.) have built in capabilities to read and extract the attributes from the CAS server validation response. The link above as well as the specific documentation for each client should list them.
To enable attribute loading, you need to replace the "attributeRepository" bean in your "deployerConfigContext.xml" with one of the provided PersonDirectory implementations and link it to your backing storage.