Case study to enable authentication in Sakai with a supplier such as Google, Facebook and others using the RFC6749 specification without the user providing the password.
----------------------------------
Entornos de Formación S.L.
C/ Bailén, nº 4. 46007 Valencia (España)
Web: http://www.entornosdeformacion.com
SlideShare: https://es.slideshare.net/SalvaP
Linkedin: https://www.linkedin.com/company/entornosdeformacion
Sakai with OAUTH2 integration - Entornos de Formación.
1. SAKAI with OAUTH2
INTEGRATION
Enable authentication in Sakai with a supplier such
as Google, Facebook and others using the
RFC6749 specification without the user providing
the password.
2. Case Study : SAKAI with OAUTH2 INTEGRATION
Client profile :
A university with a large volume of users.
Business situation:
Sakai supports internal user authentication, with
users coming from an LDAP directory, and SSO
solutions such as CAS server or Shibboleth. Some
institutions allow any user to create an account and
enter the application. To do this, they have to fill in a
few fields such as name, surname(s), email, etc. Today
there are a large number of applications that allow
authentication through external solutions as Google
and Facebook.
We had a request from a client who needed their
users to be authenticated in Sakai using an OAuth 2
provider such as Google, Facebook and MITREid. This
basically meant authenticated on the virtual campus
by any supplier implementing the RFC6749
specification.
The Challenge :
To enable authentication in Sakai with a supplier such
as Google, Facebook and others using the RFC6749
specification without the user providing the
password.
3. Case Study : SAKAI with OAUTH2 INTEGRATION
Solution :
EDF made the necessary changes so the Sakai login could
be configured for an OAuth 2 provider using the RFC6749
specification.
The operation flow is simple:
● Users request authentication on Sakai through an
OAuth 2 provider such as Google or Facebook.
● They are then redirected to the provider login,
where they must enter their credentials.
● Once the supplier has performed authentication,
the supplier requests permission to share the data
with Sakai.
● If the user authorises access to the data, the
provider redirects to Sakai, which generates a
user account.
● If the user decides to quit the application, Sakai
destroys the access token.
Benefits :
Any user with a Google or Facebook account could
authenticate in the platform without sharing their
credentials, which greatly increases the target audience of
the virtual campus. The user does not need to fill out any
field, only authorize Sakai information for use the name and
email.