old main

We’ve been looking at the possibility of Shibboleth authentication for Blackboard Learn, which is officially supported “out of the box” with 9.1 SP8. After discussions with UBC (currently using Shibboleth with Blackboard Learn), and our own security analysts, it appears that Shibboleth will not work with third-party applications connecting to Blackboard Learn, UNLESS there’s a fail-over authentication method.

Applications that will not authenticate with Shib:

  1. Blackboard Drive
  2. Respondus
  3. Respondus LockDown Browser
  4. TurningPoint and TurningPoint Anywhere
  5. Any WebDAV clients (Mac OS X, Windows Network Mapping, Cyberduck, etc)
  6. Blackboard Mobile Learn
Authentication order:
  1. Shib as primary authentication method
  2. LDAP would be fail-over if Shib fails
  3. Blackboard internal authentication would be fail-over for LDAP failures [used for external user and system/test accounts]

We’re already using LDAP with an internal fail-over, which means that we’d be adding a third layer to the authentication schema. The question remains: What’s the point of adding another layer, if we’re still needing to rely on two existing (and functional) authentication methods? Resources:

]]>