Feature Wiki

Information about planned and released features

Tabs

ECS Support for OpenID Connect

1 Initial Problem

Currently, the ECS interface can deal with two "federated" / external authentifiaction modes for incoming ECS users: LDAP and Shibboleth. Many installations and international services / partners or other LMS user OpenID Connect as their preferred auth mode. The ECS interface in ILIAs does not support this.

2 Conceptual Summary

The ECS interface should list OpenID Connect auth sources (if configured and actived) in the ECS Import / Export settings for each ECS participant.

Course / Ressource export (ECS users are incoming): This will enable admins to configure that incoming users form platform A will be treated as OpenID Connect users and an OpenID Connnect authetifiation round trip will be atttempted for those users when they "arrive" on the ILIAS platform. This should be implemented exectly in the way that Shibboleth is dealt with right now by the ECS Interface of ILIAS.

Course / Ressource Import (ILIAs users are "jumping" to the external ECS platform): In the same way as with LDAP or Shibboleth, ILIAs admins should be able to choose which "identy" attribute is transfered via ECS (either LOGIN or EXT_ACCOUNT) and it should be possible to maniplulate them by pre- or suffxing a string.

3 User Interface Modifications

3.1 List of Affected Views

  • Administration > Extending ILIAS > ECS > Participants > Edit

3.2 User Interface Details

{ For each of these views please list all user interface elements that should be modified, added or removed. Please provide the textual appearance of the UI elements and their interactive behaviour. }

3.3 New User Interface Concepts

{ If the proposal introduces any completely new user interface elements, you might consult UI Kitchen Sink in order to find the necessary information to propose new UI-Concepts. Note that any maintainer might gladly assist you with this. }

3.4 Accessibility Implications

{ If the proposal contains potential accessibility issues that are neither covered by existing UI components nor clarified by guidelines, please list them here. For every potential issue please either propose a solution or write down a short risk assessment about potential fallout if there would be no solution for the issue. }

4 Technical Information

{ The maintainer has to provide necessary technical information, e.g. dependencies on other ILIAS components, necessary modifications in general services/architecture, potential security or performance issues. }

5 Privacy

{ Please list all personal data that will need to be stored or processed to implement this feature. For each date give a short explanation why it is necessary to use that date. }

6 Security

{ Does the feature include any special security relevant changes, e.g. the introducion of new endpoints or other new possible attack vectors. If yes, please explain these implications and include a commitment to deliver a written security concept as part of the feature development. This concept will need an additional approvement by the JourFixe. }

7 Contact

  • Author of the Request: Glaubitz, Marko [mglaubitz]
  • Maintainer: {Please add your name before applying for an initial workshop or a Jour Fixe meeting.}
  • Implementation of the feature is done by: {The maintainer must add the name of the implementing developer.}

8 Funding

If you are interest in funding this feature, please add your name and institution to this list.

  • [Universität Freiburg]

9 Discussion

10 Implementation

{ The maintainer has to give a description of the final implementation and add screenshots if possible. }

Test Cases

Test cases completed at {date} by {user}

  • {Test case number linked to Testrail} : {test case title}

Privacy

Information in privacy.md of component: updated on {date} by {user} | no change required

Approval

Approved at {date} by {user}.

Last edited: 29. Apr 2024, 14:58, Glaubitz, Marko [mglaubitz]