The LDAP protocol is designed to query a directory of user accounts. This system requires that the institution properly stores the accounts of users who can access Compilatio in a well-defined branch of their LDAP directory.
This branch must be available for consultation at Compilatio.
It is possible to set up several branches if there are several institutions / components.
Access to the Compilatio service is through a URL dedicated to the establishment. The script running at this URL asks the user to authenticate himself with his logineven if he is already authenticated in his institution and then directly queries the institution's LDAP server for authentication.
We can describe the operation of LDAP authentication as follows:
- When a user wants to access the service, he has to enter his
identifiers on the page dedicated to it (see 1, 2 and 3 of the diagram).
- Compilatio queries the LDAP server of the establishment (see 4 of the diagram)
- The LDAP server response determines whether the user is legitimate to access the
service or not (see 5 and 6 of the diagram)
Source : Compilatio
|Types of authorized users||Teachers, institutional staff, doctoral students|
|Customization possible ?||Yes|
The institution must provide Compilatio the coordinates of its LDAP server, and allow Compilatio servers to communicate with it.
To authenticate a user, the institution must communicate the name of the attributes user accounts containing the following information:
- name (ex: displayName)
- first name (ex: sn)
- email (ex: mail)
- account type (e.g. eduPersonAffiliation)
It is mandatory for the institution to allow access to all attributes requested by Compilatio.
The institution must also notify Compilatio, access rules (filters) for accounts. It must specify the types of accounts (values for the attribute "type of account") authorized to access Compilatio.
Steps to implement authentication
- Complete the information sheet provided by the Compilatio team
- Answer any additional questions
- Receive confirmation from Compilatio that the authentication is effective
Find out about other external authentication systems:
- External authentication with Shibboleth federated RENATER / EduGAIN
- External authentication with unfederated Shibboleth
- External authentication CAS (Central Authentication Service)
- External authentication with Microsoft Azure