Forum archive 2000-2006

Dennis Keeler - Integration with Blackboard

Dennis Keeler - Integration with Blackboard

by Arnold Pizer -
Number of replies: 0
inactiveTopicIntegration with Blackboard topic started 6/4/2004; 2:29:30 PM
last post 6/5/2004; 1:28:59 PM
userDennis Keeler - Integration with Blackboard  blueArrow
6/4/2004; 2:29:30 PM (reads: 1016, responses: 3)
Has anyone integrated Webwork2 with Blackboard? I suppose the main uses would be to automatically update the Webwork2 class list and to connect the Webwork2 grades with the Blackboard gradebook. MapleTA apparently has some integration with Blackboard, though I haven't yet learned the extent of the integration.

Or perhaps there are other hooks in Webwork2 to add users, and maybe even passwords, automatically. I was told by IT Services that an LDAP interface might allow our students to use their university-wide password.

Thanks. -Dennis

<| Post or View Comments |>

userJohn Jones - Re: Integration with Blackboard  blueArrow
6/4/2004; 4:47:11 PM (reads: 1184, responses: 0)
Our university uses blackboard, but we have minimal integration with it.  Our blackboard login sets a cookie in the student's browser and I patched WW 2's Authen.pm to check for it.  So, the only integration we have is that an instructor can put links on a page in blackboard which go to their webwork course (or a particular set, or a particular problem in a set) and the student will go straight in without logging in again.

John

<| Post or View Comments |>

userZbigniew Fiedorowicz - Re: Integration with Blackboard  blueArrow
6/5/2004; 11:31:13 AM (reads: 1230, responses: 0)

How secure is this?  How does your modification check the validity of the cookie?  Presumably there is some encrypted or secure-hashed information in that cookie, but only the Blackboard server could check for that.  It's probably not worth worrying about for student logins, but could some hacker mock up a cookie on their desktop system which could fool your webwork server into logging the hacker in as a WeBWorK instructor?

Also another point is that if the user has their browser privacy set to only allow cookies to be sent back to the originating server, then this system would not work.

To respond to Dennis' second question, we at Ohio State have developed modifications to WeBWorK 1.9 which enable students to authenticate into WeBWorK against the university email server.  We have also developed modifications which allows instructors to download class rosters from the registrar's web site and import them into WeBWorK, as well as bulk upload final grades.  Basically the way this works is that the WeBWorK server prompts the instructor for their university username/password, then uses a web robot (curl) to log into the registrar's site and access the relevant secure pages on the registrar's site. 

<| Post or View Comments |>

userJohn Jones - Re: Integration with Blackboard  blueArrow
6/5/2004; 1:28:59 PM (reads: 1210, responses: 0)
The security of the system is in the hands of the university's IT department.  We are just following their protocols.  We aren't doing anything tricky.  On the bright side for us, we can't really be held responsible for having lax security - it is ASU which authenticates users, not webwork.  If a hacker can fake someone else's cookie to get into webwork, they can act as a professor on other systems and assign final grades.  The university tells students that they have to open up their browser's cookie policy.  Otherwise, their system will fail.

Here are more details on how it works.

Authentication is not centered with blackboard; the university has servers devoted to authentication.  The idea is that any other server that wants to authenticate with the university login/password checks for the cookie (which is encrypted) and the ip address of the client.  It makes a system call which sends this to the authentication servers.  The response is either an "ok" and the login name it goes with, or "not ok" and a reason why.

If someone does not have a valid cookie, we redirect them to the university's login page with an extra form variable set saying what url the login server should send the user to if successful.  That is how the student gets back to us.

If a student has logged into blackboard, or the university's web-based e-mail, or webwork, etc., they get the cookie from the central authentication service and should be able to move between these services without relogging in.  It is handy for me when working with our webwork courses since once I log in to one course, I am good for all our webwork courses (because I am listed on the webwork rosters of all our courses).



<| Post or View Comments |>