WeBWorK Main Forum

Unable to grade proctored gateway quiz

Unable to grade proctored gateway quiz

by Dave Rosoff -
Number of replies: 3
Hi all,

We'd like to use the gateway quizzes module to give short in-class quizzes to assess how students are keeping up with assigned reading at home. The proctored mode with set-level password seems ideal. These aren't large classes, but we have ~5 minutes in mind for the length of the quiz.

I was able to successfully initiate and complete a quiz this way, but at the end am presented with a proctor login and password to enter for the quiz to be graded. Is this the intended behavior? The only way I could get the quiz graded was to use the site-wide admin login and password, which doesn't seem right. I checked localOverrides.conf and defaults.config for anything weird-looking, but didn't see anything.

I had one idea: we are using WeBWorK::Authen::LDAP for normal user authentication. Do some settings need to be changed to make this work with the gateway quiz proctor authentication? There is a line in defaults.config that reads

$authen{proctor_module} = "WeBWorK::Authen::Proctor";

Does this need any change to be compatible with our LDAP authentication?
Thanks,
Dave
In reply to Dave Rosoff

Re: Unable to grade proctored gateway quiz

by Dave Rosoff -
I have confirmed that the LDAP authentication isn't hooked into the gateway proctor password the way I expected it to be. The system accepts my usual username and the old WeBWorK password I used before we moved to LDAP last summer. This is workable for us. I thought others might like to know about the workaround too, hence this post.

I'm still interested in this, if anyone knows a quick fix that will give the expected behavior.

Best,
Dave
In reply to Dave Rosoff

Re: Unable to grade proctored gateway quiz

by Gavin LaRose -
Hi Dave,

You've correctly diagnosed what's going on here. The origin of this anomoly in the behavior of the Authen::Proctor module is in its compatibility with other external authentication modules. In particular, Authen::Cosign (which we use at Michigan) manages user names through a browser cookie that identifies the user with the browser cache instance. This means that it's not straightforward to have Authen::Proctor also use Cosign authentication; to do that we have to be very sneaky, or have to drop the test-taking student's authentication credential.

As a result, Authen::Proctor was written to always use WeBWorK's default authentication system. You're correct that it should be more subtle than that. There is one additional complication in that it has to distinguish between permission levels to start and to grade a test, which isn't something that the Basic or LDAP authentications do.

For what it's worth, in any case.

Gavin
In reply to Gavin LaRose

Re: Unable to grade proctored gateway quiz

by Jeffrey Adler -
In the previous note, Gavin gives the technical reasons why it would be difficult to authenticate proctors (as opposed to students) via LDAP. Since I don't understand these technical details, I'm not in a position to say whether or not it's worth the effort to try to fix this flaw.

But if a fix is impractical, let me suggest something that might be easier.

First let me say why I care. We were administering gateway exams for the first time this semester, and found that no proctor could authenticate anyone. Nor could any professor. The only proctors who had any power were those set up as dummy accounts for testing purposes, since these accounts had passwords that were supplied manually, rather than through LDAP. Diagnosing the problem took many hours, even though we had a WW expert on call. While the situation is documented correctly at the bottom of this page, it also seems reasonable to me that no one here noticed it. So I'm not sure how we, or any other school in our shoes, could have avoided experiencing this problem.

Anyway, here's a potential partial-fix: When a proctor tries to authorize someone to take a test, and WW cannot find any password for that proctor, and WW knows that LDAP is in use, perhaps it could give a more informative message than that the proctor’s authentication failed. Perhaps append the following to the usual error message. "Note: LDAP authentication is not available for proctors, who must have a manually supplied password."

Is this feasible?