WeBWorK Main Forum

Allowing password-based admin login, but requiring LMS login for student

Allowing password-based admin login, but requiring LMS login for student

by Szabolcs Horvát -
Number of replies: 5

Is it possible to keep password-based login for admin/professor roles, but require LMS-based login for students? Problem: Some admin users don't have a corresponding/matching LMS account.

Setting $external_auth = 0; disables password-based login for all users, not just students.

In reply to Szabolcs Horvát

Re: Allowing password-based admin login, but requiring LMS login for student

by Glenn Rice -
No that is not possible. It is not even possible to implement. When the login page is opened there is no user. So there is no way to know if the form to login should be shown or not. The only option is to either always show it, or always not show it.
In reply to Glenn Rice

Re: Allowing password-based admin login, but requiring LMS login for student

by Szabolcs Horvát -
Thanks for the response, it's good to know what is possible with the current version.

A potential solution to the UX dilemma is to send student to the LMS when they try to log in with a password.
In reply to Szabolcs Horvát

Re: Allowing password-based admin login, but requiring LMS login for student

by Alex Jordan -

If you are a student who teaches the login screen, there are three scenarios to consider.

  • You do not know your WeBWorK username. Or you think you know it, but you are wrong.
  • You do not know your WeBWorK password. Or you think you know it, but you are wrong.
  • You correctly know both.

The first two situations are common when a student had their account created with LTI.

Only the third situation is something where it makes sense and is security-wise to acknowledge the person is a student and actively redirect to the LMS.

In reply to Szabolcs Horvát

Re: Allowing password-based admin login, but requiring LMS login for student

by Alex Jordan -

How would this look in practice?

A user reaches the login screen. WeBWorK does not know yet if this would-be user will be an admin/professor, so the screen will show the same thing it shows for a student who has reached the login page. So what next?

There would need to be input fields for the username and password. Students will try to use those, thinking they can use their regular institution credentials. That will fail and they will be frustrated.

I can imagine some ways to mitigate the issues there, but ideas I've had are not great. Maybe you have a better idea though.

In reply to Alex Jordan

Re: Allowing password-based admin login, but requiring LMS login for student

by Sean Fitzpatrick -

My not-very-fancy solution has been to include some text in the site info file along the lines of "Student login is not possible through this page, please access your homework via Moodle."

As long as instructors take a moment to ensure students know that they need to log in via LMS, there aren't usually many problems.