I have my APP ID / APP Key and using the PHP sample file I authenticate against our install of D2L. I receive back the UserID and UserKey to the sample page. I authenticate against the system with my Admin userid and password at this point, not a specific account for this. I can perform the WhoAmI and a couple other things, however, I'm looking at how I can authenticate a specific user into the system at this point for SSO? We have a custom portal and I authenticate users from it to our Angel LMS now. I'm looking to do that for D2L, authenticate the user that the portal has already validated and pass them into D2L My Home page. I have worked with a variety of API's over the years, but this one has been difficult and documentation seems limited. Any help would be appreciated.
1 Answers
If I understand you correctly, currently your LMS users employ the Angel LMS as an identity provider (i.e. it actually authenticates the users), and then the D2L LMS consumes that IDP's service in order to authenticate a user? D2L does support use of the Valence Learning Framework APIs when the D2L LMS is using another, third-party, service as an IDP, but the environment configuration can be somewhat tricky.
Essentially, the entry point for API authentication (the first step that an API client must take to get a set of user keys) calls an URL in the D2L LMS that then re-directs to the procedure to log in the user, passing a ?target= parameter containing the callback URL that the calling client provided when first requesting the user tokens.
Thus, in order for the SSO using a third party IDP to work for an API caller, that target parameter needs to be passed along in each stage of the user authentication chain, properly URL-encoded at each stage. The Valence documentation does provide an overview of this process.
If your particular LMS needs differ from one of the standard user-authentication scenarios, it's probably good to have your LMS Admins contact D2L's customer support desk and open an incident with them, specifically explaining that you would like to ensure that your LMS environment using third-party user authentication can be properly set up to use the Valence Learning Framework APIs.
