cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ek
Community Participant

OAuth2 authentication against LDAP service provider instead of canvas credentials?

Hi all,

Sorry, kind of a loaded question. So I have previously implemented OAuth2 authentication against a wordpress website. So when a user gets created in wordpress, their account also gets created in Canvas with the same password. Upon logging in to the wordpress site for the first time, the OAuth2 process kicks off and the user has to enter in their Canvas credentials to link the two sites together. Once that happens, the user can enroll in courses from the wordpress site via functions I've created using the Canvas API which uses the individual user's OAuth2 token.

Recently we have activated LDAPS authentication in Canvas to get around having to create accounts for every employee of ours. So Canvas is connecting to our Active Directory and authenticating users, which is working great.

But the LDAPS implementation is essentially breaking the OAuth2 authentication I built. With LDAPS, the user's password is no longer stored anywhere (except for our Active Directory). So the OAuth2 authentication is taking them to the default canvas login URL (which requires an actual password in Canvas). They try to put in their Active Directory password and it doesn't work.

Besides passing their Active Directory password to canvas in the API, does any one know of a workaround I can try? I guess I can try to use an admin OAuth2 token on every user's behalf, but I don't think that is good practice.

Tags (3)
0 Kudos
1 Reply
chofer
Community Coach
Community Coach

Good evening,  @ek ...

I am reviewing older questions here in the Canvas Community, and I came across your question.  I wanted to check in with you because I noticed that we have not heard back from you since you first posted your question on June 27, 2019.  While I don't really have an answer for you, I'm sorry to see that your question has been sitting here unanswered for such a long time.  It seems as though you may have stumped the Community with your question.  Have you been able to find any solutions on your own since you first posted your question at the end of June?  If so would you be willing to share your findings with us back here in this topic?  Or, if you are still looking for some help from members of the Community, please let us know that as well.  Either way, we would like to hear back from you.  For the time being, I am going to mark your question as "Assumed Answered", but that won't prevent you or others from posting additional questions and/or comments below that are related to this topic.  I hope that's okay with you, Eric.  Looking forward to hearing back from you soon.