This documentation will help you integrate your identity services with D2L LMS and D2L Capture offered by Desire2Learn through Internet2's NET+ program. Associated portions of the NET+ Identity Guidance for Services are noted by section. Desire2Learn also maintains general documentation on identity integration, which is available as an attachment to this article by clicking the paperclip.
Discovery and Authentication
D2L LMS is capable of doing discovery in a wide variety of ways. Typically, a LMS that is used exclusively by users from a single identity provider will use a single "Login" button that redirects the user to the customer's IdP(1.1.2). It is possible to use multiple IdP's for any given D2L LMS instance if the use case calls for it through use of scoped identifiers along with either multiple login buttons or a discovery service(1.2.1) which is directly integrated into D2L LMS.
Deep linking followed by authentication and delivery of associated content is possible.
Attributes
Desire2Learn offers great flexibility to identity providers in terms of which attributes can be expressed and how they can be mapped. Identifiers may be scoped or unscoped, so use of eduPersonPrincipalName is recommended. The below are the default SAML attribute mappings to attributes as understood by Desire2Learn.
Desire2Learn Attribute |
Recommended SAML Attribute Name |
Optional |
|---|---|---|
eduPersonPrincipalName |
urn:oid:1.3.6.1.4.1.5923.1.1.1.6 |
No |
eduPersonEntitlement |
urn:oid:1.3.6.1.4.1.5923.1.1.1.7 |
Yes |
Privileges
Desire2Learn privileges are managed within the application(2.5.3). Only users that have been previously provisioned may be given privileges within the Desire2Learn application.
Provisioning
Users are typically provisioned to Desire2Learn using back channel provisioning (3.2) using IMS Global Learning Consortium's LIS v2.0. Custom integrations are capable of front-channel provisioning.
Deprovisioning
Deprovisioning of provisioned information in Desire2Learn is handled through LIS v2.0 as well.
Logout
Desire2Learn performs local logout with an optional redirection to a logout service configurable per D2L LMS instance (5.1.1). It can handle local logout, logout from the LMS and the IdP, or full SAML-based logout.
Implementation
Desire2Learn uses Shibboleth as its SAML solution.
Metadata Support
Desire2Learn is able to load InCommon metadata and metadata for any given LMS can be registered with InCommon as well.
Non-Browser Access
There is no non-browser access to the D2L LMS. It's possible to authenticate to D2L Capture using federated identity using a D2L LMS as an intermediary.
Example Configuration for SAML Implementations
Please add your own examples here.