PrairieLearn icon indicating copy to clipboard operation
PrairieLearn copied to clipboard
verified publisher icon PrairieLearn

Name order when coming from multiple authentication providers

Open trombonekenny opened this issue 1 year ago • 4 comments

How should we handle SSO scenarios when the name is formatted differently? For example, my Illinois Shibboleth name is "David E Mussulman" in PrairieLearn, but in early Canvas LTI testing it looks like Illinois might report it as "Mussulman, David".

I don't think we want names flip-flopping as the users enter via different SSO, which is the behavior I would expect as it's currently coded.

trombonekenny avatar Apr 12 '24 15:04 trombonekenny

The LTI 1.3 names and roles provisioning service will let PL poll Canvas to get the whole roster of names. We could use that to create accounts and enrollments, which would set them all to the LTI naming, but that alone won't solve the problem.

trombonekenny avatar Apr 12 '24 15:04 trombonekenny

This is on institutions to get right. If they want to use both SAML and LTI for auth, they'll need to ensure that both of them always pass the same values for all attributes.

nwalters512 avatar Apr 12 '24 15:04 nwalters512

I think we can say that, but I'm not certain how well we can enforce that.

trombonekenny avatar Apr 12 '24 18:04 trombonekenny

I would hope that only some attributes are essential matches for linking (e.g. any UUID number or NetID) whereas the name defaults to whatever initially, and can then be edited by the student according to their preference. Or let the student pick any name variation suggested by one of their auth providers.

echuber2 avatar Apr 17 '24 22:04 echuber2