What it does
The Sakai User Provider enriches Opencast users
with a set of roles made up of the user's membership in Sakai sites, of the form
SITEID_Role. For example, an Opencast user who is also a Sakai user and a member
of the Sakai site
mysiteid with the Sakai role
Student will be granted the
mysiteid_Learner. Note that by default, Sakai site IDs are opaque
GUID values such as
The mapping of Sakai sites and roles to Opencast roles is consistent with the site and role mapping used by the LTI endpoint. The Sakai User Provider can therefore be used with LTI or another method of authenticating users.
The Sakai Role Provider allows Sakai site and role combinations to be used in
Event and Series ACLs. For example, the role
mysiteid_Learner can be added to a
Series ACL to grant access to the Series to members of the
mysiteid site in Sakai.
The Sakai User Provider requires Sakai 11.0 or later, and an admin-equivalent account on the Sakai instance.
etc/org.apache.karaf.features.cfg and make sure the
opencast-sakai feature is listed in the
To enable the Sakai User Provider, copy and rename the bundled configuration template from
Edit the configuration file to set your Sakai URL, and the username and password of the admin user on the Sakai system:
sakai.url=https://mysakai.my.domain sakai.user=opencast sakai.password=CHANGE_ME
Verify that the Sakai User Provider starts up with the correct Sakai URL by looking for a log entry like this:
(SakaiUserProviderInstance:154) - Creating new SakaiUserProviderInstance(pid=org.opencastproject.userdirectory.sakai.f1fad141-8cc8-41ee-b514-8dad00984af6, url=https://mysakai.my.domain, cacheSize=1000, cacheExpiration=60)
Then login to Opencast using a username which also exists in your Sakai system. Verify the roles granted to the user by opening the URL OPENCAST-URL/info/me.json in a new browser tab.
If necessary, you can increase the logging detail from the Sakai user provider by
adding an entry to
You can grant additional roles to all Sakai users in Opencast by creating a group with the title 'Sakai'. You can then add additional roles to this group, which will be inherited by all Sakai users.
You can also use the group role name ROLE_GROUP_SAKAI in Event or Series ACLs.