...
The proxy serves two main functions, the first is to include CCCID as an assertion when the college IdPs are unable to assert the CCCID from their user store. The second is to aid in the discovery process when navigating across service providers in separate domains.Technically speaking, the proxy is designed to help colleges assert consistent SAML attributes to the various Service Providers (SP) within the CCC SSO Federation.
The CCC IDP Proxy is a centralized proxy service through which secure CCC web applications can centralize authentication requests for students and staff across all CCC colleges then contact the appropriate "read IdP" - such as the OpenCCC IdP system - to complete the requests. The goal of this design is to simplify and accelerate system-wide technology adoption and provide uniform experiences for key users. Technically speaking, the CCC IdP Proxy is designed to help colleges assert consistent SAML attributes to the various Service Providers (SP) within the CCC SSO Federation of secure web applications.
The main proxy use case is when a college is not able to send the CCCID SAML attribute for students when they attempt to authenticate to a CCC web application. If the proxy discovers that the CCCID SAML attribute is not present, it will locate the CCCID associated with the IdPs unique identifier (EPPN) for the student
The goal of this design is to simplify and accelerate system-wide technology adoption and provide uniform experiences for key users.
...