Versions Compared

Old Version 15

changes.mady.by.user Patricia Donohue

Saved on

compared with

New Version 16

changes.mady.by.user Patricia Donohue

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

To support the goals of the CCC SSO Federation, a proxy service has been deployed through which secure CCC web applications can centralize authentication requests for students and staff across all CCC colleges then contact the appropriate "read real IdP" - such as the OpenCCC IdP system - to complete the requests. The goal of this design is to simplify and accelerate system-wide technology adoption and provide uniform experiences for key users. 

The proxy serves two main functions, ; the first is to include the CCCID as an assertion when the college IdPs are unable to assert the CCCID from their user store.  The second is to aid in the discovery process when navigating across service providers in separate domains.Technically speaking, the proxy is designed to help colleges assert consistent SAML attributes to the various Service Providers (SP) within the CCC SSO Federation.

...

Table of Contents
maxLevel2
minLevel2

Use Cases

The main proxy use case is when a college is not able to send the CCCID SAML attribute for students. If the Proxy discovers that the student's CCCID is not present when attempting to authenticate to a particular CCC web application, it will attempt to find the CCCID associated with the IdPs unique identifier (EPPN) for the student.

...

  1. Install an Identity Provider (IdP) software solution such as Shibboleth V3 or Portal Guard, or upgrade your existing Shibboleth IdP to Version 3. (See "Supported IdP Solutions".)
  2. Schedule a Proxy Integration Kick-Off meeting with the CCC Proxy Project team. See Support for contact information.
  3. Set up a test environment to use for testing authentication of your IdP with the Proxy and additional to other CCC web applications. 
  4. Take steps to join the InCommon Federation and register your IdP and upload your metadata. 
    NOTE: If you have not completed the InCommon membership process by the kick-off meeting, we can still integrate your IdP with the proxy. Once your InCommon membership is complete and your metadata is uploaded to their system, please inform the Proxy Project Team and we will obtain it from InCommon for you. 

 

Install or Upgrade IdP Solution

In order to take advantage of the benefits of Single Sign-On (SSO) and federated identity management, which allows the sharing of information about users from one secure domain to the other organizations and applicatons within the CCC SSO Federation, your college/district must deploy a SAML-compliant IdP which meets the requirements for SSO for students, staff and faculty. For many Collegescolleges, this means upgrading your existing Shibboleth V2 IdP (installed specifically implemented prevously for staff to integrate with the CCCApply Administrator & CCC Report Center) to V3 which facilitates single sign-on for students, as well as staff.  

...

For more information about Shibboleth, please see What is Shibboleth IdP? on the CCC SSO Federation Resource Guide and Upgrading Shibboleth from V2 to V3

...