...
At this point, before you can do some of the following steps, you need to contact the CCC Proxy Project team to tell them that you are ready to add your college/district IdP to the SSO Proxy. There are several steps that the Team need to take to configure the IdP SSO Proxy to be "ready" for the college/district IdP, and those need to happen before you download the metadata in the next step. Integration will start with the Pilot CCC IdP Proxy, and once that integration is successfully verified, then integration will move on to the Production CCC IdP Production Proxy.
The CCC IdP The Proxy Service Project Team will also ensure, as part of this step, that they have a copy of the metadata for your college/district IdP. Just as with CCCApply, the CCC SSO Proxy will need that metadata to be able to interact with your IdP. If you have registered your college/district IdP with InCommon, the metadata can be obtained by the Proxy Team through InCommon. If not, and you are running the Shibboleth IdP, the right metadata may be available in the IdP's file metadata/idp-metadata.xml. Otherwise, you will need to work with the CCC Proxy Team to get your metadata to them.
...
| Info | ||
|---|---|---|
| ||
| The CCC SSO Proxy Project Team can be reached here: CCC Proxy Project Mgmt Product Manager = Patricia Donohue, pdonohue@ccctechcenter.org; Proxy Service & Technical Mgmt Implementation Manager = Geneva Paliwodzinski, gpaliwodzinski@unicon.net |
STEP 3: Configure your Identity Provider (IdP) to Release the Above Attributes to the CCC SSO Proxy
| Note |
|---|
| If you are running a Shibboleth IdP v3 server, with the configuration changes made by Unicon, you won't need to add the following. |
Based on the IdP that solution you are running, a few configuration changes will need to be made :Portal Guard IdP -to your IdP. (NOTE: The information in this section is geared towards Shibboleth V3 IdP users. If you are using a different Identity Provider (IdP) solution, please follow the links below for instructions specific to your IdP. Then return to this document to ensure you've completed the remaining integration and testing steps.
...
- Portal Guard IdP - instructions can be found at Attributes for the Proxy: Portal Guard
- Ellucian IdP - instructions can be found at
...
- Attributes for the Proxy: Ellucian
Shibboleth IdP - instructions can be found below:
| Note |
|---|
| If you are running a Shibboleth IdP v3 server with the configuration changes made by Unicon, you will not need to make the following configuration changes because it has already been done for you. If you are not sure if these changes have been made already by Unicon, please contact the Proxy Project Team for confirmation. |
Shibboleth IdP
The new IdP v3 config that has been put in place includes consuming a CCC system-wide, centrally managed "attribute release file" (a central attribute-filter.xml file) from a HTTPS URL (with checking that the certificate matches for security.) The IdP automatically checks for updates for that file and if changes have been found will reload the file. That "CCC system-wide central attribute-filter.xml file" already contains the following attribute release rules for the proxy. You can tell if your IdP has that file by checking for the file in the IdP's conf/ directory, the file 'conf/attribute-filter.ccccentral.xml'. Otherwise, add the following to the IdP's conf/attribute-filter.xml file, or however you corresponding configure attribute release in whatever SAML IdP software that you are using.
...
| Pilot | https://sso.pilot.cccmypath.org/simplesaml/module.php/saml/sp/metadata.php |
| Production | https://sso.cccmypath.org/simplesaml/module.php/saml/sp/metadata.php |
STEP 5: Add the CCC
...
SSO Proxy Metadata to your College/District IdP
| Info |
|---|
| Did Unicon setup or upgrade your Shibboleth V3 IdP? Again, if you are running a Shibboleth IdP v3 server with the configuration changes made by Unicon, you won't need to perform the following , step as automated consumption of that central CCC system-wide metadata file mentioned above is already in place. If Unicon did not configure your Shibboleth IdP, you WILL NEED TO COMPLETE ALL STEPSyou are not sure if these changes have been made already by Unicon, please contact the Proxy Project Team for confirmation. |
Otherwise, if you are running Shibboleth IdP v3 without assistance from Unicon, you need to save the metadata file you obtained from the above URL, and save it as the file:
...