...
- Add an entry for the new college/district in two places in the authsources.php config file in the external-config/pilot/opt/ccc/config in the cccnext/idp-proxy Bitbucket repo, git add, and commit.
- aws s3 cp authsources.php s3://ccc-pilot-proxy-simplesaml-config/opt/ccc/config/
- Add a new authsource entry to resources/authsources.json with the appropriate AuthSource alias, IDP entity ID, Eppn scope/suffix, description and MIS code(s) in the cccnext/saml-ccc Bitbucket repo. See example below.aws s3 cp authsources.json s3://ccc-prod-???
InCommon Updates
- Go to https://www.incommon.org/federation/siteadmin.html, click on Federation Manager sign in in the left nav and log in using Franz's InCommon creds in LastPass.
- Once authenticated, change the url to https://service1.internet2.edu/siteadmin/organizations/10513/service_providers
- Click on https://sso.pilot.cccmypath.org/simplesaml/module.php/saml/sp/metadata.php [ Edit ]
Go about half way down the page and click on [ Edit ], and add the new AssertionConsumerService line that was added to the Proxy in one of the three blank fields at the bottom of the AssertionConsumerService section.
Production Onboarding
- Once testing in Pilot has been verified, Metadata Change #2 (only) will need to be made for the Production environment. For this, add the same AssertionConsumerService line as done for pilot in the Prod IdP Proxy "SP side SP descriptor.
- Add an entry for the new college/district in two places in the authsources.php config file in the external-config/prod/opt/ccc/config in the cccnext/idp-proxy Bitbucket repo, git add, and commit.
- aws s3 cp authsources.php s3://ccc-prod-proxy-simplesaml-config/opt/ccc/config/
- Add a new authsource entry to resources/authsources.json with the appropriate AuthSource alias, IDP entity ID, Eppn scope/suffix, description and MIS code(s) in the cccnext/saml-ccc Bitbucket repo. See example below.
Upon completion of the steps above, after propagation of the updates (approximately one hour), testing of the new school with the IdP proxy can commence. Note, some colleges/districts will have different metadata for their prod IdP versus their pilot IdP. If so, we'll need to add their prod IdP metadata just like we did their pilot metadata in section 2.1.
Updating authsources.json
authsources.json is used by applications such as SSP and Assess to create links to other services via the SSO Proxy
...
authSource | this should be the same name used in the authsources.php file in the sso proxy configuration |
eppnSuffix | this is the scope/suffix the IDP sends with authenticating a user. This value can be found in the implementation JIRA ticket |
description | A description of the entry |
idpEntityId | The Metadata entity id of the college idp. This value can be found in the implementation JIRA ticket |
misCodes | An array of mis codes served by the college IDP. This value can be found in the implementation JIRA ticket |
authsources.json example
Code Block |
---|
[ { "authSource": "idp.collegea.edu", "eppnSuffix": "idp.collegea.edu", "description": "College A IDP", "idpEntityId": "https://idp.collegea.edu/idp/shibboleth", "misCodes": [ "311", "312", "313" ] }, { "authSource": "CIMock", "eppnSuffix": "democollege.edu", "description": "Uni College IDP", "idpEntityId": "https://ci-idp.ccctcportal.org:8443/idp/shibboleth", "misCodes": [ "ZZ1" ] } ] |
...