The following is an example using the configuration values that were filled in for CCSF's integration with Canvas. This document illustrates configuring your Canvas to route your college/district IdP through the CCC Proxy insteadSSO proxy. To do that, the following values will need to be updated in order to implement this change:
- IdP entityID: this will change to the proxy entityID
- Log On URL: this will change to a URL that goes to the proxy SSO endpoint, and with a ?source= query argument identifying the college/district IdP to route to
- Certificate fingerprint: this will become the certificate fingerprint of the proxy signing certificate
- Note: the Logout URL, if you want the user logged out of your IdP after logging out of Canvas, will be same as below. The proxy will not keep a session, so you will need to configure Canvas to send the user to your IdP's Logout endpoint.
Set Up Requires Canvas Administrative Privileges
Each college using Canvas has one or two people who have been established as the "Canvas Administrators" for that college. The person(s) in that role has access to their Canvas site with "administrative privileges", including being able to configure how authentication is done for their Canvas site. This individual will need to make the changes outlined in this document.
...
Testing
Testing should occur on the Test/Beta site that has been established for your college. An example of a test url is: https://ccsf.test.instructure.com/login/saml You will need to replace the correct values associated to your college test site in order to successfully test the changes.
...