...
This simple diagram illustrates what this looks like:
Before You Begin Integration with the SSO Proxy
Before your college can connect to the CCC SSO Proxy, a set of minimum requirements for integration with the IdP Proxy must be met:
- Install an Identity Provider (IdP) software solution such as Shibboleth V3 or Portal Guard, or upgrade your existing Shibboleth IdP to Version 3. (See "Supported IdP Solutions".)
- Schedule a Proxy Integration Kick-Off meeting with the CCC Proxy Project team. See Support for contact information.
- Set up a test environment to use for testing authentication of your IdP with the Proxy and to other CCC web applications.
- Take steps to join the InCommon Federation and register your IdP and upload your metadata.
NOTE: If you have not completed the InCommon membership process by the kick-off meeting, we can still integrate your IdP with the proxy. Once your InCommon membership is complete and your metadata is uploaded to their system, please inform the Proxy Project Team and we will obtain it from InCommon for you.
Install or Upgrade IdP Solution
In order to take advantage of the benefits of Single Sign-On (SSO) and federated identity management, which allows the sharing of information about users from one secure domain to the other organizations and applicatons within the CCC SSO Federation, your college/district must deploy a SAML-compliant IdP which meets the requirements for SSO for students, staff and faculty. For many colleges, this means upgrading your existing Shibboleth V2 IdP (implemented prevously for staff to integrate with the CCCApply Administrator & CCC Report Center) to V3 which facilitates single sign-on for students, as well as staff.
...
For this purpose, the CCC Tech Center recommends Shibboleth V3. Although any SAML-compliant identity provider (IdP) software solution that meets the requirements of the CCC SSO Federation may be used, support is only provided for Shibboleth and Portal Guard at this time.
...
| Info |
|---|
| NOTE: If your college contracted with Unicon to complete a Shibboleth V3 upgrade, your IdP metadata is already configured with the required attributes needed to integrate with the Proxy. This is one less step to complete in the process and means you can forward your Shib V3 metadata to the CCC Proxy Project team right away. For more information, please contact Patty Donohue, Product Manager, pdonohue@ccctechcenter.org. |
...
The IdP Proxy and supporting components are currently operational in two environments: PILOT, for testing and early production stage proof of operations; and PROD, the production environment used by students and staff.
In order to complete the integration process and facilitate ongoing testing, colleges must stand up a testing environment to ensure their IdP solution is able to authenticate with the Proxy and CCC applications. The college test environment will access the CCC's PILOT environment for the Proxy and various applications.
Integrating with the Proxy
. Please review the documentation for Prerequisites for Integrating with the SSO Proxy prior to beginning the SSO Proxy integration process. The colleges should ensure that they have an SAML complaint SSO solution in place prior to the integration occurring.
Integrating with the Proxy
Once you are ready to begin, please engage with the CCC SSO Proxy team to schedule a Project Kick-off meeting. During the Proxy Project Kick-Off meeting, the following documents will be reviewed to ensure you have a good understanding of the Proxy and how to configure your IdP to integrate with it. Please be sure to discuss all existing and planned implementations with the project team to ensure all systems are connected to the Proxy during the integration process.
...