Versions Compared

Old Version 1

changes.mady.by.user Patricia Donohue

Saved on

compared with

New Version Current

changes.mady.by.user Patricia Donohue

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Release Schedule

Description

Date

Release No.

1.8.0.0

Pilot Release Date & Time

January 5February 6, 2018 

Production Release Date & Time

January 12February 8, 2018

Type

Technical Update (Bug fixes, version upgrade, some feature enhancements)


DescriptionLink

Applications

CCC SSO Proxy

Enabling Services Transition Plan

Operational Support Plan

Communication
Link to Support Plan

Integration Status Spreadsheet

Link to Status Spreadsheet


Anchor
Top
Top
Table of Contents

Table of Contents
maxLevel2
minLevel2
absoluteUrltrue

Release

Notes

Summary

Below is a summary of the enhancements and bug fixes and enhancements that will be were released to the Production environment on January 12, 2018during the SSO Proxy version upgrade (1.8.0.0) across all environments on Feb 6 (Pilot) and Feb 8, 2018 (Prod).   

  • Version update: 
  • Bug fixes: 
    • Enhancements: 

    Back to Top

    Image Removed

    SSO Proxy Update:  What is being updated in this release? 

    What is are the new enhancements being deployed?Over the past year, a number of colleges have reported fraudulent applications being submitted through CCCApply. Thanks to the diligent efforts of these colleges in identifying and providing examples of these applications to the Tech Center, we began working with a data analysis research team who specialize in machine learning algorithms and have kicked off a research and development project and started a pilot project with four colleges.

    Who benefits from these enhancements?

    Over the past year, a number of colleges have reported fraudulent applications being submitted through CCCApply. Thanks to the diligent efforts of these colleges in identifying and providing examples of these applications to the Tech Center, we began working with a data analysis research team who specialize in machine learning algorithms and have kicked off a research and development project and started a pilot project with four colleges.

    The goal of the R&D project is to develop a spam filter tool that - based on the machine learning algorithm - flags probable fraud applications and moves them to a "suspend" folder, allowing colleges to review and remove bad applications before they reach their download file. Development is underway now and we plan to release the tool and the admin user-interface to production by June 2018.  Until then, we will continue our efforts to prevent fraud through CCCApply by identifying trends and putting development in place to further thwart fraudulent behavior. 

    What are the priority bug fixes?

    One way we can keep spammers from submitting fraud apps through CCCApply is to trigger an error message at the point of submission IF the application submission time is less than 90 seconds from the start time. If the system detects that the time to completion is less than 90 seconds, the error message will appear and block the app from being submitted.  

    Who benefits from the bug fixes?

    One way we can keep spammers from submitting fraud apps through CCCApply is to trigger an error message at the point of submission IF the application submission time is less than 90 seconds from the start time. If the system detects that the time to completion is less than 90 seconds, the error message will appear and block the app from being submitted
    However, if by chance a legitimate applicant is able to complete an application in less than 90 seconds, a call to the Helpdesk will advise the student to wait 47 minutes and they will be able to submit without further delay. In addition, if we find that there are multiple instances of legitimate students encountering the spam prevention error, we can quickly change the time that the error is triggered (hence, configuring the change to meet the needs of colleges and students).
    No action is required by the colleges; however if you would like to discuss the details of this implementation with the CCCApply product manager, please contact Patty Donohue at pdonohue@ccctechcenter.org.

    Back to Top

    In support of AB1741: California College Promise Innovation Grant Program, the CCCApply Online BOG Fee Waiver Application is changing its name to the California College Promise Grant Application (formerly known as the BOG Fee Waiver Application). 

    This entails text changes to the application name only. All onscreen instances of the application name - formerly known as the BOG Fee Waiver Application - will be changed, including the Welcome page, My Applications page, the submission page, and the confirmation screen.
    Check out the new name changes in the Pilot environment between December 15 (release complete at 4:00 PM) and January 12, 2018. The production release is scheduled for January 12, 2018 at 6:00 PM.
    NOTE: The 2018-2019 California College Promise Grant Online Application will be available with the new branding on January 12.
    Image RemovedOut-of-scope changes:
    • No change to the online application URL 
    • No change to the download server URL for BOG
    • No change to any of the data fields that may include "bog" in the data field name, including the BOG eligibility status fields (these are all hidden from students)
    • No change to the onscreen labels in the CCCApply Administrator
    • No change to the onscreen labels and folders in the CCC Report Center

    Back to Top

    Anchornew-data-fieldsnew-data-fieldsChanges to Data Downloads

    Format Fix for Main Phone International & Second Phone International

    The data field format fix specified below pertains to the Main Phone International and Second Phone International data fields that were added to the CCCApply, CC Promise Grant (formerly known as the BOG) and the International Applications in October 2017 (Release 6.1.0). Please note that the format problems reported have been rectified in the database.

    Note

    If you implemented the temporary work-around provided by the CCCApply development team, please read the section "Reversing the Work-Around" very carefully to ensure you have the correct format specified in your download files.

    Description

    Data Field

    Format

    Download-ableAdded to These Application(s)

    Notes

    Main Phone International

    <mainphoneintl>

    Char 25Yes

    Standard App
    Promise Grant (BOG)

    These two new phone number fields are not replacing the current domestic phone number fields (Main Phone & Second Phone); they will need to be downloaded in addition to those existing fields.

    NOTE: If a user enters a non U.S. phone number in the Main Phone field, the new <mainphoneintl> field will store the response and the domestic <mainphone> field will be blank. 
    Note

    Both fields will need to be added to the Standard and Promise Grant applications Format Definition XML files, and you'll need to run the new Download Client Jar file.

    Adding these fields to your downloads is optional. The CCCApply Download Client and all download XML files are backwards compatible.

    Second Phone International<secondphoneIntl>Var Char 25Yes

    Standard App
    Promise Grant App

    Same as above. Info

    Adding New Data Fields to Downloads

    To download the new data fields, your college IT staff must first add them to the Format Definitions XML file(s) and run the updated version of the "transfer-client.jar" file corresponding to this Release (6.1.2). Each application has a corresponding Format Definition XML file, which the college uses to specifies which data fields should be downloaded each time your automated Download Job XML file is run.  This process is described in the CCCApply Download Client User Guide.

    Image Removed

    CCCApply Download Client Jar File for PILOT Release 6.1.2 -  12.15.17

    NOTE: There is no change to the download jar file for Release 6.1.2. This is the same file used for Release 6.1.0.
    In your installed Download Client directory, replace the older files with the new version (v6.1.0) files below:

    The Pilot Environment

    The OpenCCCApply Pilot Environment is a preview and testing site used by colleges to implement the CCCApply applications and the OpenCCC Student Account System. The Pilot environment provides a copy of the production code during the year, except during the 30-Day Pilot Preview period - when it will contain pre-production code for an upcoming release. The Pilot Environment has separate /wiki/spaces/PD/pages/77562106, and different SLAs than the production versions of OpenCCC and CCCApply applications.

    Getting to the Pilot Applications

    Please see the Pilot Environment section in the CCCApply Public Documentation space for more information on getting to the Pilot Applications, pointing your download files to the Pilot download server, and identifying the Pilot Administrator & Report Center URLs.

    PILOT ApplicationNEW PILOT Application URL

    PILOT CCCApply Standard Application URL

    https://pilot.opencccapply.net/cccapply-welcome?cccMisCode=XXX
    *Replace the XXX with your college MIS code.

    PILOT Promise Grant (BOG) Application URL

    https://pilot.bog.opencccapply.net/gateway/bog?cccMisCode=XXX
    *Replace the XXX with your college MIS code.

    PILOT International Application URL

    https://pilot.intl.opencccapply.net/gateway/intl?cccMisCode=XXX

    *Replace the XXX with your college MIS code. 

    Pilot Download URL Attributes

    Include the following URL attributes in your PILOT Job XML files. For more information, refer to the Download Client User Guide for details.

    Application

    PILOT DOWNLOAD URL
    PILOT CCCApply Standard Applicationhttps://pilot.admin.openccc.net:8443/ccctransferPILOT Promise Grant Application (formerly BOG)https://pilot.admin.openccc.net:8443/ccctransferbogPILOT International Application

    https://pilot.admin.openccc.net:8443/ccctransferintl 

    Pilot Administrator & Report Center URLs

    The URLs below are "templates" - so the examples shown are not your URLs. These are provided to give you an example of what yours look like. Please contact your IT department if you do not have access to your Pilot Administrator and Pilot Report Center.

    Pilot Administrator

    https://{yourDomain}/idp/profile/SAML2/Unsolicited/SSO?providerId=https://ci.control.openccc.net/shibboleth&shire=https://ci.control.openccc.net/Shibboleth.sso/SAML2/POST&target=https://ci.control.openccc.net/admin/

    Pilot Report Center

    https://{yourDomain}/idp/profile/SAML2/Unsolicited/SSO?providerId=https://ci.control.openccc.net/shibboleth&shire=https://ci.control.openccc.net/Shibboleth.sso/SAML2/POST&target=https://ci.control.openccc.net/jasperserver-pro/

    Back to Top

    Data Dictionaries & Release
    • Bring all environments to the latest version of the sso proxy code (Version 1.8.0.0
    • A series of user and technical enhancements 
    • A couple of bug fixes



    Release Scope


    Issue Type

    Description 

    		Summary Notes
    Enhancement

    Make student check in eduPersonAffliation case insensitive

    Though the eduPerson specification uses all lower case characters for their eduPersonAffiliation permissible values, e.g. faculty, student, staff, alum, member, affiliate, employee, library-walk-in, some college/district IdPs are sending mixed case, e.g. Student.

    This enhancement converts all eduPersonAffiliation values to lower-case before sending them on as attributes to the downstream SP.

    Enhancement

    Send RelayState Information if configured for the destination IdP

    		This enhancement facilitates MyPath IdP initiated logins through the OpenCCC IdP.  In the case of the OpenCCC IdP only, the Proxy includes the initial RelayState so that information is not lost and can be used to ultimately redirect the user back to MyPath.
    This is a limited use case and should rarely if ever be used by other applications.
    Enhancement

    Add CCCID / eppn mapping when CCCID is passed in SAML

    Currently, if a college/district IdP passes the CCCID as an attribute, it is not added to the eppn-CCCID map. The map is only updated if a CCCID is NOT included and the user is detoured to OpenCCC to retrieve it.

    This enhancement captures CCCIDs sent by the college/district IdPs and adds them to the map so that the map is updated in both cases.

    Enhancement

    Pass MIS codes associated with authsource in authsources_<env>.json as new SAML attribute

    To satisfy this enhancement, the proxy now adds a new SAML attribute,

    https://www.openccc.net/saml/attributes/cccMisCodes

    available to downstream SPs that includes an array of the MisCode(s), e.g. 310, 311, 312, 313, of the authenticated college/district IdP.

    Enhancement

    Include authsource as a SAML attribute

    To satisfy this enhancement, the proxy now adds a new SAML attribute,

    https://www.openccc.net/saml/attributes/cccAuthSource

    available to the downstream SPs that includes an the authsource, e.g. MIS310, of the authenticated college/district IdP.

    Enhancement

    Validate CCCID value passed by College/District IdPs

    The CCCID is defined in OpenCCC to be a string consisting of 3 upper-case characters and 4 numbers from 0-9 inclusive.  Early Proxy testing showed that some college/district IdPs were sending bogus CCCIDs along in the SAML attributes.

    This enhancement implements a basic validation test against the inbound CCCID attribute and, if it fails, detours the user to OpenCCC to recover or create a CCCID in case the attribute was not passed to the proxy.

    EnhancementUpgrade Proxy core to SimpleSAMLphp 1.14.17

    The current release of the SSO Proxy is based on the SimpleSamlPHP core version 1.14.3.  Several security patches have been released since then.

    This enhancement upgrades the SimpleSamlPHP core version to 1.14.17.

    EnhancementChange Proxy to not redirect users with 'student' eduPersonAffliation to OpenCCC if destination SP is Jasper Reports or CCCAdmin

    During initial testing, some college/district personnel are designated in their directory with eduPersonAffiliation values that include student and staff.   If these users try to go through the Proxy to, say the OpenCCC Admin page, and their college/district does not send a CCCID, they are detoured to OpenCCC to retrieve it.

    This enhancement implements a configurable "whitelist" of SP entity IDs that, even if the inbound attributes do not include the CCCID, are excluded from the detour to OpenCCC.  This list is currently limited to OpenCCC Admin and OpenCCC JasperReports.

    NOTE:  12.13.17 - Patty added to the scope of this requirement by expanding the whitelist of SP entity IDs to include additional destinations (Canvas LMS entity IDs for each college, Admin2, Jasper, DW, etc.)

    BUGAlways default to redirect session to Canvas Prod environment after redirecting from OpenCCC

    When testing Canvas integration with the Proxy, it was noted that,

    1. if the initial request was for the Canvas beta site and
    2. if a CCCID was not included in the inbound attributes and therefor the user was detoured to OpenCCC to retrieve it the ultimate destination was the Canvas prod site, even though the initial target was the Canvas beta site.

    This enhancement adds logic to capture the initial destination, prior to the detour, and ultimately redirects the user back to that destination.

    Enhancement

    Change config.php logging from DEBUG to INFO in Prod

    Currently, the Proxy in production is configured with log level DEBUG.  Due to the traffic in production, this results in the log disk partition filling with regularity.

    This enhancement changes the logging configuration for the production environment from DEBUG to INFO to cut down on verbose logging.

    Enhancement

    Update Proxy College IdP Search Page to remove text "Identity Provider" from each college/district that returns in search type ahead box

    On the college picker page of the Proxy, the string "Identity Provider" is appended to the current descriptions for each college/district IdP. This has been deemed confusing to the users.

    This enhancement removes that string.

    EnhancementImplement ability for user to find their college on the Proxy IdP search page even if the college uses a district level IdP

    Currently, if a college rolls up under their district IdP, the college name does not appear in the selection list on the college picker page.

    This enhancement lists every college and, if it rolls up to a district IdP, when it is selected the user is redirected to the district IdP as if they had chosen the district IdP from the selection list.

    EnhancementRemove deprecated configuration parameters from config.phpThis is a de-clutter enhancement to remove deprecated configuration parameters from the Proxy's config.php.  It should not impact any application using the Proxy.
    EnhancementCreate an /index.php landing page for proxy to handle proxy session timeout scenarios

    This enhancement stems from CIP-688.  If a user initially hits the proxy and is redirected to their college/district IdP per the normal flow, if they take longer to authenticate than then timeout set in CIP-688 they will be sent to this Proxy session timeout page.

    EnhancementRevise the student user experience when encountering a session timeoutSome SAML2 SP implementations, including the one used by Course Exchange, honor the SessionNotOnOrAfter attribute which is currently set to to the same duration as the Proxy session timeout.  This enhancement allows us to control that attribute setting independently from the Proxy session timeout.

    Out-of-Scope Development

    Item Description

    		Summary Notes
    Improve error page when user logs in and proxy session has expiredPulled out of the 1.8.0 release–this is a low priority.
    Change Proxy session timeout 

    Pulled this out of the 1.8.0 release due to issues identified during testing in TEST.  This was the quick fix for the session time-out issue.

    Enable Single Logout for CCC Controlled SPs and IDPsPulled this out of the 1.8.0 release due to issues identified during testing in TEST


    Back to Top

    Documentation

    The following links point to the most current versions of the CCCApply Data Dictionaries and User GuidesCCC SSO Proxy documentation.

    Description

    Version

    / FILE

    Format2018-2019 California College Promise Grant Data SpecificationCCPG-V2018PDF2018-20191.12.18CCCApply International Application Data DictionaryV2017.2PDFRelease 6.1.01.12.18CCCApply Download Client User GuideV.2017.2PDFRelease 6.1.0Download Client: transfer-client-V.6.1.0.0V.6.1.0.0JARRelease 6.1.0No change to the download client jar file for Release 6.1.2Pilot EnvironmentWebpage

    Link

    		ReleaseDate Published
    CCCApply Standard Application Data Dictionary

    V2017.2

    PDFRelease 6.1.0
    CCC SSO Federation
    		CSF

    CCC SSO Proxy Integration Steps
    		Steps to Integrate with the CCC SSO Proxy


    Back to Top