Clearly, this is a work in-progress.
Overview
The purpose of the California Community Colleges Single Sign-on Federation (CCC SSO) is to provide secure, scalable, and integrated technology solutions for the California Community Colleges that take advantage of economies of scale and facilitated by governance from the colleges themselves. The CCC SSO Federation offers a common framework for shared management of access to CCC resources and secure web applications. .
Through partnership with the InCommon Federation, college Identity Providers can give their users single sign-on convenience and privacy protection, while online Service Providers control access to their protected resources.
Table of Contents maxLevel 3 minLevel 2 absoluteUrl true
Federated Identity Management
Federated Identity allows the sharing of information about users from one secure domain to the other organizations in a federation. This allows for cross-domain single sign-on and removes the need for content providers to maintain user names and passwords. Identity providers (IdP) supply user information, while service providers (SP) consume this information and give access to secure content.
What is Single Sign On (SSO)?
Single Sign On (SSO) is a session and user authentication process that permits a user to enter one username and password - one time - in order to access multiple applications without having to sign-in to each application separately. For example, when CCC students are configured for SSO, they can login to one application, such as MyPath, the Student Services Portal, and then access multiple different web applications, such as Canvas Course Management System (CMS), CCCAssess, and CCCApply, without having to login separately to each of the applications.
The SSO process involves authentication and authorization. Authentication is a confirmation that the person logging in is the person they claim to be. Authorization is a confirmation that the logged-in person is authorized to access a particular "resource" (i.e. MyPath Portal, etc.). The Tech Center has implemented a CCC IdP Proxy process to facilitate streamline integration for current and future applications.
Why implement SSO?
Implementing an SSO solution is a requirement of the CCC SSO Federation and allows participating California Community Colleges to take full advantage of the products and services offered by the CCC Technology Center (CCCTC) by allowing students, faculty, and staff to access statewide web-based information technology applications via a single sign-on account.
The benefits of SSO include
CCC SSO Federation
The CCC SSO Federation is a shared federation of CCC colleges.College College applicants, students, staff and faculty will be using the Student Portal, Report Center, Hobsons and Canvas as well as other CCC managed and external services.
...
Requirements for SSO Federation
Colleges participating To participate in the CCC SSO Federation, colleges will be required to implement a SAML-compliant Identity Provider (IdP), become a member of the InCommon Federation; and integrate with the CCC IdP Proxy service, in order to facilitate the full benefits of system-wide single sign-on connectivity for students, staff and faculty across all secure CCC applications.
Optional implementations, but highly recommended, include integration of the College Adapter tool with your student information system to facilitate real-time abc for xyz.
Also recommended is the implementation of MyPath, the Student Services Portal, which serves as the gateway for steamlined user access to all systemwide technology applications for students with single sign-on connectivity.
What is Single Sign On (SSO)?
Single Sign On (SSO) is a session and user authentication process that permits a user to enter one username and password - one time - in order to access multiple applications without having to sign-in to each application separately. For example, when CCC students are configured for SSO, they can login to one application, such as MyPath, the Student Services Portal, and then access multiple different web applications, such as Canvas Course Management System (CMS), CCCAssess, and CCCApply, without having to login separately to each of the applications.
The SSO process involves authentication and authorization. Authentication is a confirmation that the person logging in is the person they claim to be. Authorization is a confirmation that the logged-in person is authorized to access a particular "resource" (i.e. MyPath Portal, etc.). The Tech Center has implemented a CCC IdP Proxy process to facilitate streamline integration for current and future applications.
Why implement SSO?
Implementing an SSO solution is a requirement of the CCC SSO Federation and allows participating California Community Colleges to take full advantage of the products and services offered by the CCC Technology Center (CCCTC) by allowing students, faculty, and staff to access statewide web-based information technology applications via a single sign-on account.
The benefits of SSO include
In addition, any vendor applications, such as Canvas and Hobsons, will also need to connect to the proxy in order to facilitate single sign-on to those applications, while passing the required attributes for access and reporting (i.e.,, CCCID, EPPN, various OpenCCC Account fields, etc.)
Required:
- SAML-compliant IdP
- Membership with InCommon Federation
- IdP Proxy Integration to CCC Applications
- IdP Proxy integration to Canvas, Hobsons/Starfish, Others
Optional implementations, but highly recommended:
- Integration with the CCC College Adapter (under-development)
- MyPath Student Services Portal
- CCCAssess
- EMSI Career Coach
- Canvas CMS
- Hobsons/Starfish Degree Audit Systems
Integrating with CCC Applications
...
A CCCID is a unique student-identifier generated when an individual creates an OpenCCC account, enabling secure, single sign-on access to admissions applications and other systemwide web-based services. The CCCID is commonly created during the admissions application process known as CCCApply, however, any existing student can (and should) be encouraged to create an OpenCCC account and thus create their own CCCID, explained Lou Delzompo, Chief Technology Officer of the CCC Technology Center.
CCCID
A CCCID is generated when a student sets up an OpenCCC account and commonly passed to the college in the CCCApply data download.
CCCID is then stored in the college’s SIS or college LDAP/Active Directory
CCCID is passed as an attribute from the college’s IdP to the systemwide applications SP (i.e. Canvas, CCCAssess, MyPath, etc.)
CCCID is used by the systemwide application to identify the student.
Supported IdP Solutions
To participate in the CCC SSO Federation, colleges must implement an Identity Provider solution that meets the minimum requirements of the Federation. The CCC Tech Center currently supports Shibboleth and Portal Guard identity provider software solutions for student, staff, and faculty SSO. Colleges using an alternate solution should review the CCC SSO Federation IdP System Requirements page to ensure your solution is meeting the requirements necessary to integrate with CCC system-wide applications and the CCC IdP Proxy.
- Shibboleth IdP V3
- Portal Guard IdP
Anchor Shibboleth-IdP Shibboleth-IdP
What is Shibboleth IdP?
| Shibboleth-IdP | |
| Shibboleth-IdP |
Shibboleth Identity Provider Software is a single sign-on (SSO) login system that is among the world's most widely deployed federated identity systems and is a supported SSO solution of the CCC SSO Federation. It allows sign in using just one identity (username and password), connecting users to applications both within and between federations of organizations and institutions.
The Shibboleth Internet2 middleware initiative created an architecture and open-source implementation for identity management and federated identity based authentication and authorization (or access control) infrastructure based on Security Assertion Markup Language (SAML).
What is Portal Guard IdP?
Portal Guard Identity Provider Software is a single sign-on (SSO) login system, similiar to Shibboleth, however...
What is the InCommon Federation?
...
For more information on CCC IdP Proxy, please refer to CCC IdP SSO Proxy Technical Implementation Guide.
...