This document is being worked on as we speak.
Overview
The purpose of the California Community Colleges Single Sign-on Federation (CCC SSO) is to provide secure, scalable, and integrated technology solutions for the California Community Colleges that take advantage of economies of scale and facilitated by governance from the colleges themselves. The CCC SSO Federation offers a common framework for shared management of access to CCC resources and secure web applications. .
Through partnership with the InCommon Federation, college Identity Providers can give their users single sign-on convenience and privacy protection, while online Service Providers control access to their protected resources.
Table of Contents maxLevel 3 minLevel 2 absoluteUrl true
Federated Identity Management
Federated Identity allows the sharing of information about users from one secure domain to the other organizations in a federation. This allows for cross-domain single sign-on and removes the need for content providers to maintain user names and passwords. Identity providers (IdP) supply user information, while service providers (SP) consume this information and give access to secure content.
What is Single Sign On (SSO)?
Single Sign On (SSO) is a session and user authentication process that permits a user to enter one username and password - one time - in order to access multiple applications without having to sign-in to each application separately. For example, when CCC students are configured for SSO, they can login to one application, such as MyPath, the Student Services Portal, and then access multiple different web applications, such as Canvas Course Management System (CMS), CCCAssess, and CCCApply, without having to login separately to each of the applications.
The SSO process involves authentication and authorization. Authentication is a confirmation that the person logging in is the person they claim to be. Authorization is a confirmation that the logged-in person is authorized to access a particular "resource" (i.e. MyPath Portal, etc.). The Tech Center has implemented a SSO proxy process to facilitate streamline integration for current and future applications.
Why implement SSO?
Implementing an SSO solution is a requirement of the CCC SSO Federation and allows participating California Community Colleges to take full advantage of the products and services offered by the CCC Technology Center (CCCTC) by allowing students, faculty, and staff to access statewide web-based information technology applications via a single sign-on account.
The benefits of SSO include
CCC SSO Federation
The CCC SSO Federation is a shared federation of CCC colleges. College applicants, students, staff and faculty will be using the Student Portal, Report Center, Hobsons and Canvas as well as other CCC managed and external services.
...
Some key functions of the CCCID:
- The CCCID is generated when a student sets up an OpenCCC account and commonly passed to the college in the CCCApply data download.
- The CCCID is then stored in the college’s SIS or college LDAP/Active Directory
- The CCCID is passed as an attribute from the college’s IdP to the systemwide applications SP (i.e. Canvas, CCCAssess, MyPath, etc.)
- The CCCID is used by the systemwide application to identify the student.
Anchor Shibboleth-IdP Shibboleth-IdP
What is Shibboleth IdP?
| Shibboleth-IdP | |
| Shibboleth-IdP |
Shibboleth Identity Provider Software is a single sign-on (SSO) login system that is among the world's most widely deployed federated identity systems and is a supported SSO solution of the CCC SSO Federation. It allows sign in using just one identity (username and password), connecting users to applications both within and between federations of organizations and institutions.
...
To participate in the CCC SSO Federation, colleges must implement a SAML-compliant Identity Provider (IdP) solution that meets the minimum requirements of the Federation. The CCC Tech Center currently supports Shibboleth and Portal Guard IdP solutions for student, staff, and faculty SSO. Colleges using an alternate solution should review the SSO Proxy IdP Requirements to ensure your solution is meeting the requirements necessary to integrate with CCC system-wide applications.
What is Portal Guard IdP?
Portal Guard Identity Provider Software is a single sign-on (SSO) login system, similiar to Shibboleth, however...
What is the InCommon Federation?
InCommon, operated by Internet2, provides a trust fabric for higher education, their vendors, and partners to facilitate single sign on from local campus accounts. InCommon also operates a related assurance program, and offers security certificate and multi-factor authentication services.
What are the benefits of joining InCommon?
The InCommon Federation
...
enables Identity Providers (
...
IdPs), such as colleges/districts, and Service Providers (
...
SP), such as CCC and vendor applications, to work together to manage access to protected resources, such as student user data. InCommon participant sites use federation-enabled software products, such as the Shibboleth suite or other products supporting the Security Assertion Markup Language (SAML) to accomplish this.
...
Is it a requirement to join InCommon?
To facilitate our federated identity initiative to allow single sign-on access to all systemwide technology offerings, it is highly recommended that colleges/districts join InCommon Federation in order to secure your protected resources and CCCCO and the CCC Technology Center have put together an agreement for InCommon Membership for all California Community Colleges to be paid centrally moving forward. Ongoing funding for this effort is a part of the Technology Initiatives for Student Success funded by the legislature.
What are the benefits of joining InCommon?
Through InCommon, Identity Providers can give their users single sign-on convenience and privacy protection, while online Service Providers control access to their protected resources. In addition, college/district members can also take advantage of:
- Immediate savings on security certificates
- Single Sign-On for Higher Education vendors
- Single Sign-On for CCC system-wide technology offerings
What is the agreement made between CCC and
...
InCommon?
To facilitate our SSO federated identity initiative to allow single sign-on access to all systemwide technology offerings, CCCCO CCCCO and the CCC Technology Center have put together an agreement for InCommon Membership for all California Community Colleges to be paid centrally moving forward. Ongoing funding for this effort is a part of the Technology Initiatives for Student Success funded by the legislature. Colleges/districts that have already joined InCommon may be eligible for a reimbursement of this year's membership fees. For all details, please see Joining InCommon Federation.
What does your college/district have to do to join InCommon?
Joining InCommon Federation requires your college/district to identify one or more Site Admins who will be responsible for registering your college/district IdP metadata with the InCommon repository. The process to join InCommon and register your metadata can take place at any time. For all details, please see Joining InCommon Federation.
SSO Proxy
The SSO proxy is a centralized proxy service through which secure CCC web applications can centralize authentication requests for students and staff across all CCC colleges. amd help colleges assert consistent SAML attributes to the various Service Providers within the CCC SSO Federation.
...