Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Overview


As part of the CCC SSO project, a centralized Proxy has been deployed through which secure CCC web applications can centralize authentication requests for students and staff across all CCC colleges. The Proxy then contacts the appropriate "read IDP, such as the OpenCCC IDP system" to complete requests. The goal of this design is to siimplify and accelerate system-wide technology adoption and provide uniform experiences for key users.

Technically speaking, the Proxy is designed to help colleges assert consistent SAML attributes to the various Service Providers within the CCC SSO Federation.

Use Cases

The primary use case is to facilitate locating and sending the student's CCCID SAML attribute when a college does not have that information for their student. If the Proxy discovers that the student's CCCID SAML attribute is not present when attempting to authenticate to a particular CCC web application, it will attempt to find the CCCID associated with the IDPs unique identifier (EPPN) for the student.


If a CCCID is not found, the student will be redirected to the OpenCCC IDP to either recover or create a new OpenCCC account.  Once the account is recovered or created, the CCCID will be cross-referenced to the student's EPPN so that the next time the student attempts to enter the CCC  Federation from their college IDP, the proxy will be find the students CCCID and add it to the SAML attributes presented to the intended CCC Federation service providers.

 

Before You Begin

Before you begin connecting your college to the Proxy, the CCC SSO Federation Readiness Checklist must be completed and submitted to the CCC Technology Center. Basic requirements must be met to ensure consistency within your college or district, as well as within and between the other colleges across the CCC. 

 

 

Setting Up Test Environment

 

 

Connecting to the Proxy

Connecting to the Proxy From Any Secure CCC Application

When your college is ready to integrate with the Proxy, the following tasks must be completed regardless of the CCC application you are implementing:

Connecting to the Proxy from Canvas

 

 

Connecting to the Proxy from MyPath

 

 

Connecting to the Proxy from CCCAssess

 

 

 

 

 



As part of the overall identity federation project, Unicon has configured and deployed a CCC IdP Proxy through which applications available across CCC campuses can centralize authentication requests.  The IdP proxy then contacts the appropriate “real’ IdP to complete requests.  The goal of this design is to simplify and accelerate system wide technology adoption and provide uniform experiences for key users.

 

The IdP Proxy and supporting components are currently operating in three environments, Continuous Integrated (supporting development activities), Test (supporting functional testing), and Pilot (for early stage proof of operations with early adopters).  It will soon be deployed to a Production environment.  In addition to the question of how Unicon will be able to support a critical cog in the CCC infrastructure on a 7x24 basis with very high, e.g. 99.999% availability, several “bigger picture” questions have been raised, primarily by Unicon’s Mike Grady.  Mike is an architect in Unicon’s IAM practice with broad experience deploying IAM solutions to higher ed institutions, including federated identity.


  • No labels