Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 22 Next »

Overview

The CCC SSO Initiative provides single sign-on capabilities colleges and districts allowing their student population to to authenticate to online initiatives such as MyPath, Common Assessment or Canvass using the same login credentials used to log into other services at the college or district.

Single sign-on is achieved by colleges or districts implementing a SAML2 compliant Identity Provider such as Shibboleth, PortalGuard or the Ellucian Identity Service.

MyPath, Common Assessment, Canvass are statewide initiatives that require a common identifier for students that may attend multiple community colleges.  The CCCID, the statewide student identifier established in OpenCCC is the common identifier that will be used across initiatives.


Use of the CCCID requires that colleges or districts pass the CCCID to MyPath, Canvas etc as a SAML attribute in the authorization request from their SAML identity provider.

Colleges that participate in CCCApply have the capability of downloading a CCCID as part of the application download process for a student.  Many colleges that download the CCCID from CCCApply store the CCCID in the student's SIS or Active Directory account which allows them to easily pass CCCID as a SAML attribute.  College that do not use Apply, colleges with students that applied previously to or outside of CCCApply, or colleges that choose not to store the CCCID are unable to pass the CCCID as a SAML attribute.

Because the CCCID is a requirement for participating in the statewide initiatives, the SSO proxy was introduced as a means to associate a CCCID with a Identity Provider authorization request when the CCCID is not available to the college at authorization time.

This CCCID achieved by the SSO proxy intercepting the authorization request, determining if a CCCID was passed as a SAML attribute, and prompting the student to either create a new or recover an existing OpenCCC account if a CCCID was not included in the request.



The CCC online initiatives such as MyPath, Common Assessment require

Scenario One

Rose Reeves is a student at College A.  Rose used CCCApply to apply to College A and College A downloaded the CCCID as part of their CCCApply Application Download.

College A was able to put the CCCID in Rose's Active Directory Account which enabled College A's IDP to send the CCCID as one of the SAML attributes.

Because the IDP was able to send the CCCID as a SAML attribute, the CCCID is directly passed to MyPath without any further interaction by the student.


  1. Login at College Site
    1. Select MyPath
  2. College IDP is displayed
    1. login as Rose Reeves (rreves)
    2. click "Login"
  3. MyPath is displayed


Logs In at IDP

MyPath is displayed


Scenario Two

John Demo is a long time student at College A prior to CCCApply.  Because College A never downloaded an application for John Demo, College A's IDP was unable to retrieve the CCCID from John Demo's Active Directory account. 

Because College A's IDP was unable to send the CCCID as a SAML attribute, the SSO proxy will direct John Demo to OpenCCC where John can retrieve his existing CCCID account if he has one, or create a new OpenCCC account.


  1. Login at College Site
    1. Select MyPath
  2. College IDP is displayed
    1. login as John Demo (jdemo)
    2. click "Login"
  3. OpenCCC is displayed
    1. Select "Create New Account"
  4. OpenCCC Create account is displayed
    1. Click "Begin Creating My Account"
    2. Entered the information for a new account with username JOHNDEMO
  5. OpenCCC Account Create Screen is displayed
    1. Click "Continue"
  6. OpenCCC Login Page is displayed
    1. enter user id/password that was just created
    2. Click "Login"
  7. MyPath is displayed


IDP 

OpenCCC

Create Start

Create Page 1

Scenario Three

Because John Demo was directed by the SSO proxy to create a new OpenCCC account in the previous demonstration, the SSO proxy "remembered" the CCCID associated with John Demo's College A login account.

Because the SSO Proxy remembered John Demo's CCCID, he will not be required to create or recover his CCCID on all new login attempts to MyPath via the College A's IDP


  1. Login at College Site
    1. Select MyPath
  2. College IDP is displayed
    1. login as John Demo (jdemo)
    2. click "Login"
  3. MyPath is displayed





  • No labels