Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 27 Next »

Overview

The CCC SSO Initiative provides single sign-on capabilities colleges and districts allowing their student population to to authenticate to online initiatives such as MyPath, Common Assessment or Canvas using the same login credentials used to log into other services at the college or district.

Single sign-on is achieved by colleges or districts implementing a SAML2 compliant Identity Provider such as Shibboleth, PortalGuard or the Ellucian Identity Service.

MyPath, Common Assessment and Canvas are statewide initiatives that require a common identifier for students that may attend multiple community colleges.  The CCCID, the statewide student identifier established in OpenCCC is the common identifier that will be used across initiatives.


Use of the CCCID requires that colleges or districts pass the CCCID to MyPath, Canvas etc as a SAML attribute in the authorization request from their SAML identity provider.

Colleges that participate in CCCApply have the capability of downloading a CCCID as part of the application download process for a student.  Many colleges that download the CCCID from CCCApply store the CCCID in the student's SIS or Active Directory account which allows them to easily pass CCCID as a SAML attribute.  Colleges that do not use Apply, colleges with students that applied previously to or outside of CCCApply, or colleges that choose not to store the CCCID are unable to pass the CCCID as a SAML attribute.

Because the CCCID is a requirement for participating in the statewide initiatives, the SSO proxy was introduced as a means to associate a CCCID with a Identity Provider authorization request when the CCCID is not available to the college at authorization time.

This CCCID achieved by the SSO proxy intercepting the authorization request, determining if a CCCID was passed as a SAML attribute, and prompting the student to either create a new or recover an existing OpenCCC account if a CCCID was not included in the request.


The following scenarios demonstrate what user experience the student will face depending on the colleges ability to pass a CCCID as a SAML attribute.  These particular scenarios focus on a student logging into MyPath from a College website, but the same experience would be true for Common Assessment or Canvas.

Scenario One - College Passes CCCID as SAML attribute.

Rose Reeves is a student at College A.  Rose used CCCApply to apply to College A and College A downloaded the CCCID as part of their CCCApply application download process.

College A was able to store the CCCID in Rose's Active Directory Account which enabled College A's IDP to send the CCCID as one of the SAML attributes.

Because the IDP was able to send the CCCID as a SAML attribute, the CCCID is directly passed to MyPath without any further interaction by the student.

Step 1

Rose clicks on "MyPath Login" from the College A website.

Step 2

College A's Identity Provider login page is displayed.

Rose enters her college userid and password and clicks "Login"


Step 3

The proxy detects that the CCCID was passed as a SAML attribute and authenticates Rose to MyPath without any further interaction.


Scenario Two

John Demo is a long time student at College A prior to CCCApply.  Because College A never downloaded an application for John Demo, College A's IDP was unable to retrieve the CCCID from John Demo's Active Directory account. 

Because College A's IDP was unable to send the CCCID as a SAML attribute, the SSO proxy will direct John Demo to OpenCCC where John can retrieve his existing CCCID account if he has one, or create a new OpenCCC account.

Step 1

John selects "MyPath Login" from the College A website.

Step 2

College A's Identity Provider login page is displayed.

John enters his college userid and password and clicks "Login"

Step 3

The SSO proxy detects that no CCCID SAML attribute was sent with the authentication request.

The SSO proxy redirects John to OpenCCC where John can either login with his existing OpenCCC account, recover his OpenCCC account, or create a new OpenCCC account.

John selects "Create a new Account"

Step 4

John is directed to the Create Your OpenCCC Account.

John selects "Begin Creating My Account"

Step 5

John creates an OpenCCC Account

Step 6

Account creation is complete.

John is asked to remember his OpenCCC username and password

John clicks "Continue"

Step 7

John logs into OpenCCC with the username and password defined in the previous steps.

At this point the SSO Proxy remembers the CCCID for future logins.

Step 8

John is directed to the MyPath main page.

Scenario Three

Because John Demo was directed by the SSO proxy to create a new OpenCCC account in the previous scenario, the SSO proxy "remembered" the CCCID associated with John Demo's College A login account.

Because the SSO Proxy remembered John Demo's CCCID, he will not be required to create or recover his CCCID on all new login attempts to MyPath via the College A's IDP


Step 1

John clicks on "MyPath Login" from the College A website.

Step 2

College A's Identity Provider login page is displayed.

John enters his college userid and password and clicks "Login"


Step 3

John is directed to the MyPath main page.


  • No labels