Attributes for the SSO GW: Ellucian


SAML EntityIDs for the SSO GW

There are two instances of the CCC SSO GW that you will want to configure attribute release to, a Pilot and a Production instance. The entityID for each is:

  SSO GW Pilot:  https://sso.pilot.cccmypath.org/simplesaml/module.php/saml/sp/metadata.php

  SSO GW Production: https://sso.cccmypath.org/simplesaml/module.php/saml/sp/metadata.php


Metadata for the SSO GW

You can obtain the needed metadata for the above two SSO GW instances by downloading the CCC Central Metadata feed and looking for the above two entityIDs within it. The other option is to ask the SSO GW administrators for a URL specific to your college/district that would give you metadata for just each of the above two entityIDs. The CCC Central Metadata feed is available at:

   http://saml.cccmypath.org/metadata/ccc-metadata.xml


Configure the Attributes

Make sure you understand and configure all of the following attributes for release to the above entityIDs:

Simple Name and the SAMLv2 name when sent in the SAMLv2 response

Short descriptionSample value(s)Description

eduPersonPrincipalName (EPPN)


urn:oid:1.3.6.1.4.1.5923.1.1.1.6

The primary federated identifier of a given user from a college/district IdP.

jsmith@college.edu

12345678@college.edu


EPPN has the syntax of an email address, but it should be considered a "globally unique federated identifier" rather than an email address. It is generally the most important attribute to be shared with federated services. Note that the value of EPPN does not have to match what the user fills in as their username when they login, and the user does not need to know what their EPPN is, as it is shared between the IdP and the service. It should be unique, rarely change, and not be reassigned to another person.

eduPersonAffiliation

urn:oid:1.3.6.1.4.1.5923.1.1.1.1

Role within the institution
  • staff
  • student
  • member

All of the roles a given person has within the college. This is the only attribute listed here that is intended to have multiple values. All the rest are expected to have a single value.

uid

urn:oid:0.9.2342.19200300.100.1.1

UsernamejsmithThis is usually the value that the user fills in as their username when they login. If you are using AD, the usual attribute you want to use to populate uid is the sAMAccountName attribute.

givenName ..... urn:oid:2.5.4.42

First NameJane

sn (surname) .... urn:oid:2.5.4.4

Last NameSmith

displayName

urn:oid:2.16.840.1.113730.3.1.241

Full name to display

Jane Smith

mail (email)

urn:oid:0.9.2342.19200300.100.1.3

Email Addressjane.smith@college.edu

cccId

https://www.openccc.net/

saml/attributes/cccId


Unique id for a student within the CCC system
The CCCID is a critical attribute for students. If not specified, but required for a portal or service action, the CCCID will be looked up via the EPPN. If no match is found, the action cannot be performed until the user creates a CCCID via the OpenCCC portlet.

Optional Attributes

eduPersonPrimaryAffiliation

urn:oid:1.3.6.1.4.1.5923.1.1.1.5

Primary role at the institution
  • staff
  • student
  • faculty
Must be one of the values specified in eduPersonAffilliation. If the eduPersonAffiliation attribute has many values, the primary affiliation should reflect the role to be associated with services that differentiate based on this value (such as the CCC Portal).

street

urn:oid:2.5.4.9

Street address

303 Mulberry St.


locality .... urn:oid:2.5.4.7CityMetropolis
st .... urn:oid:2.5.4.8

State or Province name

CA
postalCode .... urn:oid:2.5.4.17Postal or zip code12345
homePhone .... urn:oid:0.9.2342.19200300.100.1.20Home Phone Number+1 212 555 1234
mobile .... urn:oid:0.9.2342.19200300.100.1.41Mobile Phone Number+1 775 555 6789