Difference between revisions of "TechAuthentication"

From RedrockWiki
Jump to: navigation, search
(Created page with "<!-- table for the whole page --> {| style="width:100%; vertical-align:top; " <!-- include the TOC as a template in the first column --> | style="width:250px; vertical-align:...")
(No difference)

Revision as of 16:11, 11 July 2019

Tech Documentation

Introduction
Terms and Definitions
Installation Options
Server Requirements
Windows Installation
Installation Directory
Data Execution Prevention
Install as a Service
Internet Information Services (IIS)
SSL Encryption
Set Up the Mail Server
Authentication Options
Student and Course Imports
Authentication Options

To use campus credentials for single sign-on for TutorTrac, there are a few choices. Our preferred method is SAML, but you may also use CAS or LDAP. (Shibboleth may be used, but only when it has a SAML or CAS front end.)
SAML Authentication
  • We will need to work together to set up SAML Authentication.
  • We will need a test student account to test with.
  • SAML Authentication requires additional set up by Redrock Software and your campus.
  • SAML requires some communication between your campus authentication server and the Redrock SAML Proxy server.
  • Please provide Redrock with your campus metadata.
  • Here is the link to get Redrock Metadata: https://saml2.go-redrock.com/simplesaml/module.php/saml/sp/metadata.php/trac4-saml


LDAP Authentication
Step 1:

The Trac system provides an LDAP test page that can be accessed from your main menu. Simply click on the Trac Man icon, then on Utilities and Prefs. There you will find a tab labeled “LDAP Tool”. Fill out the form with values provided to you by your system administrator and click test. A green response is good, a red is bad.

This is an example of a single bind LDAP test:


Step 2:

For your system to use LDAP, Redrock will require some information about your system that will be used to generate an LDAP binding script that runs when a user attempts to log in. Please send an email to helpdesk@go-redrock.com with the following information:

  • LDAP Server address
  • Base DN
  • Format of username
  • Username of lookup account (for double-bind setups)
  • Port Number (typically 389 or 636)
  • Encrypted (true or false)
  • Search Criteria (Leave as cn=NOTAUSER unless doing a double bind)

Once you send Redrock the necessary information, a team member will implement a binding script on your server and contact you once completed.

Step 3a – Single Bind:

For single-bind authentication, your setup is complete!

Step 3b – Double Bind:

For double-bind authentication, you will need to create three advanced preferences. The steps to do so are:

Log in using an account with sysadmin privileges. Click on the Trac Man icon, then on Utilities and Prefs Click “Advanced Prefs” Click “Create New” Type “LDAPname” (without quotes) in the top field, and your lookup account username in the bottom field, then hit save. Click “Create New” Type “LDAPpass” (without quotes) in the top field, and your lookup account password in the bottom field, then hit save. Click “Create New” Type “newLDAP” (without quotes) in the top field, and “yes” (without quotes) in the bottom field, then hit save.

CAS Authentication
  • You will create your own weblink to the CAS portal page.
  • We will need a test student account to test with.
  • We need your link for the CAS Service Validator Location. It is typically formatted https://mycampus.school.edu/cas/serviceValidate.
  • We need the CAS XML Attribute containing username (it is usually cas:user).


← Previous Page Next Page →