From Redrock Wiki

Authentication Options

To use campus credentials (Single Sign-on or SSO) to sign into your Trac System, there are a few choices. Our preferred authentication method is SAML, but you may also use CAS, LDAP or Microsoft Azure. Shibboleth may be used, but only when it has a SAML or CAS front end. Please see below for more detailed technical information.
SAML Authentication
Redrock tech support and your campus IT contact will need to work together to set up SAML Authentication.

SAML requires some communication between your campus authentication server and the Redrock SAML Proxy server.

1) Your AdvisorTrac/TutorTrac software must be updated to the Feb 2019 version or later.

2) Please provide Redrock with your campus metadata (or the HTTP-POST URL).

3) Here is the Redrock Metadata link:

  • download and install our metadata into your SSO software.

4) We will need a test student account.

5) SAML Attribute:

  • Send username, email address, or student ID as an attribute.
  • The name of the attribute can be whatever your system uses. (examples: username, student id, email, sAMAccountName, personprincipal, name id, PersonID)
  • The attribute needs to be a unique identifier for the student account (preferably the username).
  • The attribute must be a value that we can match with the TutorTrac student or instructor account.

6) SAML Response to Redrock:

  • can be signed
  • can be encrypted
    • can be transient or persistent
    • Our SAML setup is for SP (Service Provider) initiated with Redrock as the SP.

- We have plans to support IdP (Identity Provider) initiated in the future, rollout date is TBD.

7) Your TutorTrac/AdvisorTrac URL must be reachable (without VPN credentials). Redrock IP must be whitelisted.

  • Redrock SAML Proxy IP: (, ports 80 and 443
  • Redrock Tech Support IP: (, ports 80 and 443

8) Your TutorTrac/AdvisorTrac URL must use SSL (

9) After the end user is finished using AdvisorTrac/TutorTrac, we can re-direct to a webpage that you specify. Please provide the exact link address (for example

10) Please schedule a time to test SAML configuration.

LDAP Authentication
1) The Trac system provides an LDAP test page that can be accessed from your main menu. Simply click on the Trac Man icon, then on Utilities and Prefs. There you will find a tab labeled “LDAP Tool”. Fill out the form with values provided to you by your system administrator and click test. A green response is good, a red is bad.

This is an example of a single bind LDAP test:

2) For your system to use LDAP, Redrock will require some information about your system that will be used to generate an LDAP binding script that runs when a user attempts to log in. Please send an email to with the following information:

  • LDAP Server address
  • Base DN
  • Format of username
  • Username of lookup account (for double-bind setups)
  • Port Number (typically 389 or 636)
  • Encrypted (true or false)
  • Search Criteria (Leave as cn=NOTAUSER unless doing a double bind)

Once you send Redrock the necessary information, a team member will implement a binding script on your server and contact you once completed.

CAS Authentication

1) You will create your own weblink to the CAS portal page.

2) Redrock will need a test student account to test with.

3) Redrock needs your CAS service links:

  • Login URL (example: )
  • Logout URL (example: )
  • Validate URL (example: )

4) Redrock needs the CAS XML Attribute containing username (it is usually cas:user).

5) Redrock will need to put a few settings in place.

6) Schedule a time to test with us.

← Previous Page Next Page →