TracCloud: Single Sign-On: Difference between revisions
From Redrock Wiki
No edit summary |
No edit summary |
||
Line 8: | Line 8: | ||
We can be reached at [mailto:helpdesk@go-redrock.com helpdesk@go-redrock.com] | We can be reached at [mailto:helpdesk@go-redrock.com helpdesk@go-redrock.com] | ||
<hr> | |||
'''With Redrock Software's Assistance''' | |||
<hr> | <hr> | ||
==SAML== | ==SAML== | ||
Line 52: | Line 54: | ||
Multiple base DN searches can be performed if needed. | Multiple base DN searches can be performed if needed. | ||
<hr> | <hr> | ||
'''Without Redrock Software's Assistance''' | |||
If you're comfortable applying changes here and already have the information above, you can put these settings in place with any SysAdmin account. If you're having any trouble with these settings, feel free to reach out to us at [mailto:helpdesk@go-redrock.com helpdesk@go-redrock.com] or by [https://go-redrock.kayako.com submitting a helpdesk ticket]. | |||
<HR> | |||
==SAML== | |||
<i>Other > Other Options > Preferences > Login & Security Settings > SAML</i> | |||
[[File:5868886.png|800px]]<br><br> | |||
<big>1. Install our Metadata</big> | |||
::Redrock Metadata: https://sso.trac.cloud/simplesaml/module.php/saml/sp/metadata.php/trac5-saml | |||
<big>2. Fill out SAML settings</big> | |||
:* <b>Trac Return URL</b> | |||
:::"<span style="color:red"><nowiki>https://traccloud.go-redrock.com/CampusCode/trac/ajax.php?proc=sso_validate</nowiki></span>" | |||
:::Replace 'CampusCode' with your campus code, as seen in your URL. Otherwise static. | |||
::If using a custom URL, use that in place of traccloud.go-redrock.com/CampusCode | |||
:* <b>SAML Relay URL</b> | |||
:::"<span style="color:red"><nowiki>https://saml2.go-redrock.com/relay.php</nowiki></span>" | |||
:::This is static and never changes. | |||
:* <b>Authentication Order</b> | |||
:::Your staff may have more than one account type in the Trac System. You can use the "Authentication Order" preference to determine which account type authenticates first. | |||
:* <b>Install your Metadata</b> | |||
:::[[File:6tuk56hyttkl68.png|500px]] | |||
:::After submitting, your Entity ID field will be populated automatically. | |||
<big>3. Retrieve your attributes</big> | |||
:[[File:6556j67k657kuy.png|500px]] | |||
:Navigate to the provided URL in a Private/Incognito browser and login, you will be provided with a list of attributes and their value for the account that you used. Find the attribute that works for your system (e.g., first part of email address) and copy the name of that attribute into the "Attribute containing unique ID" field in TracCloud. This will need to correspond to the Username fields of accounts in the system. | |||
<big>4. Enable SAML</big> | |||
:Enable the toggle option in the top-right corner of your SAML window to enable SAML authentication for future logins. | |||
:[[File:75kj5yh56j56kj5ryh.png|800px]] | |||
<big>(Optional) 5. Custom Logout URL</big> | |||
:Directly below your SSO options, you will find a field to input a custom logout URL. This is the URL that users will be taken to when exiting the Trac System, typically used to also end their SSO session. | |||
:[[File:4h546ik5rh56k5j5.png|800px]] | |||
<HR> | |||
==CAS== | |||
<i>Other > Other Options > Preferences > Login & Security Settings > CAS</i> | |||
[[File:53754iu576h4j343.png|800px]] | |||
<br><br> | |||
<big>1. Add Redrock as an authorized service</big> | |||
:Here is our URL: https://sso.trac.cloud/cas_return.php | |||
<big>2. Fill out CAS settings</big> | |||
:* <b>CAS Relay URL</b> | |||
:::"<span style="color:red"><nowiki>https://sso.trac.cloud/relay.php</nowiki></span>" | |||
:::This value is static and should not be changed. | |||
:* <b>Ticket URL</b> | |||
:::Place your CAS Login URL here. | |||
:* <b>Ticket Param</b> | |||
:::Typically "<span style="color:red">ticket</span>" | |||
:*<b>Validate URL</b> | |||
:::Place your CAS Validate URL here. | |||
:*<b>CAS Version</b> | |||
:::Typically "<span style="color:red">2.0</span>" | |||
:*<b>User Name Attribute</b> | |||
:::Typically "<span style="color:red">cas:user</span>" | |||
:*<b>Trac Return URL</b> | |||
:::Place your CAS Logout URL here. | |||
<big>3. Enable CAS</big> | |||
:Enable the toggle option in the top-right corner of your CAS window to enable CAS authentication for future logins. | |||
:[[File:J54yh545m56j5j.png|800px]] | |||
<HR> | |||
==LDAP== | |||
LDAP currently requires additional configuration not visible to SysAdmins. Reach out to us for assistance if using LDAP. | |||
|} | |} |
Revision as of 14:58, 8 March 2022
TracCloud Technical Documentation
|
TracCloud Single Sign-on Configuration TracCloud supports SAML, CAS, and LDAP for user authentication. Information on each of these options is available below. We can be reached at helpdesk@go-redrock.com With Redrock Software's Assistance SAMLTo setup SAML authentication, the following steps will need to be completed. At least one of the attributes being sent must match the contents of the username field in your Trac System, typically the first part of the email address. 1. Install our Metadata 2. Send us your Metadata
3. Send us a test account
CASTo setup CAS authentication: 1. Add Redrock as an authorized service
2. Send us your CAS settings
LDAPTo setup LDAP authentication: 1. Send us your LDAP settings
Multiple base DN searches can be performed if needed. Without Redrock Software's Assistance If you're comfortable applying changes here and already have the information above, you can put these settings in place with any SysAdmin account. If you're having any trouble with these settings, feel free to reach out to us at helpdesk@go-redrock.com or by submitting a helpdesk ticket. SAMLOther > Other Options > Preferences > Login & Security Settings > SAML
File:5868886.png 1. Install our Metadata
CASOther > Other Options > Preferences > Login & Security Settings > CAS
File:53754iu576h4j343.png
2. Fill out CAS settings
3. Enable CAS
LDAPLDAP currently requires additional configuration not visible to SysAdmins. Reach out to us for assistance if using LDAP. |