TracCloudTechSSO

From Redrock Wiki

Revision as of 15:19, 28 December 2022 by Redrock (talk | contribs)


TracCloud Single Sign-on Configuration
TracCloud supports SAML, CAS, and LDAP for user authentication. Information on each of these options is available below. We can be reached at helpdesk@go-redrock.com

With Redrock Software's Assistance


SAML

To setup SAML authentication, the following steps will need to be completed. At least one of the attributes being sent must match the contents of the username field in your Trac System, typically the first part of the email address. We can also use ID number, full email address, or other unique identifiers, but handle/username is preferred.

1. Install our Metadata

Available here: https://sso.trac.cloud/simplesaml/module.php/saml/sp/metadata.php/trac5-saml

2. Send us your Metadata

Either a URL or an XML file.

3. Send us a test account

This makes implementing SAML on your system significantly faster, but isn't required.

CAS

To setup CAS authentication:

1. Add Redrock as an authorized service

Here is our URL: https://sso.trac.cloud/cas_return.php

2. Send us your CAS settings

  • CAS Login URL
  • CAS Validate URL
  • CAS Logout URL


LDAP

To setup LDAP authentication:

1. Send us your LDAP settings

  • Server Address
  • Port Number
  • Service account name (if applicable)
  • Service account password (if applicable)
  • Base DN

Multiple base DN searches can be performed if needed.


Without Redrock Software's Assistance

If you're comfortable applying changes here and already have the information above, you can put these settings in place with any SysAdmin account. If you're having any trouble with these settings, feel free to reach out to us at helpdesk@go-redrock.com or by submitting a helpdesk ticket. LDAP currently requires additional configuration not available to non-Redrock accounts, reach out to us directly if you plan on using LDAP.


SAML Configuration


Other > Other Options > Preferences > Login & Security Settings > SAML File:5868886.png

1. Install our Metadata

Redrock Metadata: https://sso.trac.cloud/simplesaml/module.php/saml/sp/metadata.php/trac5-saml


2. Fill out SAML settings

  • Trac Return URL
"https://traccloud.go-redrock.com/campuscode/trac/ajax.php?proc=sso_validate"
Replace 'campus code' with your campus code, as seen in your URL. Otherwise static. Must be lowercase.
If using a custom URL, use that in place of traccloud.go-redrock.com/campuscode
  • SAML Relay URL
"https://saml2.go-redrock.com/relay.php"
This is static and never changes.
  • Authentication Order
Your staff may have more than one account type in the Trac System. You can use the "Authentication Order" preference to determine which account type authenticates first.
  • Install your Metadata
File:6tuk56hyttkl68.png
After submitting, your Entity ID field will be populated automatically.


3. Retrieve your attributes

File:6556j67k657kuy.png
Navigate to the provided URL in a Private/Incognito browser and login, you will be provided with a list of attributes and their value for the account that you used. Find the attribute that works for your system (e.g., first part of email address) and copy the name of that attribute into the "Attribute containing unique ID" field in TracCloud. This will need to correspond to the Username fields of accounts in the system.


4. Enable SAML

Enable the toggle option in the top-right corner of your SAML window to enable SAML authentication for future logins.
75kj5yh56j56kj5ryh.png


(Optional) 5. Custom Logout URL

Directly below your SSO options, you will find a field to input a custom logout URL. This is the URL that users will be taken to when exiting the Trac System, typically used to also end their SSO session.
File:4h546ik5rh56k5j5.png

CAS Configuration


Other > Other Options > Preferences > Login & Security Settings > CAS 6231962.png

1. Add Redrock as an authorized service

Here is our URL: https://sso.trac.cloud/cas_return.php

2. Fill out CAS settings

  • CAS Relay URL
"https://sso.trac.cloud/relay.php"
This value is static and should not be changed.
  • Ticket URL
Place your CAS Login URL here.
  • Ticket Param
Typically "ticket"
  • Validate URL
Place your CAS Validate URL here.
  • CAS Version
Typically "2.0"
  • User Name Attribute
Typically "cas:user"
  • Trac Return URL
Place your CAS Logout URL here.
  • Deauth when visiting KIOSK
Kiosks are typically student-facing. If this is checked, it ends the SSO session to prevent a user from navigating to other campus services or even logging back into TracCloud.

3. Enable CAS

Enable the toggle option in the top-right corner of your CAS window to enable CAS authentication for future logins.
J54yh545m56j5j.png