TechAuthentication

SAML requires some communication between your campus authentication server and the Redrock SAML Proxy server.

1) Your AdvisorTrac/TutorTrac software must be updated to the Feb 2019 version or later.

2) Please provide Redrock with your campus metadata (or the HTTP-POST URL).

3) Here is the Redrock Metadata link: https://saml2.go-redrock.com/simplesaml/module.php/saml/sp/metadata.php/trac4-saml

• download and install our metadata into your SSO software.

4) We will need a test student account.

5) SAML Attribute:

• Send username, email address, or student ID as an attribute.
• The name of the attribute can be whatever your system uses. (examples: username, student id, email, sAMAccountName, personprincipal, name id, PersonID)
• The attribute needs to be a unique identifier for the student account (preferably the username).
• The attribute must be a value that we can match with the TutorTrac student or instructor account.

6) SAML Response to Redrock:

• can be signed
• can be encrypted
  • can be transient or persistent
  • Our SAML setup is for SP (Service Provider) initiated with Redrock as the SP.

- We have plans to support IdP (Identity Provider) initiated in the future, rollout date is TBD.

7) Your TutorTrac/AdvisorTrac URL must be reachable (without VPN credentials). Redrock IP must be whitelisted.

• Redrock SAML Proxy IP: saml2.go-redrock.com (63.224.138.136), ports 80 and 443

• Redrock Tech Support IP: go-redrock.com (63.224.138.155), ports 80 and 443

8) Your TutorTrac/AdvisorTrac URL must use SSL (https://TracSystem.campus.edu)

9) After the end user is finished using AdvisorTrac/TutorTrac, we can re-direct to a webpage that you specify. Please provide the exact link address (for example https://mycampus.edu).

10) Please schedule a time to test SAML configuration.

This is an example of a single bind LDAP test:

2) For your system to use LDAP, Redrock will require some information about your system that will be used to generate an LDAP binding script that runs when a user attempts to log in. Please send an email to helpdesk@go-redrock.com with the following information:

• LDAP Server address
• Base DN
• Format of username
• Username of lookup account (for double-bind setups)
• Port Number (typically 389 or 636)
• Encrypted (true or false)
• Search Criteria (Leave as cn=NOTAUSER unless doing a double bind)

Once you send Redrock the necessary information, a team member will implement a binding script on your server and contact you once completed.

1) You will create your own weblink to the CAS portal page.

2) Redrock will need a test student account to test with.

3) Redrock needs your CAS service links:

• Login URL (example: https://mycampus.school.edu/cas/login )
• Logout URL (example: https://mycampus.school.edu/cas/logout )
• Validate URL (example: https://mycampus.school.edu/cas/serviceValidate )

4) Redrock needs the CAS XML Attribute containing username (it is usually cas:user).

5) Redrock will need to put a few settings in place.

6) Schedule a time to test with us.