Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

 

No Format
principalToken.root=userName
credentialToken.root=password

To this:

No Format
principalToken.root=
credentialToken.root=

Once you're able to sort out the conflict so everything is as it was before, but with expanded comments and the unset of the "root" token config as shown above, you'll need to make sure your existing authentication provider configuration still works. In almost all SSP deployments this entails creating a token config pair for each configured LDAP security context. I.e. for every row in security.properties of the form:

No Format
root.<suffix>=org.jasig.portal.security.provider.SimpleLdapSecurityContextFactory

You will need a corresponding:

No Format
principalToken.root.<suffix>=userName
credentialToken.root.<suffix>=password

For example, if your configuration currently includes:

No Format
root.ldap_student=org.jasig.portal.security.provider.SimpleLdapSecurityContextFactory
root.ldap=org.jasig.portal.security.provider.SimpleLdapSecurityContextFactory

Then you need to add the following:

No Format
principalToken.root.ldap=userName
credentialToken.root.ldap=password
 
principalToken.root.ldap_student=userName
credentialToken.root.ldap_student=password

4 - Review Maven settings.xml

Historically you might have configured a Maven repository "blacklist" in <USER_HOME>/.m2/settings.xml to work around broken dependency downloads (ehcache especially). SSP-2634 should obviate such blacklisting, so if you haven't added it already, there should be no reason to do so. If you've already created a blacklist, it is entirely up to you whether or not to leave it in place.

5 - Inbound SSO

If you are using SSP's now-legacy "Signed-URL" mechanism for inbound SSO, you will find that feature disabled unless you make two configuration changes.

In $SSP_CONFIGDIR/ssp-config.properties set ssp_platform_sso_ticket_service_shared_secret to a non-empty value. It does not need to be particularly complex. Something resembling an ATM PIN is fine.

Set that same value in $SSP_CONFIGDIR/ssp-platform-config.properties as environment.build.sso.local.sharedSecret

This configuration will also enable the SSP LTI Provider implementation, which as of 2.5.2 is now the preferred mechanism for point-to-point inbound SSO. Complete LTI configuration instructions are included in that feature's documentation.

 

Warning

If you are upgrading an environment, you should delete or change the passwords for the uPortal users created for demonstration purposes. This can be done through the user interface: Manage Users ->  Find an Existing User -> [Enter user ID from list below] -> [Click result] -> Delete or Edit, then change password. Demo users:

  • advisor0
  • ken
  • student0
  • student1

This is only necessary for upgrades. A fresh 2.5.2 install will not create these users.

A fresh install should also either change the admin user's password or add some other user to the Portal Administrators group and delete the admin user.

 

v2.5.2 JIRA Issues

Bugs

  • [SSP-2623] - Navigating to Early Alert tool decrements EA count in caseload/search results
  • [SSP-2636] - STRENGTHS Permissions not implemented in UI
  • [SSP-2648] - Caseload/Watch/Search navigation broken for users having access to search only
  • [SSP-2650] - LTI Provider - Default timestamp expiry is too short
  • [SSP-2651] - LTI Provider - Live launch error messages rendered in browser as raw HTML
  • [SSP-2654] - DOB search results incorrect before 01/01/1970
  • [SSP-2656] - Missing 'enter' keypress handlers on most search filter fields
  • [SSP-2657] - DOB field validation doesn't prevent search execution
  • [SSP-2660] - Print action plan button does not respond
  • [SSP-2663] - Tools except Main Tool Do Not have currentPerson Loaded
  • [SSP-2667] - person_filtered perms should not have access to Coaching History report
  • [SSP-2668] - 404 error when school id not found in add student
  • [SSP-2669] - Email coach link inactive for person_filtered perms
  • [SSP-2670] - Exception Thrown On Instant Caseload Save
  • [SSP-2671] - Instant Caseload Does not Initialize Tool
  • [SSP-2672] - SearchPerson.js Model Potential Improper Update of Name
  • [SSP-2673] - Tool Not removed if External Student Selected but not Assigned
  • [SSP-2676] - Console error after adding a student via quick add
  • [SSP-2677] - Email Student failure for person_filtered
  • [SSP-2678] - Selected student header bar not populated after canceling Caseload Add/Edit form
  • [SSP-2680] - LtiSspUserFieldNames.js loaded out of band
  • [SSP-2686] - MAP plan edit locked
  • [SSP-2687] - Caseload column-data alignment problem
  • [SSP-2688] - Program Status Name not updated after Quick Add
  • [SSP-2693] - Journal Steps are missing from the Student view
  • [SSP-2694] - external person sync not completing
  • [SSP-2695] - Liquibase for add refresh_mv_directory_person/blue on SQL Server
  • [SSP-2697] - Inactive CL appear in Action Plan custom task
  • [SSP-2698] - SSP portlets disabled if http://www.tuckey.org unavailable
  • [SSP-2702] - Program status name not reflected in Main after student Quick Add
  • [SSP-2703] - Search Results returns records with inactive associations
  • [SSP-2704] - Hard-coded dbo schema references
  • [SSP-2710] - Program status transitions error out with invalid subquery result
  • [SSP-2712] - Bulk coach reassign errors out if more than one student selected
  • [SSP-2713] - Add student not in external data via UI doesn't add to directory
  • [SSP-2714] - Directory update triggers break on bulk writes to some tables
  • [SSP-2716] - Coaching History doesn't work unless in Main
  • [SSP-2718] - Directory search queries scroll entire result set to get result set size
  • [SSP-2721] - Integrate patched CAS filter
  • [SSP-2724] - Improved default security.properties configuration
  • [SSP-2726] - Unit tests do not compile

...