...
| Info |
|---|
As of v2.5.2 and 2.6.0, SSP ships with a IMS LTI Provider implementation which provides effectively equivalent functionality as the mechanism described here, but in a standards-based way such that no custom development is typically required to achieve the same goals. Be sure you have a good reason to rule out the LTI provider before embarking on a implementing a client for the SSO protocol described below. (Even if you're not running 2.5.2+ , or 2.6.0+, back-porting the LTI provider may end up being simpler and certainly cheaper to maintain over the long term than writing a custom "Signed URL SSO" client.) |
...
| No Format | ||
|---|---|---|
| ||
[...]
## SSO Properties
##
org.jasig.portal.security.sso.mvc.SsoController.requireSecure=${environment.build.sso.requireSecure}
org.jasig.portal.security.sso.mvc.SsoController.sharedSecret=${environment.build.sso.sharedSecret}
org.jasig.portal.security.sso.JpaSsoTicketDao.timeToLiveMinutes=${environment.build.sso.ticketTimeToLiveMinutes}
org.jasig.portal.security.sso.mvc.SsoController.checkTimeStampRange=${environment.build.sso.checkTimeStampRange}
org.jasig.portal.security.sso.mvc.SsoController.signedUrlToLiveMinutes=${environment.build.sso.signedUrlToLiveMinutes}
|
Starting with v2.5.2, the environment.build.sso.local.sharedSecret property also needs to be set to a non-empty value in {SSP_CONFIGDIR}/ssp-platform-config.properties. You can choose any value you like and it needn't be terribly complex: a banking-style PIN should be sufficient. If you are also using the LTI integration, a corresponding value needs to be set in SSP configuration. See the LTI provider documentation for more detail.
requireSecure
This setting should be set to true in production. It forces the SSO exchange to take place over SSL. Default is true.
...