...
SSP-2721 is a patch for implementers who integrate SSP with CAS for end user authentication. Details of the changes and effects are detailed in the uPortal project. No work should be required to enable the patch, but you may want to review that document to better understand the CAS-related configuration changes included in this release. This patch was also included in SSP 2.4.2, so if you are upgrading from that version, you may already be familiar with this issue and it is particularly unlikely any additional work will be necessary.
3 - Review security.properties
changes - **Important: AD logins might not work following upgrade.**
SSP-2724 is also a patch for implementers who integrate SSP with CAS for end user authentication. The changes and effects are detailed in the uPortal project. This patch was also included in SSP 2.4.2, so if you are upgrading from or through that version, you may already be familiar with this issue and it is unlikely any additional work specific to 2.5.2 will be necessary.
...
No Format |
---|
principalToken.root=userName credentialToken.root=password |
To this:
No Format |
---|
principalToken.root= credentialToken.root= |
Once you're able to sort out the conflict so everything is as it was before, but with expanded comments and the unset of the "root" token config as shown above, you'll need to make sure your existing authentication provider configuration still works. In almost all SSP deployments this entails creating a token config pair for each configured LDAP security context. I.e. for every row in security.properties
of the form:
No Format |
---|
root.<suffix>=org.jasig.portal.security.provider.SimpleLdapSecurityContextFactory |
You will need a corresponding:
No Format |
---|
principalToken.root.<suffix>=userName credentialToken.root.<suffix>=password |
For example, if your configuration currently includes:
No Format |
---|
root.ldap_student=org.jasig.portal.security.provider.SimpleLdapSecurityContextFactory root.ldap=org.jasig.portal.security.provider.SimpleLdapSecurityContextFactory |
Then you need to add the following:
No Format |
---|
principalToken.root.ldap=userName credentialToken.root.ldap=password principalToken.root.ldap_student=userName credentialToken.root.ldap_student=password |
4 - Review Maven settings.xml
Historically you might have configured a Maven repository "blacklist" in <USER_HOME>/.m2/settings.xml
to work around broken dependency downloads (ehcache especially). SSP-2634 should obviate such blacklisting, so if you haven't added it already, there should be no reason to do so. If you've already created a blacklist, it is entirely up to you whether or not to leave it in place.
5 - Inbound SSO
If you are using SSP's now-legacy "Signed-URL" mechanism for inbound SSO, you will find that feature disabled unless you make two configuration changes.
In $SSP_CONFIGDIR/ssp-config.properties
set ssp_platform_sso_ticket_service_shared_secret
to a non-empty value. It does not need to be particularly complex. Something resembling an ATM PIN is fine.
Set that same value in $SSP_CONFIGDIR/ssp-platform-config.properties
as environment.build.sso.local.sharedSecret
This configuration will also enable the SSP LTI Provider implementation, which as of 2.5.2 is now the preferred mechanism for point-to-point inbound SSO. Complete LTI configuration instructions are included in that feature's documentation.
Warning |
---|
If you are upgrading an environment, you should delete or change the passwords for the uPortal users created for demonstration purposes. This can be done through the user interface:
This is only necessary for upgrades. A fresh 2.5.2 install will not create these users. A fresh install should also either change the |
v2.5.2 JIRA Issues
Bugs
- [SSP-2623] - Navigating to Early Alert tool decrements EA count in caseload/search results
- [SSP-2636] - STRENGTHS Permissions not implemented in UI
- [SSP-2648] - Caseload/Watch/Search navigation broken for users having access to search only
- [SSP-2650] - LTI Provider - Default timestamp expiry is too short
- [SSP-2651] - LTI Provider - Live launch error messages rendered in browser as raw HTML
- [SSP-2654] - DOB search results incorrect before 01/01/1970
- [SSP-2656] - Missing 'enter' keypress handlers on most search filter fields
- [SSP-2657] - DOB field validation doesn't prevent search execution
- [SSP-2660] - Print action plan button does not respond
- [SSP-2663] - Tools except Main Tool Do Not have currentPerson Loaded
- [SSP-2667] - person_filtered perms should not have access to Coaching History report
- [SSP-2668] - 404 error when school id not found in add student
- [SSP-2669] - Email coach link inactive for person_filtered perms
- [SSP-2670] - Exception Thrown On Instant Caseload Save
- [SSP-2671] - Instant Caseload Does not Initialize Tool
- [SSP-2672] - SearchPerson.js Model Potential Improper Update of Name
- [SSP-2673] - Tool Not removed if External Student Selected but not Assigned
- [SSP-2676] - Console error after adding a student via quick add
- [SSP-2677] - Email Student failure for person_filtered
- [SSP-2678] - Selected student header bar not populated after canceling Caseload Add/Edit form
- [SSP-2680] - LtiSspUserFieldNames.js loaded out of band
- [SSP-2686] - MAP plan edit locked
- [SSP-2687] - Caseload column-data alignment problem
- [SSP-2688] - Program Status Name not updated after Quick Add
- [SSP-2693] - Journal Steps are missing from the Student view
- [SSP-2694] - external person sync not completing
- [SSP-2695] - Liquibase for add refresh_mv_directory_person/blue on SQL Server
- [SSP-2697] - Inactive CL appear in Action Plan custom task
- [SSP-2698] - SSP portlets disabled if http://www.tuckey.org unavailable
- [SSP-2702] - Program status name not reflected in Main after student Quick Add
- [SSP-2703] - Search Results returns records with inactive associations
- [SSP-2704] - Hard-coded dbo schema references
- [SSP-2710] - Program status transitions error out with invalid subquery result
- [SSP-2712] - Bulk coach reassign errors out if more than one student selected
- [SSP-2713] - Add student not in external data via UI doesn't add to directory
- [SSP-2714] - Directory update triggers break on bulk writes to some tables
- [SSP-2716] - Coaching History doesn't work unless in Main
- [SSP-2718] - Directory search queries scroll entire result set to get result set size
- [SSP-2721] - Integrate patched CAS filter
- [SSP-2724] - Improved default security.properties configuration
- [SSP-2726] - Unit tests do not compile
...