SSP v2.5.3 Release Notes

Owned by Jason Elwood
Last updated: Nov 21, 2014
5 min read

SSP v2.5.3 General Release Announcement

 

Released on November 21, 2014. The release is primarily a patch set for bugs identified in v2.5.1 and v2.5.2.  Implementers are strongly encouraged to update to v2.5.3 to correct core functionality in Caseload and Search.

Release Highlights

 

There are no external database schema changes in this release

Fresh Installation Instructions

See SSP v2.5.3 Installation Instructions

Upgrade Instructions

Upgrading Source Code Forks

See SSP Source Code Upgrade Process

Additional Upgrade Steps

 

It is important to first follow the steps in the Release Notes for v2.5.1 and v2.5.2.

The SSP development team is not aware of any SSP deployments integrated with CAS, but this release includes two security-related patch sets specifically targeted at CAS integrations:

  • SSP-2721 - Scrubs certain CAS-specific request parameters. The changes and effects are detailed in the uPortal project.  No work should be required to enable the patch, but you may want to review that document to better understand the CAS-related configuration changes included in this release.
  • SSP-2724 - Works around what amounts to a CAS-specific session hijacking vulnerability. The changes and effects are detailed in the uPortal project and the <platform-src>/uportal-war/src/main/resources/properties/security.properties file includes greatly expanded comments describing recommended configuration changes. You will likely want to review the email thread and changes to that file whether or not you use CAS. The new defaults may interfere with your existing authentication provider integrations, especially AD/LDAP. SSP-specific details below.

 

1 - Adjustments to Single Sign-On (SSO) Person Lookup Filtering

  1. This upgrade step ONLY applies to implementers that source person attributes from AD/LDAP AND end users may have more than one entry among all the searchable AD/LDAP branches currently configured in SSP Platform.  There are multiple steps to properly configure the lookup filtering as described below.  

    1. <platform-src>/uportal-war/src/main/resources/properties/contexts/personDirectoryContext.xml - Each LDAP DAO requires a line similar to the following in its resultAttributeMapping map:

      <entry key="distinguishedName"><value>distinguishedName</value></entry>

In all cases the <value> must be 'distinguishedName'. The key might be directory-specific. E.g. in Apache DS, the correct config is:

<entry key="entryDN"><value>distinguishedName</value></entry>



    2. Make distinguishedName visible. Run this command from <platform-src> (all one line) to import the updated permissions:

      SSP_CONFIGDIR=/path/to/ssp/config ant -Dmaven.test.skip=true
-Dfile=uportal-war/src/main/data/ssp_entities/permission_set/Everyone__VIEW_USER_ATTRIBUTE__distinguishedName.permission-set.xml
data-import



    3. <ssp-config-dir>/ssp-platform-config.properties - Specify the filtering strategy as described by comments in <platform-src>/uportal-war/src/main/resources/properties/ssp-platform-config.default.properties.  As noted in those comments, if you choose PreferredBaseDnPersonAttributesFilter or RequiredBaseDnPersonAttributesFilterbe sure to specify the prioritized DN. E.g. for an imaginary and very simple directory.

      # Spring pseudo-URL pointing to a Groovy implementation of IPersonAttributesFilter
# suitable for filtering person directory lookups for end users hitting the
# portal via the /sso API. OOTB options:
#
#   classpath:org/jasig/portal/portlets/lookup/NoOpPersonAttributesFilter.groovy - Default. Does nothing.
#
#   classpath:org/jasig/portal/portlets/lookup/RequiredBaseDnPersonAttributesFilter.groovy - Limits directory search
#      results to only those persons associated with the baseDn configured by an additional property set in this
#      file. E.g. to limit SSO to users in the 'faculty' branch of an imaginary LDAP directory:
#
#        environment.build.sso.personFilteringBaseDn=ou=faculty,o=persondir
#
#      For this to work, personDirectoryContext.xml DAOs must be configured to expose a logical attribute named
#      'distinguishedName'

#   classpath:org/jasig/portal/portlets/lookup/PreferredBaseDnPersonAttributesFilter.groovy - Similar to
#      RequiredBaseDnPersonAttributesFilter but allows results not associated with
#      environment.build.sso.personFilteringBaseDn. I.e. if an end user has multiple directory entries with the same
#      environment.build.sso.personDirectoryUuidAttributeName (see below) and that attribute is being used as the
#      lookup key, choose the entry associated with environment.build.sso.personFilteringBaseDn, if any. Otherwise
#      return all results (which may result in an error downstream). Use this is you want to allow SSO for
#      users in a variety of base DNs, but need a policy for narrowing down entries for certain users.
#
# If none of these strategies work for your deployment, you can define a custom strategy without forking Platform
# source by defining your Groovy-implemented IPersonAttributesFilter anywhere that can be referenced by a Spring
# pseudo-URL. If you define a file: URL, changes to the script will be picked up automatically without requiring
# an app server restart. E.g.:
#
#  environment.build.sso.personFilteringScript=file:/opt/sspconfig/MyPersonAttributesFilter.groovy
#
environment.build.sso.personFilteringScript=classpath:org/jasig/portal/portlets/lookup/NoOpPersonAttributesFilter.groovy


  2. Update the java api in uPortal

    Once the code branch has been pulled into the local repository, the Platform API must be built prior to deploying SSP Platform as shown below:

    cd <SSP-Platform source>/uportal-java-api
mvn clean install

SSP v2.5.3 JIRA Issues

Bugs

  • [SSP-2638] - Unplanning a course does not re-validate plan/template
  • [SSP-2639] - Canceling course plan drag/drop can plan course in an unexpected term
  • [SSP-2641] - Race condition in MAP Plan/Template validation API calls
  • [SSP-2732] - Sorting in Caseload Reassignment clear results
  • [SSP-2733] - Directory search current term calculation logic does not match in-app logic
  • [SSP-2746] - Early Alert Case Count report total closed % incorrect
  • [SSP-2747] - Early Alert message template contains an undefined variable
  • [SSP-2752] - CSV output has bad formatting for Counselor Case Management Report
  • [SSP-2756] - Incorrect program status in some reports
  • [SSP-2758] - Malformed report CSV output
  • [SSP-2761] - MyGPS logout from within Self Help Guide errors out
  • [SSP-2772] - LTI Provider - Unpredictable Platform account filtering when launching user not identified by username
  • [SSP-2774] - NPE in Counselor Case Management report if student has a null external_student_transcript_term.credit_hours_attempted
  • [SSP-2779] - Reports not excluding inactive associations
  • [SSP-2782] - 'Number of Plans by Owner' queries created_by rather than owner_id
  • [SSP-2783] - MAP reports depend on presence of On/Off plan reports
  • [SSP-2785] - MAP 'Number of Plans by Course' report file misnamed
  • [SSP-2786] - External data specs incorrectly refer to external_substitutable_courses instead of external_substitutable_course
  • [SSP-2800] - EA reports apply date filters to associated persons
  • [SSP-2814] - UI failure after navigating out of MAP
  • [SSP-2820] - Noticeable lag when leaving MAP
  • [SSP-2832] - sent_from_address and sent_reply_to_address fields are too short
  • [SSP-2847] - external_term.start_date and end_date allow nulls on SQLServer
  • [SSP-2853] - external_person_planning_status.status allows nulls on SQLServer
  • [SSP-2871] - Incorrect external_substitutable_course column names in spec
  • [SSP-2873] - Typo in external_student_financial_aid column spec
  • [SSP-2882] - Main Tool Student Information Disappears on Navigation
  • [SSP-2901] - Username length in Add/Edit A Student
  • [SSP-2968] - Program and Tag MAP facets sorted unpredictably
  • [SSP-2969] - Make MAP edit dialogs modal or ensure destruction on navigation events
  • [SSP-2970] - Elective sort order ignored
  • [SSP-2971] - Elective admin list view resorted by sortOrder DESC after reordering rows
  • [SSP-2977] - MAP elective admin drag and drop
  • [SSP-3002] - Duplicate sent to email values
  • [SSP-3004] - EA/EAR created despite error message complaining about missing email addresses
  • [SSP-3009] - Maven release plugin pushes SNAPSHOT version with tag
  • [SSP-3013] - Platform unit tests fail, preventing release
  • [SSP-3014] - Unit test compilation error
  • [SSP-3015] - API integration tests fail

Improvements

  • [SSP-2245] - Don't require markup in Referral links
  • [SSP-2594] - Display Referral name in Action Plan 'Add' form
  • [SSP-2659] - Modal MAP dialogs
  • [SSP-2742] - LTI Provider - Allow Platform user lookup by primaryEmailAddress
  • [SSP-2770] - Upredictable Platform account filtering when SSOing user not identified by username
  • [SSP-2868] - Make Action Plan email dialog modal and ensure cleanup on Action Plan tool destruction

Tasks

  • [SSP-2940] - Update license headers for Jasig->Apereo copyright change
  • [SSP-3008] - Bump jasig-parent version for uportal-java-api
  • [SSP-3010] - Bump platform API dependency
  • [SSP-3012] - Fix SCM coordinates in Platform pom