Luminis Consulting

July 15, 2007 | 1 Comment

I’ve been serving as the portal administrator at Plymouth State University since 2003. I headed their conversion from Campus Pipeline to Luminis III.2 in 2004. On May 28th we were (most likely) the first institution to deploy Luminis IV in production.

During this time, one of the most satisfying aspects of my job has been talking with other schools. It has often been my pleasure to talk with schools as they first start working with Luminis, or are doing an upgrade, or are just struggling with something new they would like to do with the platform.

Out of one of these conversations I was fortunate enough to establish a more in depth relationship with the University of San Diego. This eventually turned into a consulting engagement which I enjoyed immensely. I was able to help them get their newly hired portal administrator up to speed as well as assist in a number of small modifications and customizations. It also gave me the chance to visit their beautiful campus.

SunGardHE offers a number of options for consulting engagements, but they are very busy. It can often be difficult to get someone, especially for small things, and more challenging if you want them quickly. This is where I can offer my services as a Luminis Consultant.

To highlight my qualifications a bit more, I have presented on Luminis a number of times: LDI Implementation Case Study at PSU at Summit 2005, Implement and Deploy Banner Channels (top five Summit 2006 presentation), LDI Implementation Tips and Tricks, Alumni are Coming and Drag and Drop Channels/Statistics Gathering (Developers Lounge) at Summit 2006, Implement and Deploy Banner Channels and Extending SSO with CAS at Summit 2007, and more!

As always, I’m happy to talk with any school about any Luminis related topic, if however, you are looking for more than a couple conversations, I am available for consulting.

banner, campus pipeline, cas, channels, consultant, consulting, higher ed, higher education, integration, ldi, luminis, resume, single sign on, sso, summit, sungard, sungardhe, yalecas

Tags: , , , , , , , , , , , , , , , , ,

Related:

Posted by zbtirrell | Filed Under Technology Bits 

CAS Frappr Map

January 16, 2007 | 1 Comment

CAS is by far my favorite Web ISO solution. In the past I have posted about it’s popularity at other institutions.

Along those lines is this cool Frappr map of CAS deployments worldwide.

authentication, cas, frappr, frappr map, google maps, identity management, maps, sso, web iso, web sso, webiso, websso, yale cas, yalecas

Tags: , , , , , , , , , , , , ,

Related:

Posted by zbtirrell | Filed Under Technology Bits 

Summit 2007 Presentation Proposals

October 11, 2006 | 1 Comment

It’s that time of year again. I’ve updated my bio and tweaked a few of the proposals I’ve submitted in previous years. I’m submitting fewer this year than past years as many of my responsibilities in the past year have swayed away from Luminis, reducing it’s core status in my workload.

My Title: Portal Administrator and Senior Web Developer

My Bio:
Zach Tirrell is from Plymouth State University in northern New Hampshire. Zach is both portal administrator and senior web developer for the institution. The main areas of his concentration revolve around integrating systems and identity management, Luminis has become a perfect enabler of this. He is often looking to get just a bit more out of Luminis than what is delivered. In the past couple years Zach has become increasingly involved with Summit events. At Summit 2005, Zach presented “LDI Implementation Tips and Tricks”. This presentation was repeated at Summit 2006 as well as a new presentation, “Implement and Deploy Banner Channels”, which was voted in the top 5 by attending reviewers. While at Summit 2006, Zach also co-presented “Alumni Are Coming! Luminis ROI”. Finally, he hosted an informal session in the Luminis Developer’s Lounge where he covered statistics tracking and drag and drop channels within Luminis.

Implement and Deploy Banner Channels
Banner 7 comes with a huge pile of exciting new channels. These channels greatly leverage the relationship between Luminis and Banner, however, implementation is complicated and deployment even more so. Banner channels are fantastic, but they need to be rolled out carefully. Plymouth State University has already run this gauntlet, come hear some of the concerns and pitfalls so you can avoid them yourself.
This is a repeat from last year

Collecting Luminis Statistics
By leveraging the underlying UPortal infrastructure, learn how to take advantage of RDBMSStatsRecorder to generate detailed numbers on who is logging in, logging out, how often, and by role. These numbers are supplemented with other third party statistic tracking utilities. You can then use these numbers to better understand how effective your portal strategy is. Tracking user adoption and growth over time becomes essential to decision making about the portal.

Extending SSO - CAS in Luminis
One of the most common WebISO solutions is the Central Authentication Service (CAS) developed by Yale. In Luminis III.2 CAS became available as an installable module. Learn how to get CAS installed, configured, and where it might fit in your organization. See how Plymouth State University has leveraged the phpCAS libraries to CAS’ify all their internally developed PHP web applications as well as a few third-party ones. What’s best, it only takes a couple lines of code!
This topic is for technical audiences

banner, banner channels, cas, channel, channels, luminis, portal, portal administrator, RDBMSStatsRecorder, single sign on, sso, summit, sungard, sungardhe, web developer, yalecas

Tags: , , , , , , , , , , , , , , ,

Related:

Posted by zbtirrell | Filed Under Technology Bits 

Leveraging CAS with Luminis

March 28, 2006 | 4 Comments

In SunGard Higher Education's Luminis product one of the many add-on packages you can install is CAS support. CAS is an acronym for Central Authentication Service. This WebISO solution is one of the most common in higher education. CAS was created originally by Yale, but ongoing support has been taken over by JA-SIG. When the CAS package is installed in Luminis, it makes Luminis act as a CAS authentication provider. Coupled with this built-in Luminis support, we use a CAS library called phpCAS that adds to the simplicity of deploying this within our environment.

Time and again, CAS has been proven an effective and simple way for us to quickly drop authentication ability into our homegrown PHP applications. Once a function was developed, this was easily reused across dozens of applications within a few short months. The ease of deployment made it easy to convince various developers to switch from custom authentication schemes.

In a PHP application on any of the servers in your environment you can do something like the following:

PLAIN TEXT
PHP:
  1. <?php
  2.  
  3. function casify()
  4. {
  5.     // import phpCAS lib (http://esup-phpcas.sourceforge.net/)
  6.     include_once($GLOBALS['INCLUDES'].'/cas/CAS.php');
  7.  
  8.     // initialize phpCAS
  9.     phpCAS::client(CAS_VERSION_2_0,'luminis.institution.edu',443,'cas/');
  10.  
  11.     // check CAS authentication
  12.     phpCAS::forceAuthentication();
  13.  
  14.     // at this step, the user has been authenticated by the CAS server
  15.     // and the user's login name can be read with phpCAS::getUser().
  16.  
  17.     return phpCAS::getUser();
  18. }
  19.  
  20.  
  21. $username = casify();
  22.  
  23. // nothing past the execution of casify() would occur without acquiring a valid CAS ticket
  24.  
  25. ?>

Note: the preceding code is an example. There is more sophisticated functionality that can be accomplished using CAS, this is merely a starting point for people interested in this WebISO technology.

cas, development, education, higher education, identity management, jasig, luminis, php, phpcas, security, sungard, sungard higher education, web development, yale, yalecas

Tags: , , , , , , , , , , , , , ,

Related:

Posted by zbtirrell | Filed Under Technology Bits 

Summit 2006 Presentation Proposals

October 3, 2005 | 2 Comments

I finally put together all my material to submit proposals for Summit presentations. I looked back at what we've been doing in the portal this year and the following is what I came up with. Overall it's been a busy year, I was surprised to come up with as many as I did.

My Title: Portal Administrator and Senior Web Developer

My Bio
Zach Tirrell is from Plymouth State University in northern New Hampshire. Zach is both portal administrator and senior web developer for the institution. The main areas of his concentration revolve around integrating systems and identity management, Luminis has become a perfect enabler of this. He is often looking to get just a bit more out of Luminis than what is delivered.

Collecting Stats in Luminis
By leveraging the underlying UPortal infrastructure, learn how to take advantage of RDBMSStatsRecorder to generate detailed numbers on who is logging in, logging out, how often, and by role. You can then use these numbers to better understand how effective your portal strategy is. Tracking user adoption and growth over time becomes essential to decision making about the portal.
This presentation is for technical audiences.

YaleCAS in Luminis
One of the most common WebISO solutions is the Central Authentication Service developed by Yale (YaleCAS). In Luminis III.2 CAS became available as an installable module. Learn how to get YaleCAS installed, configured, and where it might fit in your organization. See how Plymouth State University has leveraged the phpCAS libraries to CAS'ify all their internally developed PHP web applications as well as a few third-party ones. What's best, it only takes a couple lines of code!
This presentation is for technical audiences.

Luminis and Identity Management
While deploying Luminis, or maybe immediately after, lots of questions arise related to identity management. Are you using a central authentication point like LDAP or Active Directory? How do technologies like CPIP or YaleCAS fit into your authentication scheme? What applications should and can use SSO? Are you centrally managing authorization? Is shibboleth something you should be thinking about? How is your password policy? What's you level of assurance on accounts you have assigned? All these questions and more will be discussed. Come prepared for lots of crowd participation.

LDI Implementation Tips and Tricks
Plymouth State University is starting to reap the rewards of its integrated campus portal strategy. PSU started its Banner migration in 2001, deployed Campus Platform 3 with its legacy SIS in 2002, publicly deployed Banner in 2003, and in 2004 with the migration to Luminis and implementation of LDI for eLearning, has finally reached "critical mass." Luminis provides the infrastructure and LDI provides the glue that connects Banner, WebCT, the library, and other services. The presentation details Plymouth State University's implementation and discusses the problems and solutions we faced along the way, with an emphasis on LDI and Luminis. Plymouth State has used this technology to realize the benefits of a unified digital campus.
This is a repeat from last year

Implement and Deploy Banner Channels
Banner 7 comes with a huge pile of exciting new channels. These channels greatly leverage the relationship between Luminis and Banner, however, implementation is complicated and deployment even more so. Banner channels are fantastic, but they need to be rolled out carefully. Plymouth State University has already run this gauntlet, come hear some of the concerns and pitfalls so you can avoid them yourself.

summit, sungard, sungardsct, sct, luminis, banner, php, cas, yalecas, sso, webiso, channel, channels, integration, integrate, integrated, plymouth state university, Zachary Tirrell, Tirrell, Zach Tirrell, identity management, ldap, active directory, portal, campus portal

Tags: , , , , , , , , , , , , , , , , , , , , , , , ,

Related:

Posted by zbtirrell | Filed Under Technology Bits 

Single Sign-Out and Session Management

August 10, 2005 | 6 Comments

When dealing with portals we all get very excited about single sign-on (SSO), but I think we often forget single sign-out or overall session management. The end user really gets the main visual benefit from SSO, so this is what I find myself concentrating on. Yet, if somehow connections to external systems are not addressed when a user logs out, you have a potential security problem.

So, the apparently easy solution is to set things up so all sessions on externally connected systems are destroyed when a user logs out. But what if the user wants one of the external systems open? Personally I think that one is easy too, they learn from experience that all connected systems are logged out.

But, what if they don't explicitly log out, but rather their session expires from inactivity? You certainly don't want to log someone out of an external system when they might in fact be active in that external system. This leads to the need to be able to make a call which checks with the external system to see if a user is still active in that system. Then the portal can extend its timeout to wait for the external system.

In a perfect world, an external system could log a user out on demand and could also return some sort of last activity for the user in their system. We don't live in a perfect world. Very few systems are likely to understand how to do these two things straight out of the box. This leaves us trying to find some reasonable middle ground on an application by application basis.When we consider all these things and determine a way to accomplish this, we are no longer talking about single sign-out but complete session management. Just logging someone out is single sign-out, logging someone out conditionally and handling timeouts intelligently is session management. Obviously a well integrated external system will employ session management.

In our environment we have recently been opting for YaleCAS (or just CAS) as a solution to integrate all homegrown external systems. The phpCAS library we use does not do session management appropriately. Luckily we should be able to modify it to make this all work out.

For other systems we use Campus Pipeline Integration Protocol (CPIP). CPIP is far more complex that CAS, but does allow for complete session management. So for now, we need to use CPIP for important, secure apps, and be aware of the limitations of CAS.

cas, cpip, identity management, phpcas, security, session management, single sign on, single sign out, sso, yalecas, authentication, authn

Tags: , , , , , , , , , , ,

Related:

Posted by zbtirrell | Filed Under Technology Bits 

Luminis Developers Network

June 21, 2005 | Leave a Comment

Logo-Hover-1Those who know me already know I work for Plymouth State University in Plymouth, NH. My unofficial title is Web Developer and I spend a lot of time developing web applications for internal audiences. In addition to my development duties, I also specialize in integrating separate software systems. Enter the portal. Most of my work revolves around one product, Luminis made by SunGard SCT. This portal solution is based off the open-source product UPortal. Our implementation is dubbed myPlymouth.
On to my point... Doing development for myPlymouth on the Luminis platform became far more interesting in December of last year when Jon Wheat of Messiah College created the Luminis Developers Network (aka LDN, aka LumDev). Suddenly I had a whole community of developers doing similar jobs as me, wanting to enhance to product in similar way, and with an easy way to collaborate on these efforts.

My excitement about LDN has caused me to shamelessly promote the site on many occasions. In Hawaii at Summit, in Boston during a presentation, as well as in every communication I've had with anyone even remotely interested in Luminis.

Anyway, I post on LDN often and in the future will likely syndicate my posts here. The following bulleted list summarizes the posts I originated there.

- Syndicating LDN in Luminis III.2 (12/20/04) - my first post, I found it ironic that the LDN RSS did not properly syndicate inside Luminis. Jon got it fixed though.
- Statistics (1/21/05) - as I began researching a way to get stats, I requested ideas on how to accomplish this.
- Classifieds Channel - How To (1/27/05) - step by step instructions on how to get the UPortal communities "Classifieds Channel" implemented in Luminis.
- My Calendar Channel (2/20/05) - a request for info on how to hack the delivered calendar channel
- Summit '05 Lum Dev Meetup (3/2/05) - a request to meetup with anyone from LDN who was interested while I was in Hawaii. (I ended up meeting a few and recruiting more. For related escapades, register at LDN and read these comments)
- Luminis Statistics from Uportal (4/12/05) - an overview of how to extract statistics from the underlying UPortal infrastructure.
- YaleCAS (4/18/05) - implementation details and excitement about YaleCAS, a great tool for SSO integration with homegrown apps, especially PHP based apps using phpCAS.
- Site Demos/Guest Logins (5/2/05) - a request for demo logins from the community
- CampusEAI Consortium (6/7/05) - a question to the community about CampusEAI. I'm still curious about this.
- Northeast SCT Luminis Recruitment/Business Case (6/10/05) - summarizes the presentation I attended and presented in recently in Boston.

Obviously I've also commented on a ton of other people's posts, but that is less necessary for me to summarize. Though I will occasionally post summaries of other posts I find particularly intriguing.

luminis, portal, sct, sso, sungardsct, uportal, yalecas, cas, integration, higher education

Tags: , , , , , , , , ,

Related:

Posted by zbtirrell | Filed Under Technology Bits