Purpose

This form provides the ability to define configuration overrides for different profiles

SubSystem

Callista Connect

This form provides the ability to define configuration overrides for different profiles (for example, Staff Member, Award Student, CPA Student). A separate URL will be defined for each profile.

Default Self Serve User Password Rule button

This button at the bottom of the block, navigates to the Maintain Rule form (RULF2000), where the rule for deriving default passwords is specified.

The rule syntax enables the default password to be derived from elements of the user's Date Of Birth, their Person ID or a string. Combinations of these options may also be used.

Self Serve User Eligibility Rule button

This button at the bottom of the block, also navigates to the Maintain Rule form (RULF2000), where the rule for defining eligibility of users to access secure Callista Connect applications is specified.

i. This rule is used by the system when the authentication method CALLISTA ID is used and the user does not have a Self Serve User Record. If the user does not satisfy the rule check they are prevented from accessing secure applications.

ii. The System also automatically deletes a person's Self Serve User Record when they no longer satisfy the requirements of the eligibility rule, thus denying them access to secure applications. For example, if the rule specifies that Callista Connect users must have a Course Attempt with a status of ENROLLED, INACTIVE or INTERMIT, the System will delete a person's Self Serve User Record if the Course Attempt changes status to COMPLETED, LAPSED, DISCONTIN or UNCONFIRM.

iii. The rule syntax enables user eligibility to be defined in terms of :

• At least one course attempt of <defined statuses>, or
• At least one admission course application of <defined outcomes statuses> and offer response of <defined statuses>; or
• Surname matches a specified value.

Transaction Management

This three check boxes include configuration items for Transaction Management that apply at a system wide level. The Administrator uses this function to:
Indicate if user details will be logged. User details are:

• Record the user’s Browser Details
• The IP Address of the Application User and
• The User’s Operating System.

The administrator could, as an example, use the Log Browser Details to define which browser (e.g. IE or Firefox) is being used the most; the Log IP Addresses to see if traffic is within the institution or outside and the Log Operating System to determine whether or not the information comes from a Mac or PC and what OS version. This information could be used for statistical analysis.

This form is accessed via the Override button on SSFF1200.

System Self Serve Facility Configuration Override block

• Override Code
• Description
• URL
  The URL points to an application server which in turn points to the Callista SMS database.
  
• Web Style Code
  Styles, which are created in Web Administrator, define the font, table and page body attributes of web pages. This is the style that is applied to all Callista Connect web pages, unless an override style is specified for individual pages or page elements in Web Administrator Page Builder
  
• Default Web Page Code
  The web page that appears when a user enters Connect.
  
• Login Web Page Code
  Normally, the login process only protects the Self Serve Application linked to a web page, not the entire page. That is, prior to authentication, the user can see the content of the target web page with the exception of the Self Serve Application. In order to protect the entire page (i.e. the application and all other page elements such as text blocks and links), an application with System Self Serve Application USERDEF can be created and mapped to the target web page/s in SSFF1110. Consequently, when logging in, the user sees only the Login Page until authenticated as a valid user. A Login Page can be mapped to the target web page. If one is not specified the Login Page in this form is used.
• Pre-page Declaration
  The Pre-page Declaration may be set globally in SSFF1200. In that case if the value here is set to '<default>' then the global value is inherited by this Self Serve Facility. If an actual DOCTYPE value is set here then that will apply for this Self Serve Facility.

Authentication Details sub block

• Idle TimeOut
  When using secured applications, users are required to re-authenticate if their session has been inactive for the amount of time specified as idle timeout.
  
• Age TimeOut
  Regardless of how many secured applications the user has accessed, if they are still using an application at the end of this timeout, they are required to re-authenticate.
  
• SSO Protected check box
  This checkbox indicates if the Connect URL is protected by Single Sign On. See warning below.
• Encryption Key Age Timeout
  All user identifier/password combinations are held in a cache while the user is accessing secure applications. To provide further security over the user identifier/password information and to prevent another person from viewing these combinations in the cache, it is encrypted with a key. In order to view the information in the cache, a user would need to decrypt the key. By setting an Encryption Key Age Timeout, the encryption key is changed after the timeout period thereby making it more difficult for a person decrypt the key. The key is produced by the system and does not need to be set by a user.
  
• Use Default Password to Authenticate check box
  When this check box is selected, it means that users authenticated via the CALLISTA ID authentication method can use their default password (see below) to gain authentication. If the check box is not selected, the first time a user accesses a secure application, they are required to change their password before proceeding.

Cookie Details sub block

• Domain
• Path

Transaction Management

• Log Browser Details
• Log IP Address
• Log Operating System

Buttons

• Default Self Serve User Password Rule (RULF2000)
• Self Serve User Eligibility Rule (RULF2000)

Rules/Notes:

Any Login Pages must first be created in the Web Administrator.

Staff Access
The Login Page for staff member access must be the first page displayed for staff members. This is so the staff member Person ID can be determined and the dynamic menu can be granted. To enforce the Login Page to be the first page displayed for staff, ensure the Login Page is associated with the Default Page defined for the URL parameter for the staff (override) configuration. The Login Page must also be associated with every page that a staff member may access (SSFF1110).

Transaction Management
The Log Browser Details, Log IP Address and Log Operating System check boxes have their information displayed in Summary Person Transaction Inquiry (SSFF4200).

SSO Protected checkbox
This checkbox indicates if the Connect URL is protected by Single Sign On. It is important that this check box is only selected after configuring a SSO Server to protect the URL. If this checkbox is selected without the Connect URL’s being protected by an SSO Server, the application may be exposed.
See the Callista Product Centre - wiki.callista.com.au/display/CPC for further details.
When this check box is selected a warning is displayed - 'Warning: For this change to take effect, a Single Sign On Server must be configured.'

To create a new override configuration:

• Enter a unique override code and description
• Enter the URL
• Optionally enter values for all other fields.
• Optionally enter values for the Self Serve User Password and Self Serve User Eligibility Rules
• Save

Rules/Notes:

The Default Page must have a System Web Element Type of PAGE.

The Default Page must not be mapped to a closed Web Element.

The Login Page must have a System Web Element Type of PAGE.

The Login Page must not be mapped to a closed Web Element.

The Authentication Details - Idle Timeout must be less than or equal to the Authentication Details - Age Timeout.

If an Encryption Key Age Timeout exists, then the Age Timeout must exist and be less than or equal to the Encryption Key Age Timeout.

Encryption Key Age Timeout must be greater than or equal to all Self Serve Application Authentication Age Timeouts.

The Cookie Details - Domain and Path are set to <default> when a new record is created. This indicates that the value is determined automatically by the server.

If any optional fields are left blank the values are determined from the Self Serve System Configuration in SSFF1200.

If Password and Eligibility rules are not defined for a override configuration, the values defined for the Self Serve System Configuration in SSFF1200 are used.

To modify an override configuration:

• Query for the override you wish to modify
• Modify the fields as required
• Save

Rules/Notes:

Clear the metadata in the Web Administrator whenever modifications are made to an override configuration.

To delete an override configuration:

• Query for the override you wish to delete
• Select the delete button
• Save