Staff STS

This screen enables you to select the actions to be taken by Installation Manager (e.g., install, uninstall) and to configure the STS connections for CampusNexus Student, CampusNexus CRM, Portal Administrator, and Forms Builder.

Set Up the Staff STS

  1. In the Installation menu, click Staff STS. The Staff STS screen is displayed. Closed

    Staff STS Settings

  2. Click Add to add a line to the Settings screen.

  3. Select an appropriate Action. The following Action values are available:

    • None – Performs no action.

    • Install – Performs a fresh installation or upgrade of a component. You can install or upgrade multiple components at same time.

    • Uninstall – Removes all subcomponents on that machine and uninstalls the component from Programs and Features.

    Optional: Click Select All to set the Action field to Install for all components listed on this screen. Click Unselect All to set the Action field to None.

  4. Enter the name of the Server where the Security Token Service will be installed.

  5. Specify the name of the Port for the Staff STS connection or accept the default (91).

  6. Click copy icon to copy a line. Edit the copied line as needed.

  7. Click Options (ellipsis) icon to view and edit the Options form.

    General Tab

    Use this tab to specify the certificate thumbprint and hostname of the Staff STS. Closed

    Notes:

    • The certificate thumbprint for Staff STS can be the same as the one used for CampusNexus Student, CampusNexus CRM, Portal, and Forms Builder, or it can be a different certificate.

    • If the Hostname is specified, this hostname will be added to the IIS bindings.

    • The URL with custom hostname needs to be provided to the web.config files of all the relying parties.

    • Since Staff STS always uses SSL, it is always HTTPS.

    Staff STS Options  

    General Tab Fields
    Field Description
    URL This is a friendly URL to access the Staff STS. The default port is 911.

    The default format is: https://machinename.domain.com:port
    Hostname This is an optional field. When selected, the web.config file of Staff STS will be updated with the custom host URL.

    If this field is left blank, the URL for Staff STS accessed by end users and the URL in the config files will be
    https://machinename.domain.com:port

    Microsoft Internet Information Services (IIS) allows you to map multiple web sites with the same port number to a single IP address by using a feature called Host Header Names. By assigning a unique Host Header Name to each web site, this feature allows you to map more than one web site to an IP address.

    Enter a hostname if you want to assign a hostname (DNS name) in IIS. If you specify a hostname, clients must use the hostname instead of the machine name or IP address to access the web site. This feature is often used when a TCP Port must be shared.

    warning icon If you change Staff STS to use the hostname and you have other applications installed that share Staff STS, you may need to update the web.config files of the existing applications to reflect the new Staff STS URL.

    Staff STS is shared between:

    • Forms Builder Designer 2.3.x
    • Forms Builder Designer 3.x
    • CampusNexus Student
    • Portal 18.2 or higher
    • CampusNexus CRM

    For Web Client for CampusNexus Student, ensure the ‘AuthenticationProvider:WsFedIssuerUri’ app setting value matches the Staff STS URL.

    For Forms Builder Designer and Web Client for CampusNexus CRM, ensure the 'Issuer' under federationConfiguration matches the Staff STS URL.

    Certificate Thumbprint Certificate Thumbprint from IIS.

    Copy and paste the thumbprint into Options form, or click Browse to navigate to the IIS Server Certificates to select the thumbprint. The thumbprint will be added to the web.config file of the component that uses the STS connection. Click Verify Certificate to make sure the certificate is valid.

    Note: Only RSA-based certificates are supported.

    The thumbprint for Staff STS can be the same one used for CampusNexus Student, CampusNexus CRM, Portal, or Forms Builder, or it can be a different certificate. Closed

    1. Open Internet Information Services (IIS) Manager and choose the certificate to be used from Server Certificates.

      IIS Manager

    2. Double-click to open the certificate properties.

      Server Certificates

    3. Select Root level and in the Details tab, click the Copy to File… button.

    4. Click Next. Select No, do not export the private key and click Next.

    5. Select DER encoded binary X.509 (.CER) and click Next.

    6. Specify a file path and name (root) to export to and click Next.

    7. Click Finish
    Active Directory Domain This field is available in Staff STS 2.1 or later. It supports the DefaultDomain key in the app settings of config files for products that use the Staff STS, e.g., CampusNexus Student, Forms Builder, Portal.

    If the environment is Active Directory enabled, the Active Directory Domain value can be set to the users' domain. This enables users to log in without typing the domain value.

    <add key="DefaultDomain" value=""/>

    Note: If Staff STS 2.1 or later is installed for CampusNexus CRM, the default domain value will not affect CampusNexus CRM.
    Enter the database information for your environment. Installation Manager will query the database(s) to populate the relying parties URLs if the information is available (see Relying Parties Tab).
    CampusNexus Student Database
    Database Server Name of the SQL server on which the CampusNexus Student database resides.
    Port Specify the port number of the SQL server or accept the default (1433).
    Database Name Name of the CampusNexus Student SQL database.
    Test Click Test to verify the database connection.
    CampusNexus CRM Database
    Database Server Name of the SQL server on which the CampusNexus CRM database resides.
    Database Name Name of the CampusNexus CRM SQL database.
    Test Click Test to verify the database connection.
    Relying Parties Tab

    Use this tab to specify the URLs of the components that rely on the Staff STS for staff authentication. The fields on this tab are optional. Closed

    Relying Parties tab

    The default format of the URLs is: http(s)://machinename.domain.com:port

    The URLs of the relying parties are inserted into web.config file of Staff STS 2.0 or later to support backward compatibility.

    Examples:

    • If a customer has Forms Builder 3.2 (Staff STS 1.1) and then you install CampusNexus Student 18.2 (Staff STS 2.0 or later), the Forms Builder Designer URL must be inserted into the web.config file of Staff STS 2.0 or later with the following key:

      <add key="FormsBuilder.Designer.WsFed" value=""/>

    • If a customer has CampusNexus CRM 11.1 (Staff STS 1.1) and then you install CampusNexus Student 18.2 (Staff STS 2.0 or later), the URL of the Web Client for CampusNexus CRM must be added to the web.config file of Staff STS 2.0 or later.

    • If a customer has CampusNexus CRM 12.0 (Staff STS 2.0 or later) but CampusNexus Student 18.1, the following URLs must be added to the web.config file of Staff STS 2.0 or later:

      • CampusNexus Student
      • Portal
      • Portal Admin Console
      • Portal Config Tool

    • If a customer has CampusNexus Student 18.2, CampusNexus CRM 12.0, and Forms Builder 3.1 or lower, the Form Designer URL must be added to the web.config file of Staff STS 2.0 or later.

    Relying Parties Tab Fields
    Field Description
    refresh

    Click the Refresh button to attempt an automatic settings update.
    Forms Builder
    Forms Builder 2.3.x Designer URL URL of the Forms Builder 2.3.x Designer
    Forms Builder 3.x.x Designer URL URL of the Forms Builder 3.x.x Designer
    Forms Builder 3.x.x Designer URL URL of the Forms Builder 3.x.x Renderer
    CampusNexus CRM
    CRM Web Client URL URL of the Web Client for CampusNexus CRM
    CampusNexus Student
    Student Web Client URL URL of CampusNexus Student
    Student Portal URL URL of the Portal
    Student Portal Admin Console URL URL of the Portal Admin Console
    Student Portal Config Tool URL URL of the Portal Configuration Tool
    Test Click Test to check each URL entered on this tab. If HTTPS is configured for any of these URLs, ignore the certificate error.

  8. Click OK to save changes on the Options form. The form is closed.

  9. Click Delete icon to delete a selected line.

  10. Click Test to ensure the setup for the corresponding line is correct. If a test on a particular line fails, check all associated fields and click Test again.

    The Test button checks the connectivity of the Admin user to the machine specified in the Server name field.

  11. If all tests pass, click right arrows.