The main goal of the UCLA Logon page upgrade was to provide a better user experience. In the current UCLA Logon page, error messages and troubleshooting tips were very vague. With the new iteration we will be providing friendlier troubleshooting tips and error messages that will describe to the user what is going on and how they can self troubleshoot.
The new UCLA Logon page will work best in modern browsers (i.e., recent versions of Safari, Firefox, Chrome and Internet Explore 9+). Therefore, you may want to update your browser before August 30, 2015, if you’re running an older version.
If you have not already, please read the SAML2 Migration article. We will be deprecating SAML1 soon. SAML1 calls should work with this version of Shibboleth, but if you are experiencing issues, our first recommendation will be to upgrade to SAML2.
Merging auth.ucla.edu into Shibboleth
Two parties within IT Services maintain the UCLA Logon page. The IAMUCLA team will be merging the login portion of the process into the Shibboleth workflow. Users will no longer be redirected from shb.ais.ucla.edu to auth.ucla.edu and back to shb.ais.ucla.edu during a login attempt. A user will now remain at shb.ais.ucla.edu during the entire login interaction.
Removal of Terracotta
To maintain session states, we previous had to depend on Terracotta. This caused some performance and stability issues in the pass (restarts every month or so). We will be removing Terracotta and depend on a cookie to maintain sessions. Please see the Shibboleth documentation about IdP Clustering.
A10 Application Delivery Controller for Fail Over
Previously with our load balancer, fail over changes occurred manually. A manual DNS change had to be made, which could take up to 30 minutes to propagate for users. With the new A10 Application Delivery Controller, this change will be seamless should a disaster occur at UCLA.
We will be updating the VMs and versions of software on the VMs.