Student SS 8.7.1 Release Guide

Banner Student Self-Service Release GuideRelease 8.7.1February 2015/nWithout limitation: Ellucian®, Banner®, Coll eague®, and Luminis® are trademarks of the Ellucian group of companies that are reg istered in the U.S. and certain other countries; and Ellucian AdvanceŽ, Ellucian Course SignalsŽ, Ellucian Degree WorksŽ, Ellucian PowerCampus Ž, Ellucian RecruiterŽ, Ellucian SmartCallŽ, are also trademarks of the Ellucian group of companies. Other names may be trademarks of their respective owners. © 2015 Ellucian. Contains confidential and proprietary information of Ellucian and its subsidiaries. Use of these materials is limited to Elluci an licensees, and is subject to the terms and conditions of one or more written li cense agreements between Ellucian and the licensee in question. In preparing and providing this publicati on, Ellucian is not rendering legal, accounti ng, or other similar professional service s. Ellucian makes no claims that an institution's use of this publication or the soft ware for which it is provided will guarantee compliance with ap plicable federal or state laws, rules, or regulations. Each organiza tion should seek legal, accounting, and other similar professional services from comp etent providers of the organization's own choosing. Prepared by: Ellucian 4375 Fair Lakes Court Fairfax, Virginia 22033 United States of America Revision History Publication DateSummary February 2015 New version that supports Banner Student Self-Service 8.7.1 software. /n 3Banner Student Self-Service Release Guide |Contents Contents Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4 Admissions Application PIN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5 New Self-Service page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Change PIN (bwskalog.P_DispChangePIN) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Web Page Fields. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Setup Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Updates to Banner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Links to Other Web Pages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Buttons/Icons on This Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Web Menus With Links to This Page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Changed Self-Service pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Admissions Login (bwskalog.P_DispLog inNon). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Admissions Login - New User (bwskalog.P_DispLoginNew). . . . . . . . . . . . . . . . . . . . 8 Changed packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 BWSKALOG/BWSKALO1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 New scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Updated Security Scan Error Handling . . . . . . . . . . . . . . . . . . . . . . . . . .11 Self-Service Data Validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12 /n 4Banner Student Self-Service Release Guide |Introduction IntroductionThe Banner® Student Self-Service 8.7.1 releas e contains updates to self-service pages for the following enhancements. ŁAdmissions Application PIN ŁSecurity Scan Error Handling ŁSelf-Service Data Validation /n 5Banner Student Self-Service Release Guide |Admissions Application PIN Admissions Application PINBanner Student Self-Service 8.7.1 is dependent on Banner Student 8.7.3. New functionality has been added to enhance admissions application PIN processing and provide strong passwords as requested in IDEA-16385 and IDEA-19248. The changes pertain to first time user account creation and the returning user login process for applicants in Self-Service. Previously, an unsecured PIN of six characters had been created in clear text format. The PIN displa y is now encrypted, the PIN length has been expanded, and alpha characters can be used in the PIN. Existing controls on the Enterprise PIN Preferences Form (GUAPPRF) are used for PIN format and length. PINs must conform to the PIN reset format, number or character options, and minimum and maximum length as defined on GUAPPRF. Error messages are displayed if the new PIN does not meet the requirements. Note: Any changes made to the GUAPPRF preferences for applicants will also apply to current students. The PIN field length on the Electronic App lication Process Form (SAAEAPS) has been expanded. The created PIN is displayed as an enc rypted value (a series of asterisks). The PIN can be reset by the administrator. It is recommended that the administrator note the PIN before it is reset, so the information can be provided to the applicant. When first time user login credentials are creat ed in Self-Service Admissions, the rules on GUAPPRF are checked to see if the new password meets th e rule criteria. A message is displayed to inform the applicant of the requirements. If the password conforms to the rules, the applicant can continue to log in. The returning user login is al so validated based on the sett ings on GUAPPRF. If the login does not meet the requirements, the new Change PIN page (bwskalog.P_DispChangePIN ) is displayed. The applicant must change the PIN to continue by entering the old PIN, entering the new PIN, and re-entering the new PIN for confirmation. The old PIN is validated against the stored PIN. Once it has been authenticated, the new PIN is stored. When the PIN is successfully updated, the applic ant is logged in and taken to the Select an Application Type page ( bwskalog.P_DispChoice ) to start a new application or the Application Menu (bwskalog.P_DispChoices ) for existing and in process applications. When the login authentication fails, an error is displayed. Error messa ges indicate the PIN requirements as defined on GU APPRF. If an applicant submitted an application before this enhancement was applied, and a PIN was used that does not meet the new requirements, the student will need to change the PIN. Once the applicant has been admitted to the inst itution, the secure login and PIN are sent to him/her. The Third Party Access Audit Fo rm (GOATPAD) is then used to manage the PIN./n 6Banner Student Self-Service Release Guide |Admissions Application PIN Note: It is recommended that Info Text for the login pages be reviewed and references to the previous PIN requirements updated. Refer to the Banner Student Release Guide 8.7.3 for information on additional changes for this enhancement. New Self-Service page A new page has been added for Admissions Self-Service. Change PIN (bwskalog.P_DispChangePIN)The Change PIN page ( bwskalog.P_DispChangePIN ) is used to reset the applicant™s PIN for access to Se lf-Service. It is displayed when the applicant logs in with a previously created PIN that does not meet the defined PIN preferences. The controls on the Enterprise PIN Prefer ences Form (GUAPPRF) are used to validate the PIN. The Change PIN button is used to submit the changed PIN information. When the PIN change is successful, the applicant is logged in and taken to the Select an Application Type page ( bwskalog.P_DispChoice ) to start a new application or the Application Menu ( bwskalog.P_DispChoices ) for existing and in process applications. When the PIN change is not success ful, an error is displayed. Web Page Fields This page contains the following fields. Setup Requirements The following setup is required for this page to work as expected. ItemDescription/Source Information Old PINOriginal login PIN. New PINNew secured login PIN. Verify PIN PIN re-enter ed for authentication. /n 7Banner Student Self-Service Release Guide |Admissions Application PIN Updates to BannerThis page updates the following items. Links to Other Web Pages This page does not have links to other Web pages. Buttons/Icons on This PageThis page contains the following buttons/icons. Web Menus With Links to This Page No menus have links to this page. ItemDescription Enterprise PIN Preferences Form (GUAPPRF)Set up controls for: ŁPIN Reset Format ŁMinimum Length ŁMaximum Length ŁNumber Required Indicator ŁCharacter Required Indicator ItemDescription Old PIN, New PIN, Verify PINElectronic Admissions No n-Student Table (SABNSTU) Button/Icon ActionChange PIN ŁPIN change is successful. Applicant is logged in and tak en to the Select an Application Type page ( bwskalog.P_DispChoice ) to start a new application or the Application Menu (bwskalog.P_DispChoices ) for existing/in process applications. ŁPIN change is not successful. An error is displayed. /n 8Banner Student Self-Service Release Guide |Admissions Application PIN Changed Self-Service pages The following Self-Service pages have been modified. Admissions Login (bwskalog.P_DispLoginNon)The PIN field length on this page has been expanded to display 15 characters. Characters are displayed as dots. A maximum of 99 characters is allowed. Admissions Login - New User (bwskalog.P_DispLoginNew)The following changes have been made to this page. ŁThe Create a PIN field and Verify PIN field lengths have been expanded to display 15 characters. Characters are displayed as dots . A maximum of 99 characters is allowed. ŁInfo Text for the Login ID field instructions is delivered and can be modified in Web Tailor to be specific for your institution. ŁAdditional Info Text is delivered for PIN crea tion instructions. The displayed instructions are based on the GUAPPRF control settings. Changed packages The following package and package body have been modified. BWSKALOG/BWSKALO1New procedures have been added. Procedure Description P_DispChangePIN Displays the Change PIN page when the user PIN does not comply with the institution's password security policy defined in GUAPPRF. /n 9Banner Student Self-Service Release Guide |Admissions Application PIN Existing procedures have been modified. New scripts The following scripts are delivered with this enhancement to update Web Tailor. Note: Unless otherwise noted, new scripts are run as part of the upgrade process for a release. P_ProcChangePIN Processes the Old Pin , New Pin, and Verify New Pin values submitted on the Change PIN page. Stores New Pin value in the SABNSTU_PIN column as encrypted.A salt value is generated and stored in the SABNSTU_SALT column. This is used to encrypt the PIN value entered at login and match it with the stored PIN value.The salt value is always unique, even for the same clear text PIN. The encrypted PIN value is also unique for same clear text PIN. P_DispPIN_Instructions Displays the PIN creation instructions on the Admissions Login - New User and Change PIN pages. Displays instructions based on GUAPPRF settings. Procedure Description P_DispLoginNew Displays Admissions Login - New User page. Previously used to display PIN creation instructions (as hard coded text) from TWGRINFO. The P_DispPIN_Instructions procedure has been added to display PIN creation instructions based on GUAPPRF settings. P_ProcLoginNon Submits user ID and PIN information entered by user on Admissions Login - New User page. Multiple code changes have been made. Procedure Description /n 10Banner Student Self-Service Release Guide |Admissions Application PIN ScriptResultbwstwgbwmnui_080701.sql Adds entry to the Web Tailor Main Web Page Settings Table (TWGBWMNU) for procedure to display the Change PIN page (bwskalog.P_DispChangePIN ) bwstwgrinfoi_080701.sql Adds entry to the Web Tailor Repeating Information Text Table (TWGRINFO) for procedure to display the Change PIN page (bwskalog.P_DispChangePIN )bwstwgrinfou_080701.sql Updates entry in the Web Ta ilor Repeating Information Text Table (TWGRINFO) for procedure to display the Admissions Login - New User page (bwakalog.P_DispLoginNew )bwstwgrwmrli_080701.sql Adds entry to the Web Tailor Menu Roles Table (TWGRWMRL) for procedure to display the Change PIN page ( bwskalog.P_DispChangePIN )/n 11Banner Student Self-Service Release Guide |Updated Security Scan Error Handling Updated Security Scan Error HandlingThe security scan report lists several types of errors. One type applies to Self-Service pages where exception handling is not present or is not performed properly. The following Oracle errors are in this category. ŁORA-01403 - No data found. ŁORA-I06502 - PL/SQL: Numeric or value error: character string buffer too small. ŁORA-06502 - PL/SQL: Numeric or value error: character to number conversion error. ŁORA-01858 - A non-numeric character was found where a numeric was expected. Code for exception handling has been added to Self-Service pages as appropriate. Updated error messages display the page title and the error text and are more informational for the user. The Oracle erro r number is not displayed. For example, Error occurred while processing final grad e changes. ERROR: No data found .Numerous BWSKXXXX packages and the associated procedure s have been updated for these changes. /n 12Banner Student Self-Service Release Guide |Self-Service Data Validation Self-Service Data Validation The possibility existed for inappr opriate information to be displa yed in Banner Self-Service pages. Banner Web Tailor has added validation checks to prevent unsanitized HTML from being executed or injected into the pages. Data from HTP calls is now validated before being sent to the Self-Service pages and displayed to the user. The exception to the validation checking is data that is user- defined, such as Information Text (HTML). See the Banner Web Tailor 8.6.1.1 patch documentation for more information. There are three main types of Self-Service data entry that are validated: ŁWhen invalid characters are entered directly into a Self-Service page, an error message is displayed to the user to re-enter the data or contact an administrator. ŁWhen field values are included in a URL, the system displays an access error message or a cross site scripting error. ŁWhen a modified HTML file is used to load invalid data, the system displays an error and code information for the failed execution. Numerous BWSKXXXX and BWCKXXXX packages and the associated pr ocedures have been modified to use the new validation checks. /n

Banner_Student_Self-Service_Release_Guide_8.7.1.pdf (96.0 KB)
Helpful?

Related Articles: