Difference between revisions of "Test"

From PARS
Jump to navigationJump to search
 
(93 intermediate revisions by the same user not shown)
Line 1: Line 1:
Several changes have been made to the PARS detentions system. These changes will make scheduling easier and more flexible for staff, and will change the setup required for detentions. If you have configured any types of detentions prior to this update, you will need to make some changes to the configuration in PARS. <br> <br>
+
PINs can be enabled in PARS for two factor authentication; the user must login using their SIMS or Active Directory details, then also enter a PIN. The PIN can either be a four digit number received by email and SMS, or a six digit TOTP generated by an authenticator app. <br> <br>
  
==Changes to Usage for Staff==
+
PINs can be disabled for login attempts from given IP address ranges. This allows you to use single factor authentication for logins within the school network and two factor authentication for all other logins. <br>
  
The changes to the detention system will be seen by staff when they are giving detentions. Staff will still select a type of detention from the Detention drop-down and click the Add button to select that detention. <br> <br>
+
''Note that some configuration must be performed in PARS before it is able to send emails or SMS messages. See the '''[[Contacting_parents#Configuration|Contacting Parents]]''' page for further information about the configuration required.'' <br> <br>
  
[[Image:issueDetentionNew.jpg]] <br> <br>
+
==Enable PINs==
  
PARS will then calculate the first available slot for each selected student in that detention. This is the same process as automatic scheduling. However unlike the old automatic scheduling system, staff now have the option to change the date before the detention is saved. Staff can do this by clicking the Ready link. <br> <br>
+
The PIN settings for PARS are stored in the web.config file for the PARS site, on the PARS IIS server. The web.config file is found in the PARS installaion folder which is usually located: <br>
 +
C:\inetpub\wwwroot\PARS\web.config <br> <br>
  
[[Image:scheduleDTnew.jpg]] <br> <br>
+
The web.config file is in xml format and can be edited using Notepad or a similar text editor. To enable PINs in PARS, find the setting called "PINS" and change the value to "On" e.g. <br>
 +
<setting name="PINS" serializeAs="String">
 +
      <value>On</value>
 +
</setting>
 +
<br>
  
This opens a popup showing the earliest date that the detention can take place. Staff can alter this by using the forward or back buttons to change the date of the detention. Because staff can alter the date of the detention at this stage, they do not need to use the [[Schedule detentions]] page. <br> <br>
+
==Disable PINs internally==
  
For staff who have been using auto-scheduling, they can continue using PARS as normal and detentions will be auto-scheduled as before. Staff will have the option of clicking the Ready link to change the date of the detention if desired. For staff who have been using the Schedule Detentions page to select the date for their detentions, they must now click the Ready link instead, otherwise their detentions will be auto-scheduled. <br> <br>
+
If you would like to disable PINs for a certain range of IP addresses, find the setting called "PIN_Exclude_IPs". Enter each IP address or range of IP addresses into the value, separated by semi colons. <br> <br>
  
If the link reads "Unscheduled" rather than "Ready" then PARS has been unable to find any available times for the student(s) to be placed in detention. Clicking the Unscheduled link will explain why this has happened. Detentions can only be saved once they have a valid schedule date.
+
You can specify a range of IP addresses using a subnet mask. The subnet mask must not be in 'classless' format e.g. 192.169.1.0/24 is not acceptable; you should use 192.169.1.0/255.255.255.0 instead. <br> <br>
<br> <br>
 
  
If the Print Slip On Save option is enabled (see below) then the detention slips will be downloaded when the user saves the detention. This replaces the need to click the Save and Print Slips button on the Schedule Detentions page (although it is still possible to do this, or to print detention slips via Edit Scheduled Detentions). <br> <br>
+
The value field in the web.config file must not include line breaks. <br> <br>
  
==Changes to Configuration==
+
'''Correct'''
 +
<setting name="PIN_Exclude_IPs" serializeAs="String">
 +
      <value>192.168.0.0/255.255.0.0</value>     
 +
</setting>
  
The changes to the setup of detentions are all applied to the time types, and therefore can be accessed via: <br>
+
'''Incorrect'''
'''[[PARS main menu]]''' > '''[[Detentions]]''' > '''Configure''' > '''[[Configure time types]]''' <br> <br>
+
<setting name="PIN_Exclude_IPs" serializeAs="String">
 +
      <value>192.168.0.0/16</value>    
 +
</setting>
  
{|
+
'''Incorrect''' 
|[[Image:oldtimetype.jpg]]||[[Image:newtimetype.jpg]]
+
<setting name="PIN_Exclude_IPs" serializeAs="String">
|} <br>
+
      <value>192.168.0.0/255.255.0.0
 +
      </value>     
 +
</setting>
  
===Schedule only timeslot===
+
You may enter multiple IP address ranges or single IP addresses by separating with a semi colon e.g.
 +
<setting name="PIN_Exclude_IPs" serializeAs="String">
 +
      <value>192.168.0.0/255.255.0.0;172.16.0.0/255.240.0.0</value>     
 +
</setting>
 +
<br>
  
This option has been removed. Detention slots must always be scheduled (calenderised) in advance. For the vast majority of schools this will not require any additional setup. <br>
+
==PINs by TOTP==
Either of the following two methods can be used to check if a detention has been scheduled: <br>
 
*A tick in the Scheduled column means the detention has been scheduled
 
*Click the arrow to the left of the detention's name; if any dates are shown, the detention is scheduled
 
  
[[Image:isScheduled.jpg]] <Br> <Br>
+
[[Image:TOTP_kep.png|thumb]]
  
===Requires printed slip===
+
The default method for delivering PINs to users is to send an email and a password containing their temporary PIN. PARS will use the user's mobile telephone number and work email address from SIMS. <br> <br>
  
The Requires Printed Slip options has been renamed to Print Slip On Save, to more accurately reflect its function. <br> <br>
+
The alternative is for users to download an authentication app. Users can request a key from the PARS login page which will be sent to them via email and SIMS. Once they have entered this key into their authentication app, they will be able to generate PINs using the authentication app without the need to receive emails and SMS messages. <br> <br>
  
Now when enabling the Print Slip On Save option you must also select a detention slip. This slip will be downloaded to the user's computer upon saving a detention, ready to be printed. <br> <br>
+
To enable PINs in PARS, find the setting called "PINS" and change the value to "On" e.g. <br>
 +
<setting name="PINSBYTOTP" serializeAs="String">
 +
      <value>On</value>
 +
</setting>
  
This option should only be used if [[slip designer|Detention Slips]] need to be printed immediately when a detention is given (most commonly by teachers). If detention slips are to be printed centrally by admin staff, do not enable this option. Detention Slips can be printed in bulk via the [[Edit scheduled detentions]] page regardless of whether the Print Slip On Save option is enabled or not. <br> <br>
+
Once TOTP PINs have been enabled, users will be able to collect a key for use in their authenticator app. To receive a key the user first needs to attempt to log in to PARS. They will then be prompted to enter a PIN and will also see a cog button. Clicking the cog button will sent a key to the user via email and SMS. <br> <br>
  
===Default to / Optionally / Never ... personal===
+
==Troubleshooting==
  
Each type of detention is now always Personal or Central (central means non-personal). Users will not be able to change this when they are giving the detentions to students. As such, the permission "Default users detentions to personal" has been retired. <br> <br>
+
If you are experiencing trouble in disabling PINs for internal IP address ranges then enter "*log*" as the first item in the list of excluded IP address ranges e.g. <br>
 +
<setting name="PIN_Exclude_IPs" serializeAs="String">
 +
      <value>*log*;192.168.0.0/255.255.0.0</value>    
 +
</setting>
  
The previous options available, when configuring a time type, were: <br>
+
PARS will then log information in the Application Log of the IIS server on which PARS is installed. These logs will show which IP address was used during a login attempt and whether it matches any of the ranges that have been excluded. <br> <br>
*Default to personal
 
*Optionally personal
 
*Never personal <br> <br>
 
 
 
Detentions that were previously set to Default to personal will now become Personal. Detentions that were either Optionally personal or Never personal will become Central (non-personal). These settings can be changed if required. <br> <br>
 
 
 
===Advance days & Same day cut-off===
 
 
 
These settings were previously defined in [[Preferences]] and therefore the same settings applied to all detentions. This meant that, when auto-scheduling, all detentions would take place the same number of days in advance. Many schools needed more flexibility than this e.g. a lunchtime detention should happen on the same day, but an after school detention needs 24 hours' delay in order to inform parents. <br> <br>
 
 
 
Each detention type now has an Advance Days setting. This is the minimum number of days in advance that this detention can be booked. If the Advance Days is set to "1 day" then a detention given on Thursday cannot be scheduled to take place until Friday, or later. <br> <br>
 
 
 
If the Advance Days option has been set to "Same day" then the detention is allowed to be scheduled on the same day it is given. In this case you will also see a Same Day Cutoff option. Detentions issued before this time are allowed to be scheduled on the same day, detentions given after this time can only be scheduled the day after or later. If this option is set to 00:00, it is ignored and this detention type can always take place on the same day. <br> <br>
 
 
 
[[Category:Detentions and Removals]]
 
[[Category:Configuration]]
 

Latest revision as of 11:42, 20 July 2018

PINs can be enabled in PARS for two factor authentication; the user must login using their SIMS or Active Directory details, then also enter a PIN. The PIN can either be a four digit number received by email and SMS, or a six digit TOTP generated by an authenticator app.

PINs can be disabled for login attempts from given IP address ranges. This allows you to use single factor authentication for logins within the school network and two factor authentication for all other logins.

Note that some configuration must be performed in PARS before it is able to send emails or SMS messages. See the Contacting Parents page for further information about the configuration required.

Enable PINs

The PIN settings for PARS are stored in the web.config file for the PARS site, on the PARS IIS server. The web.config file is found in the PARS installaion folder which is usually located:
C:\inetpub\wwwroot\PARS\web.config

The web.config file is in xml format and can be edited using Notepad or a similar text editor. To enable PINs in PARS, find the setting called "PINS" and change the value to "On" e.g. 

<setting name="PINS" serializeAs="String">
      <value>On</value>
</setting>


Disable PINs internally

If you would like to disable PINs for a certain range of IP addresses, find the setting called "PIN_Exclude_IPs". Enter each IP address or range of IP addresses into the value, separated by semi colons.

You can specify a range of IP addresses using a subnet mask. The subnet mask must not be in 'classless' format e.g. 192.169.1.0/24 is not acceptable; you should use 192.169.1.0/255.255.255.0 instead.

The value field in the web.config file must not include line breaks.

Correct 

<setting name="PIN_Exclude_IPs" serializeAs="String">
      <value>192.168.0.0/255.255.0.0</value>      
</setting>

Incorrect 

<setting name="PIN_Exclude_IPs" serializeAs="String">
      <value>192.168.0.0/16</value>      
</setting>

Incorrect 

<setting name="PIN_Exclude_IPs" serializeAs="String">
      <value>192.168.0.0/255.255.0.0
      </value>      
</setting>

You may enter multiple IP address ranges or single IP addresses by separating with a semi colon e.g. 

<setting name="PIN_Exclude_IPs" serializeAs="String">
      <value>192.168.0.0/255.255.0.0;172.16.0.0/255.240.0.0</value>      
</setting>


PINs by TOTP

TOTP kep.png

The default method for delivering PINs to users is to send an email and a password containing their temporary PIN. PARS will use the user's mobile telephone number and work email address from SIMS.

The alternative is for users to download an authentication app. Users can request a key from the PARS login page which will be sent to them via email and SIMS. Once they have entered this key into their authentication app, they will be able to generate PINs using the authentication app without the need to receive emails and SMS messages.

To enable PINs in PARS, find the setting called "PINS" and change the value to "On" e.g. 

<setting name="PINSBYTOTP" serializeAs="String">
      <value>On</value>
</setting>

Once TOTP PINs have been enabled, users will be able to collect a key for use in their authenticator app. To receive a key the user first needs to attempt to log in to PARS. They will then be prompted to enter a PIN and will also see a cog button. Clicking the cog button will sent a key to the user via email and SMS.

Troubleshooting

If you are experiencing trouble in disabling PINs for internal IP address ranges then enter "*log*" as the first item in the list of excluded IP address ranges e.g. 

<setting name="PIN_Exclude_IPs" serializeAs="String">
      <value>*log*;192.168.0.0/255.255.0.0</value>      
</setting>

PARS will then log information in the Application Log of the IIS server on which PARS is installed. These logs will show which IP address was used during a login attempt and whether it matches any of the ranges that have been excluded.

Retrieved from ‘https://www.tascsoftware.co.uk/wiki/PARS/index.php?title=Test&oldid=41718