Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

EBL EZProxy Authentication

advertisement 
EZproxy Authentication
Ebooks Corporation
Ebooks Corporation Limited
Washington D.C.
7406 Brookville Road
Chevy Chase, MD 20815
USA
Tel: +1 (301) 951-8108
Fax: +1 (240) 235-7017
Perth
62 Bay View Terrace
Claremont
WA
6010
Australia
Tel: +61 (0)8 9385 5851
Fax: +61 (0)8 9385 5755
Melbourne
2/3 Robe Street
St Kilda VIC 3182
Australia
Tel +61 (0)4 3993 9943
Fax +61 (0)3 9534 7017
Table of Contents
1
INTRODUCTION.........................................................................................................3
Overview........................................................................................................................................... 3
IP-Address Configuration .................................................................................................................4
Unique Identifier .............................................................................................................................4
EZproxy ............................................................................................. Error! Bookmark not defined.
EZproxy Versions.............................................................................................................................5
Configuration forEZproxy 3.0 and 3.1 ...............................................................................................5
Configuration for EZproxy 3.2 ..........................................................................................................6
Copyright © 2005, Ebooks Corporation Limited
1 Introduction
In setting up authentication to your library’s EBL portal, our aim is to protect patron privacy
while ensuring secure Digital Rights Management (DRM) and comprehensive usage statistics.
Seamless authentication also ensures that use of your ebook collection is reserved only for
access by recognized patrons of your library.
In order to properly manage circulation of ebook and copyright permissions per use, EBL
requires that each patron accessing Ebook Library is authenticated and passed through with
some form of unique identifier.
Overview
To verify a patron’s identification and access permissions, EBL controls DRM settings at the
individual patron level. The EBL system utilizes a combined method of IP recognition plus
individual identification, via a unique, consistent, and privacy-sensitive identifier.
The authentication system works as follows:
Copyright © 2005, Ebooks Corporation Limited
3
The patron’s IP range is checked against the registered IP address of the library.
1. If the IP address is within the range, or none has been specified, then they pass to
the authentication strategy check.
2. If the IP address is incorrect, then the system checks whether they have an authentication URL entered into the system settings (this would generally be the local library log-in screen) and they are sent to that URL for authentication and rechecked
for the IP-address range.
3. If they don’t have an authentication strategy, they are denied access.
4. After the IP check is passed, the authentication strategy is checked.
5. In the event that the library has not elected to set up an integrated authentication
process, the system will default to EBL’s Direct Patron Login, which asks the patron
to enter an individual user name and password for access to the EBL Patron site.
However, more commonly, libraries elect a more streamlined and seamless process
of integrated authentication.
Using integrated authentication, EBL communicates behind the scenes with the library’s
own systems to obtain unique log in details and/or patron authentication. For example:
• If the library has an OPAC or LDAP system that the patron logs into, the log in details
can be passed to EBL as a parameter in the URL string or via other methods.
• If the library uses EZproxy, this identifier will be one-way encrypted during the referral
process to ensure that the patron’s identify is completely anonymous and untraceable once
it reaches the EBL system.
• If the library uses Athens or another user system for example, the EBL server will contact the Athens server to verify the user’s identification.
Once the user ID is authenticated via one of these routes, the patron is considered approved
and is taken directly into the to the requested ebook record or to the EBL welcome page.
IP-Address Configuration
It is recommended that this additional security check is used if possible. If your library is
able to supply a limited list of IP addresses from which your patrons will be accessing EBL,
we will restrict access to only allow requests coming from those IP addresses.
Libraries can have one or more ranges of IP addresses, as well as one or more specific IP
addresses. There is no limit to the number of ranges or specific IP addresses that can be
used.
If available, please provide your account manager with the required IP Addresses.
Unique Identifier
A unique identifier is required for each patron who accesses the EBL system. This is used to
control DRM rights for that user and to differentiate between patrons using the same inhouse library computers. If the authentication is conducted on the library’s own system, a
unique, encrypted identifier will be passed through to EBL at the time of requested access.
This identifier can be a student number or any other consistent, unique ID. It can be
encrypted to assure the patron’s anonymity, provided that the information passed through is
the same for that user on subsequent visits to the EBL system.
Copyright © 2005, Ebooks Corporation Limited
4
EZproxy
If your library is using EZproxy as an intermediary server between your library’s patrons and
licensed content providers, the process generally occurs as follows:
1. Your patrons connect to EZproxy
2. The EZproxy system communicates with your licensed content provider or database
system
3. The requested content (userID) is sent to EBL via EZproxy for patron access
Since EZproxy runs on a machine located on your network, EBL sees the requests as coming
from an IP address on your network and permits access. This is what EBL calls Web Authentication.
EZproxy Versions
For the most up to date information on EZproxy configuration, be sure to have a look at the
Useful Utilities EZproxy support site:
http://www.usefulutilities.com/support/cfg/database.html
Any version of EZproxy will work, but there are a few options depending on which version
you have. The differences are summarised as:
3.0a or previous
The standard version of EZproxy (previous to 3.0a GA) will send the information to EBL
unencrypted.
3.0a GA (Encryption)
To encrypt this information, EZproxy versions 3.0a GA and later contain the functionality to
allow a userID to be encrypted before being passed to EBL. To use the encrypted method,
download the updated version of EZproxy:
http://www.usefulutilities.com/download/?version=20040618
In the encrypted version, the EZproxy admin menu displays a new "Decrypt User Variable"
option whenever EncryptVar appears in EZproxy.cfg. This option allows the EZproxy administrator to enter an encrypted value and see what the original plain-text value was.
3.2 (Security)
Version 3.2 has added security for a library which adds a key to the authentication message
sent to EBL. This key is also stored by EBL to verify that the user has come from the library
authentication system which matches the URL that they’re accessing.
http://www.usefulutilities.com/download/?version=20050403
Configuration for EZproxy 3.0 and 3.1
These are the configuration changes needed for Ebook Library to be recognized as a database by EZproxy.
1. The file EZproxy.cfg will require an addition entry, as follows.
Copyright © 2005, Ebooks Corporation Limited
5
Title Ebook Library
URL http://library.eblib.com/EBLWeb/patron/?userid=^u
Domain eblib.com
2. Modifications in ezpauth.pl, StartSession:
Make sure the variable loguser is included in the $query variable. The value for loguser is
used to pass the userid onto Ebook Library.
Case Study
Curtin University has successfully integrated their EZproxy 3.0 with EBL’s system.
following is an explanation of their set up.
The
-----------------XX----------------To pass the userID in the first place we needed to modify our login scripts to collect the
userID and then pass it to EZproxy in the loguser variable. EZproxy then encrypts the value
and places it wherever the ^u is located in the URL.
The EZproxy.cfg file needed to have the option turned on to deal with userID being passed.
The entry to added was
OPTION LOGUSER
The configuration for EBL:
Title EBL
EncryptVar u astringwechose
URL http://curtin.eblib.com.au/EBLWeb/patron/?userid=^u
DJ eblib.com.au
HJ 64.151.83.198
HJ 64.151.83.206
HJ 64.151.183.210
HJ 64.151.83.210:8080
Please note that the IP Addresses specified here are specific to EBLs US servers. If you are
located in Australia the IP Addresses that you need are:
HJ 203.188.156.93
HJ 203.188.156.94
HJ 203.188.156.80
HJ 203.188.156.80:8080
-----------------XX----------------Configuration for EZproxy 3.2
These are the configuration changes needed for Ebook Library to be recognized as a database by EZproxy.
1. The file EZproxy.cfg will require an addition entry, as follows.
Copyright © 2005, Ebooks Corporation Limited
6
Title ebooks.com
AllowVars u
EncryptVar u astringyoupick
EBLSecret A947652DBE0A1
URL http://www.mylib.eblib.com.au/EBLWeb/patron/
DJ eblib.com.au
2. Modifications in ezpauth.pl, StartSession:
Make sure the variable loguser is included in the $query variable. The value for loguser is
used to pass the userid onto Ebook Library.
Case Study
University of New England has successfully integrated their EZproxy 3.2 with EBL’s system.
The following is an explanation of their set up.
-----------------XX----------------To pass the userID in the first place we needed to modify our login scripts to collect the
userID and then pass it to EZproxy in the loguser variable. EZproxy then encrypts the value
and places it wherever the ^u is located in the URL.
The EZproxy.cfg file needed to have the option turned on to deal with userID being passed.
The entry to added was
OPTION LOGUSER
The configuration for EBL:
Title eBook Library
EBLSecret aSecretString
URL http://www.une.eblib.com.au/EBLWeb/patron/?userid=^u
DomainJavascript eblib.com
DomainJavascript eblib.com.au
DomainJavascript 203.188.156.*
-----------------XX-----------------
Copyright © 2005, Ebooks Corporation Limited
7
Related documents
EZproxy
EZproxy
1 Chicago Manual of Style The Chicago Manual of Style Online via
1 Chicago Manual of Style The Chicago Manual of Style Online via
EZproxy_hosted_questionnaire
EZproxy_hosted_questionnaire
Bibliography: textbooks on China and Japan in the IUN library
Bibliography: textbooks on China and Japan in the IUN library
the Synopsis - Vanderbilt University Medical Center
the Synopsis - Vanderbilt University Medical Center
My Beliefs about EBL: Amplified - Centre for Excellence in Enquiry
My Beliefs about EBL: Amplified - Centre for Excellence in Enquiry
EBL Enquiry Based Learning in the Midwifery Curriculum
EBL Enquiry Based Learning in the Midwifery Curriculum
Content Collection Template - Mixed ***Do not delete the orange
Content Collection Template - Mixed ***Do not delete the orange
Download
advertisement