EZP Introduction

From WCN

Jump to: navigation, search

[edit] Introduction

This document introduces how the authentication and session management facilities in OCLC Navigator operate. Included in this document are detailed configuration sections explaining how to configure EZproxy with a variety of authentication systems. The configuration information focuses on how to configure an EZproxy server to allow proxied authentication between local institutional authentication mechanisms and a centralized EZproxy server.

[edit] Overview of Authentication and Session Principles

The first release of Navigator uses EZproxy V5.1c to manage authentication, patron data gathering and management, and session management. A new API, the User Object API, was added to this version of EZproxy in order to support these functions.

Like other web-based authentication systems, this system uses redirects from the Navigator user interface (which is part of the WorldCat platform) to the 'master' EZproxy. The 'master' EZproxy presents the screen for 'where are you from' (WAYF) selection based on the list of institutions in the Navigator group derived from the WorldCat Registry. Once the institution is selected, the user is redirected to the institution-specific EZproxy server which typically redirects to the institution-specific authentication system.

Session management is performed by the user object API. The 'master' EZproxy manages the session and the other Navigator components ask the 'master' for session information and status.

Currently, either the first release or a release soon after of Navigator will support allowing the user to indicate that they are on a 'private' PC when they perform their WAYF function. A user on a 'private' PC will have a single session through multiple discovery, borrowing, and request management steps. A user on a public terminal will be required to authentication to the institution at every borrowing request.

Only details that are released from the local EZproxy server are transmitted back to the NRE database. This allows full institutional control over what data is shared.

Specific examples are contained here in explaining the integration process for III, LDAP and Shibboleth authentication mechanisms.

General documentation concerning installation and configuration, including running EZproxy via SSL, can be found at http://www.oclc.org/ezproxy/

The following link is specifically helpful in understanding how Regular Expressions are handled in the EZproxy configuration files. http://www.oclc.org/support/documentation/ezproxy/expressions/

[edit] Important Note About Illiad

In the OCLC Navigator V1 release, Illiad must authenticate against the same authentication system as the ILS system. This requirement exists in order to ensure that requests can be submitted to either NRE or Illiad and managed consistently in the Navigator environment.

One workaround to this requirement exists. An institution can provide a mapping algorithm that is supported by EZproxy so that when the user authenticates and EZproxy gathers patron information to build the User Object, the mapping relationship can be added to the User Object.

Retrieved from "http://wcn.oclc.org/index.php/EZP_Introduction"