Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Demonstration: An Example User Journey


This is a user story featuring two users at a university called Typical University One.

Andy Walker is a journalist and external guest at University One. He does not have an IT account but he does have walk-in access to the University library.

Barbara Jensen is a librarian at University One.


Andy is writing a newspaper article about dogs living on boats, and he visits University One's library to do some research.

He attempts to access a suitable photo archive using a university terminal for walk-in users.

Image Modified
3.However, he's blocked - the site requires Shibboleth authentication and he does not have an account.

Image Modified


Image Modified



He reports this to Barbara at the library support desk and asks for help.

Barbara knows that University One has access to a special IP address-based IdP and that it has access to the archive, so she decides to add the terminal Andy that is using.

Barbara visits the administration page for the IdP, and logs in with her University One credentials.

Image Modified


Image Modified

Image Modified



She adds the IP address of the terminal. (

Barbara then asks Andy to try again, and to use the IPA IdP.

Image Modified


Image Modified


6.Andy returns to the terminal and tries again - and this time he can log in to the eResource. He is now able to do research for his article.

Image Modified



Task1, Pilot 2

Walk by users


Support authorized access for citizen scientists to library resources (SAML+IP to SAML with authZ)

Approach/AARC identified solution

Establish a guest SAML IdP which adds attributes to authorize non-institutional users. In addition, explore exploitation models: per library or per national library consortium deployment.

Components piloted

Shibboleth v3 for IdP with IP-based AuthZ attribute

Gain for end-users/administrators

  • More consistent interface no matter which resource is being approached
  • Ability to use this access method and at the same time maintain full privacy
  • Admin interface for librarians to scope/configure valid IP ranges



Demo admin portal
Demo user portal

Detailed technical description

AARC wiki

Documentation of components

Documentation for walk by user access component, access control wiki

Documentation of the IdP-extension to release the user's IP address 

Documentation of the portal that allows library administrators to manage their campus IP address ranges

Software source(s)

Shibboleth v3 for walk by user access



Community partners

IT: GARR, Library
NL: UKB library consortium


Close to finalization. Awaiting final phase of feedback from communities