Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Hybrid Authentication is an operational scenarios many libraries are currently involved in: online publishers resources can be accessed both via IP based authentication and through a Web Single-Sign-On Session. AARC aims at promoting the adoption of  federated credentials in accessing services;  This pilot shows how Libraries can effectively use the OCLC EZproxy tool (which they often already have available, acting as an IP proxy) by levering its Acces Mode Switch feature, once configured accordingly. EZproxy can this act as a switch from IP based proxy to access non federated resources to SAML SSO redirect proxy, to entitle users to federated online resources if they own SAML2-IDP provided credentials.

This feature is of great potential in pushing libraries towards the adoption of federated identities and the provisioning of federated credentials to their users: EZproxy is a very popular tool widely adopted by Libraries worldwide, so the goal of this pilot is to show that, after proper configuration, it enables libraries to provide services to their users via Identity Federations and SAML IDPs. 

Demonstration Portal

Workflow 

For federated users

 

1.Access EZ proxy demo instance at  https://ezproxy.fi.infn.it/Image Added
2.

Login to EZproxy portal with your federated ID:

  1. choose your IdP (if not listed, ask to idem-help@garr.it to add your IdP to IDEM test federation for the purpose of this test)
  2. login with your home organisation credentials
Image Added
3.

 Choose the Federated Resource Dogs 101 (redirection to SSO) 

(note the URL http://ezproxy.fi.infn.it/login?url=https://sp24-test.garr.it/dogs-101.html )

  1. after click, note the URL on the address bar of the browser https://sp24-test.garr.it/dogs-101.html .

  2. Your SAML SSO session is active and the page isn't proxied.
Image Added
4.
  1. Choose the Not Federated Resource Cats 101 (via proxy) 
  2. (note the URL http://ezproxy.fi.infn.it/login?url=https://sp24-test.garr.it/cats-101.html )
    1. after click, note the URL on the address bar of the browser https://sp24-test-garr-it.ezproxy.fi.infn.it/cats-101.html . You are permitted to access thanks to the rewriting rule of the proxy.
 
5.  
6.  
7. 

 

8.  
9.  
10.  
11.  
12.  
13.

 

 
14. 

 

15.

 

 

 

For non-federated users

Components

...

Transcript https://drive.google.com/open?id=0B6nLU4k7ZZvfU3lNalN2Q2JsYzA

 

=================================================================================================================

Scenario A FEDERATED USER

...