Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Libraries currently use IP-address based authentication for providing access to "walk-in" library users. Walk-in users are people who do not have institutional IT accounts (and so cannot use normal IdPs) but who can access eresources by visiting a library and using terminals. Eresources will normally grant access to these terminals by relying on IP address authentication.  

 

Problems with the IP address Kiosk approach

(DIAGRAM)

Requires all eresources (potentially a large number) to be configured with the IP addresses of all kiosks. Adding a new kiosk will be awkward and time-consuming.

...

Continuing to rely on IP addresses to access eresources will hold back progress

 

Using IP address authentication at the institutional IdP

The Shibboleth IdP can be configured to automatically authentication users logging in from defined ip addresses or ranges of ip addresses. This can be used to provide modern, federated access to eresources for walk-in users at library kiosks.

...

Not all libraries are have available SAML IdPs

 

Pilot Solution: A shared, easily configured IdP service for Walk-In users

A standard Shibboleth IdP v3 was used

...

Demonstration

Example User Story

 

1.  
2.  
3.  
4.  
5.  
6.  
7. 

 

8.  
9.  
10.  
11.  
12.  
13.

 

 
14. 

 

15.

 

 

 

For non-federated users

Components

Benefits 

Demo Video

https://drive.google.com/open?id=0B6nLU4k7ZZvfUjNhNHdKYkNHTmc

Transcript https://drive.google.com/open?id=0B6nLU4k7ZZvfU3lNalN2Q2JsYzA

 

DOGS https://sp24-test.garr.it/dogs-101.html


This is a user story featuring two users at a university called Typical University One.

Andy Walker is a journalist and external guest at University One. He does not have an IT account but he does have walk-in access to the University library.

Barbara Jensen is a librarian at University One.

Andy is writing a newspaper article about dogs living on boats, and he visits University One's library to do some research.

 
2.

He attempts to access a suitable photo archive using a university terminal for walk-in users.

https://saml-eresource.libs3.aarc.demo.university/

 
3.However, he's blocked - the site requires Shibboleth authentication and he does not have an account. 
4.

He reports this to Barbara at the library support desk and asks for help.

Barbara knows that University One has access to a special IP address-based IdP and that it has access to the archive, so she decides to add the terminal Andy that is using.

Barbara visits the administration page for the IdP, and logs in with her University One credentials.

https://adminportal.lib.pilots.aarc-project.eu/lui/ldapportal.pl

 
5.

She adds the IP address of the terminal. (82.69.55.233)

Barbara then asks Andy to try again, and to use the IPA IdP.

 
6.Andy returns to the terminal and tries again - and this time he can log in to the eResource. He is now able to do research for his article.