Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 10 Next »

 

Introduction

Hybrid Authentication is an operational scenarios many libraries are currently involved in: online publishers resources can be accessed both via IP based authentication and through a Web Single-Sign-On Session

Demonstration Portal

Workflow 

For federated users

For non-federated users

Components

Benefits 

Demo Video

https://drive.google.com/open?id=0B6nLU4k7ZZvfUjNhNHdKYkNHTmc

Transcript https://drive.google.com/open?id=0B6nLU4k7ZZvfU3lNalN2Q2JsYzA

 

Scenario A FEDERATED USER

a USER, provided with FEDERATED ID,

firstly logs in the institution EZproxy and, if succesfully authenticated,  gets 1. a SSO session and 2. a shielded access masked with the IP addreess of the proxy.

When she accesses

-> A.1] a FEDERATED RESOURCE, by means of SAML SSO session, she gets access to the resource with SAML authentication;

-> A.2] a NOT FEDERATED RESOURCE restricted to authorised IPs, by means of REWRITING properties of the proxy she gets access to the resource because she's authorized having the IP address of the proxy.

 

The USER: you with your federated credential

The EZproxy portal is: https://ezproxy.fi.infn.it/

The federated resource is: DOGS https://sp24-test.garr.it/dogs-101.html (Access protected by SAML SSO authentication)

The not federated resource is: CATS https://sp24-test.garr.it/cats-101.html (Access forbidden, access permitted only through authorised  IPs)

 

  1. Login to EZproxy portal with your federated ID:
    1. choose your IdP (if not listed, ask to idem-help@garr.it to add your IdP to IDEM test federation for the purpose of this test)
    2. login with your home organisation credentials

  2. Choose the Federated Resource Dogs 101 (redirection to SSO) (note the URL http://ezproxy.fi.infn.it/login?url=https://sp24-test.garr.it/dogs-101.html )
    1. after click, note the URL on the address bar of the browser https://sp24-test.garr.it/dogs-101.html . Your SAML SSO session is active and the paxe isn't proxed.

  3. Choose the Not Federated Resource Cats 101 (via proxy) (note the URL http://ezproxy.fi.infn.it/login?url=https://sp24-test.garr.it/cats-101.html )
    1. after click, note the URL on the address bar of the browser https://sp24-test-garr-it.ezproxy.fi.infn.it/cats-101.html . You are permitted to access thanks to the rewriting rule of the proxy.

 

Scenario B] NON-FEDERATED USER

in this case the user is not provided with Federated access and is permitted via her IP address.

The USER: you with EZproxy local credential (in this way you get the authorised IP address)

The EZproxy portal is: https://ezproxy.fi.infn.it/

The federated resource is: https://sp24-test.garr.it/i...

The not federated resource is https://sp24-test.garr.it/i... (access permitted only through the IP of the proxy)

  1. login to "Local access to Library services:" in order to get the local IP address of the proxy
  2. Choose FR https://sp24-test.garr.it/i...
    1. note the URL on the address bar of the browser:
      1. if you see ezproxy.fi.infn.it, then your page is rewrited by proxy and you get the page from the Resource via IP addr authorization
      2. if you dont see ezproxy.fi.infn.it, this means that you got a SAML SSO session, based on IP addr authentication provided by Shibboleth
  3. Choose NFR https://sp24-test.garr.it/i...
    1. note the URL on the address bar of the browser. You are permitted to access thanks to the rewriting rule of the proxy nd you get the page from the Resource via IP addr authorization

 

Benefts

  1. A user use only one unified method of authentication to access both federated and not federated resources
  2. For each resource the Library logs the access in a unified way. If a Resource is federated, only federated access will be allowed, and  IP based auth wont be permitted anymore. If a Resource is not federated, the user gets the access via IP address auth, and the proxy will log the access o that resource in this way.

 

DOGS https://sp24-test.garr.it/dogs-101.html

  • No labels