====== EZproxy Configuration ======

VuFind® can be set up to open external links via [[https://www.oclc.org/support/services/ezproxy.en.html|EZproxy]]. For configuration there is an EZproxy section in [[.files:config.ini]]. You can enable EZproxy in VuFind® simply by entering the proxy base address in the host setting:

<code>
[EZproxy]
host = http://proxy.myuniversity.edu
</code>

===== Conditional Proxying =====

EZproxy needs to be correctly configured to accept all of the URLs that VuFind® may pass through to it, or else users may encounter error messages about unsupported hosts.

Starting with release 10.0, this problem can be mitigated by setting up a web service (such as the [[https://github.com/lehigh-university-libraries/ezproxy-url-checker|ezproxy-url-checker]]) that controls which URLs are prefixed and which are not. See the prefixLinksWebServiceCacheLifetime setting in [[configuration:files:config.ini]] and [[https://github.com/vufind-org/vufind/pull/3199|pull request #3199]] for details.

===== Other Recommendations =====

It may be helpful to set up EZproxy to bypass local, already authorized IP addresses so that it doesn't require the user to log in when coming from an institutional IP address.

Please refer to [[https://www.oclc.org/support/services/ezproxy/documentation.en.html|EZproxy documentation]] for further information.

===== EZproxy Ticket Authentication with VuFind® =====

**Available from VuFind® v4.0.**

In a typical scenario EZproxy authorizes users using their institutional credentials with e.g. LDAP or Shibboleth, but it is also possible to use EZproxy's ticket authentication with VuFind®. To set it up, you need a couple of settings on both ends.

==== Setting up EZproxy ====

Add the following lines to EZproxy's user.txt, or ezproxy.usr for older versions:

<code>
::CGI=https://vufind-server/ExternalAuth/EzproxyLogin?url=^R 
::Ticket
TimeValid 10
SHA512 verysecretpassword
</code>

Replace https://vufind-server with your VuFind®'s address and choose something else than "verysecretpassword" as the password. This will be the shared secret between VuFind® and EZproxy. If you are using EZproxy older than version 6.1 and cannot upgrade, use SHA1 instead of SHA512.

==== Setting up VuFind® ====

In VuFind® you will need to change settings in a couple of places. The basic setup is in [[.files:config.ini]]:

<code>
[EZproxy]
secret = "verysecretpassword"
;secret_hash_method = "SHA1"
</code>

Use the same password as you defined in EZproxy's configuration file. Use the secret_hash_method setting above only if using an older version of EZproxy or if it's set up to use another hash method for another reason.

Settings in [[configuration:permission_options|permissions.ini]] allow you to define the conditions that allow access to the proxy. If the user doesn't get the required permission after logging in, an error message is displayed and the user is requested to use another login method. This example rule allows all logged-in users to access EZproxy:

<code>
[ezproxy.authorized]
permission = ezproxy.authorized
role = loggedin
</code>