About Features Downloads Getting Started Documentation Events Support GitHub

Site Tools


configuration:ezproxy

EZproxy Configuration

VuFind can be set up to open external links via EZproxy. For configuration there is an EZproxy section in config.ini. You can enable EZproxy in VuFind simply by entering the proxy base address in the host setting:

[EZproxy]
host = http://proxy.myuniversity.edu

Note that you will need to set up EZproxy to bypass local, already authorized IP addresses so that it doesn't require the user to log in when coming from an institutional IP address. Please refer to EZproxy documentation for further information.

EZproxy Ticket Authentication with VuFind

Available from VuFind v4.0.

In a typical scenario EZproxy authorizes users using their institutional credentials with e.g. LDAP or Shibboleth, but it is also possible to use EZproxy's ticket authentication with VuFind. To set it up, you need a couple of settings on both ends.

Setting up EZproxy

Add the following lines to EZproxy's user.txt, or ezproxy.usr for older versions:

::CGI=https://vufind-server/ExternalAuth/EzproxyLogin?url=^R 
::Ticket
TimeValid 10
SHA512 verysecretpassword

Replace https://vufind-server with your VuFind's address and choose something else than “verysecretpassword” as the password. This will be the shared secret between VuFind and EZproxy. If you are using EZproxy older than version 6.1 and cannot upgrade, use SHA1 instead of SHA512.

Setting up VuFind

In VuFind you will need to change settings in a couple of places. The basic setup is in config.ini:

[EZproxy]
secret = "verysecretpassword"
;secret_hash_method = "SHA1"

Use the same password as you defined in EZproxy's configuration file. Use the secret_hash_method setting above only if using an older version of EZproxy or if it's set up to use another hash method for another reason.

Settings in permissions.ini allow you to define the conditions that allow access to the proxy. If the user doesn't get the required permission after logging in, an error message is displayed and the user is requested to use another login method. This example rule allows all logged-in users to access EZproxy:

[ezproxy.authorized]
permission = ezproxy.authorized
role = loggedin
configuration/ezproxy.txt · Last modified: 2016/10/04 09:16 by demiankatz