About Features Downloads Getting Started Documentation Events Support GitHub

Love VuFind®? Consider becoming a financial supporter. Your support helps build a better VuFind®!

Site Tools


Warning: This page has not been updated in over over a year and may be outdated or deprecated.
configuration:ezproxy

EZproxy Configuration

VuFind® can be set up to open external links via EZproxy. For configuration there is an EZproxy section in config.ini. You can enable EZproxy in VuFind® simply by entering the proxy base address in the host setting:

[EZproxy]
host = http://proxy.myuniversity.edu

Conditional Proxying

EZproxy needs to be correctly configured to accept all of the URLs that VuFind® may pass through to it, or else users may encounter error messages about unsupported hosts.

Starting with release 10.0, this problem can be mitigated by setting up a web service (such as the ezproxy-url-checker) that controls which URLs are prefixed and which are not. See the prefixLinksWebServiceCacheLifetime setting in config.ini and pull request #3199 for details.

Other Recommendations

It may be helpful to set up EZproxy to bypass local, already authorized IP addresses so that it doesn't require the user to log in when coming from an institutional IP address.

Please refer to EZproxy documentation for further information.

EZproxy Ticket Authentication with VuFind®

Available from VuFind® v4.0.

In a typical scenario EZproxy authorizes users using their institutional credentials with e.g. LDAP or Shibboleth, but it is also possible to use EZproxy's ticket authentication with VuFind®. To set it up, you need a couple of settings on both ends.

Setting up EZproxy

Add the following lines to EZproxy's user.txt, or ezproxy.usr for older versions:

::CGI=https://vufind-server/ExternalAuth/EzproxyLogin?url=^R 
::Ticket
TimeValid 10
SHA512 verysecretpassword

Replace https://vufind-server with your VuFind®'s address and choose something else than “verysecretpassword” as the password. This will be the shared secret between VuFind® and EZproxy. If you are using EZproxy older than version 6.1 and cannot upgrade, use SHA1 instead of SHA512.

Setting up VuFind®

In VuFind® you will need to change settings in a couple of places. The basic setup is in config.ini:

[EZproxy]
secret = "verysecretpassword"
;secret_hash_method = "SHA1"

Use the same password as you defined in EZproxy's configuration file. Use the secret_hash_method setting above only if using an older version of EZproxy or if it's set up to use another hash method for another reason.

Settings in permissions.ini allow you to define the conditions that allow access to the proxy. If the user doesn't get the required permission after logging in, an error message is displayed and the user is requested to use another login method. This example rule allows all logged-in users to access EZproxy:

[ezproxy.authorized]
permission = ezproxy.authorized
role = loggedin
configuration/ezproxy.txt · Last modified: 2023/11/13 14:42 by demiankatz