Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision |
configuration:ezproxy [2016/10/04 13:16] – [EZproxy Configuration] demiankatz | configuration:ezproxy [2023/11/13 14:41] – [EZproxy Configuration] demiankatz |
---|
====== EZproxy Configuration ====== | ====== EZproxy Configuration ====== |
| |
VuFind can be set up to open external links via [[https://www.oclc.org/support/services/ezproxy.en.html|EZproxy]]. For configuration there is an EZproxy section in [[.files:config.ini]]. You can enable EZproxy in VuFind simply by entering the proxy base address in the host setting: | VuFind® can be set up to open external links via [[https://www.oclc.org/support/services/ezproxy.en.html|EZproxy]]. For configuration there is an EZproxy section in [[.files:config.ini]]. You can enable EZproxy in VuFind® simply by entering the proxy base address in the host setting: |
| |
<code> | <code> |
</code> | </code> |
| |
Note that you will need to set up EZproxy to bypass local, already authorized IP addresses so that it doesn't require the user to log in when coming from an institutional IP address. Please refer to [[https://www.oclc.org/support/services/ezproxy/documentation.en.html|EZproxy documentation]] for further information. | ===== Conditional Proxying ===== |
| |
===== EZproxy Ticket Authentication with VuFind ===== | EZproxy needs to be correctly configured to accept all of the URLs that VuFind® may pass through to it, or else users may encounter error messages about unsupported hosts. |
| |
**Available from VuFind v4.0.** | Starting with release 10.0, this problem can be mitigated by setting up a web service (such as the [[https://github.com/lehigh-university-libraries/ezproxy-url-checker|ezproxy-url-checker]]) that controls which URLs are prefixed and which are not. See [[https://github.com/vufind-org/vufind/pull/3199|pull request #3199]] for details. |
| |
In a typical scenario EZproxy authorizes users using their institutional credentials with e.g. LDAP or Shibboleth, but it is also possible to use EZproxy's ticket authentication with VuFind. To set it up, you need a couple of settings on both ends. | ===== Other Recommendations ===== |
| |
| It may be helpful to set up EZproxy to bypass local, already authorized IP addresses so that it doesn't require the user to log in when coming from an institutional IP address. |
| |
| Please refer to [[https://www.oclc.org/support/services/ezproxy/documentation.en.html|EZproxy documentation]] for further information. |
| |
| ===== EZproxy Ticket Authentication with VuFind® ===== |
| |
| **Available from VuFind® v4.0.** |
| |
| In a typical scenario EZproxy authorizes users using their institutional credentials with e.g. LDAP or Shibboleth, but it is also possible to use EZproxy's ticket authentication with VuFind®. To set it up, you need a couple of settings on both ends. |
| |
==== Setting up EZproxy ==== | ==== Setting up EZproxy ==== |
</code> | </code> |
| |
Replace https://vufind-server with your VuFind's address and choose something else than "verysecretpassword" as the password. This will be the shared secret between VuFind and EZproxy. If you are using EZproxy older than version 6.1 and cannot upgrade, use SHA1 instead of SHA512. | Replace https://vufind-server with your VuFind®'s address and choose something else than "verysecretpassword" as the password. This will be the shared secret between VuFind® and EZproxy. If you are using EZproxy older than version 6.1 and cannot upgrade, use SHA1 instead of SHA512. |
| |
==== Setting up VuFind ==== | ==== Setting up VuFind® ==== |
| |
In VuFind you will need to change settings in a couple of places. The basic setup is in [[.files:config.ini]]: | In VuFind® you will need to change settings in a couple of places. The basic setup is in [[.files:config.ini]]: |
| |
<code> | <code> |
Use the same password as you defined in EZproxy's configuration file. Use the secret_hash_method setting above only if using an older version of EZproxy or if it's set up to use another hash method for another reason. | Use the same password as you defined in EZproxy's configuration file. Use the secret_hash_method setting above only if using an older version of EZproxy or if it's set up to use another hash method for another reason. |
| |
Settings in [[.files:permissions.ini]] allow you to define the conditions that allow access to the proxy. If the user doesn't get the required permission after logging in, an error message is displayed and the user is requested to use another login method. This example rule allows all logged-in users to access EZproxy: | Settings in [[configuration:permission_options|permissions.ini]] allow you to define the conditions that allow access to the proxy. If the user doesn't get the required permission after logging in, an error message is displayed and the user is requested to use another login method. This example rule allows all logged-in users to access EZproxy: |
| |
<code> | <code> |
</code> | </code> |
---- struct data ---- | ---- struct data ---- |
| properties.Page Owner : |
---- | ---- |
| |