This is an old revision of the document!
Table of Contents
VuFind can be set up to open external links via EZproxy. For configuration there is an EZproxy section in config.ini. You can enable EZproxy in VuFind simply by entering the proxy base address in the host setting:
[EZproxy] host = http://proxy.myuniversity.edu
Note that you will need to set up EZproxy to bypass local, already authorized IP addresses so that it doesn't require the user to log in when coming from an institutional IP address. Please refer to EZproxy documentation for further information.
EZproxy Ticket Authentication with VuFind
Available from VuFind v4.0.
In a typical scenario EZproxy authorizes users using their institutional credentials with e.g. LDAP or Shibboleth, but it is also possible to use EZproxy's ticket authentication with VuFind. To set it up, you need a couple of settings on both ends.
Setting up EZproxy
Add the following lines to EZproxy's user.txt, or ezproxy.usr for older versions:
::CGI=https://vufind-server/ExternalAuth/EzproxyLogin?url=^R ::Ticket TimeValid 10 SHA512 verysecretpassword
Replace https://vufind-server with your VuFind's address and choose something else than “verysecretpassword” as the password. This will be the shared secret between VuFind and EZproxy. If you are using EZproxy older than version 6.1 and cannot upgrade, use SHA1 instead of SHA512.
Setting up VuFind
In VuFind you will need to change settings in a couple of places. The basic setup is in config.ini:
[EZproxy] secret = "verysecretpassword" ;secret_hash_method = "SHA1"
Use the same password as you defined in EZproxy's configuration file. Use the secret_hash_method setting above only if using an older version of EZproxy or if it's set up to use another hash method for another reason.
Settings in permissions.ini allow you to define the conditions that allow access to the proxy. If the user doesn't get the required permission after logging in, an error message is displayed and the user is requested to use another login method. This example rule allows all logged-in users to access EZproxy:
[ezproxy.authorized] permission = ezproxy.authorized role = loggedin