III Authentication
Version requirement
These instructions are only accurate for EZproxy 4.0 or later.
Users of earlier versions of EZproxy should consult III Authentication Prior to EZproxy 4.0 .
Overview
The III Patron API provides a link for external programs to obtain information
on patrons in real-time from the III database.
EZproxy provides built-in support to use this
interface to verify patron status and authorize remote access.
III system change
To use III authentication, you must first make a change in your III system
which allows your EZproxy server to use the III Patron API. This change is
made using the "N > Limit NETWORK access option" in "INNOPAC SYSTEM ADMINISTRATION" to
specify the IP addresses of your EZproxy server.
Create template files
III authentication requires additional files. Create the template versions of
these files by entering one of the following commands as appropriate for
your operating system:
| ezproxy -mi | | (Windows) |
| ./ezproxy -mi | | (Linux or Solaris) |
This command will create the following files in the docs subdirectory.
You can and should customize these files as appropriate for your institution.
| Filename | Purpose |
| iexpired.htm |
If the patron validates but his/her record is expired, this file is sent.
|
| irefused.htm |
If the III system is unreachable, this file is sent.
|
Barcode validation
The III Patron API will accept but ignore a variety of punctuation within barcodes. The following examples
all include the directive:
Not IfUser -RE [0-9]+; Stop
which instructs EZproxy not to attempt to validate anything other than string of all digits.
If your primary field for the III Patron API can include letters, you would change these examples to:
Not IfUser -RE [a-z0-9]+; Stop
If you need additional help creating such a filter, contact
support@oclc.org for assistance.
Enable III authentication
To enable the simplest form of III authentication, edit user.txt/ezproxy.usr and add lines such as this to the end of the file:
::III
Not IfUser -RE [0-9]+; Stop
Host iii.mylib.org
IfRefused; Deny irefused.htm
IfExpired; Deny iexpired.htm
IfUnauthenticated; Stop
/III
replacing iii.mylib.org with the host name of the system running the III Patron API.
Changes to user.txt/ezproxy.usr take effect immediately, with no need to restart EZproxy.
At this point, you should be able to use library card numbers as usernames with last names
as passwords.
Date format
The date format used by the patron API is localized to the format used in your region of the world, but the patron API
does not indicate the format, so EZproxy has no way to automatically determine the format of dates it receives.
By default, EZproxy assumes that the dates provided by the patron API will
be in month-day-year format. If your dates are not in this format, you will need to indicate this to EZproxy by including
the "date" keyword, followed by one of "dmy" for day-month-year format or "ymd" for year-month-day format. A sample use for day-month-year
format is:
::III
Not IfUser -RE [0-9]+; Stop
Date dmy
Host iii.mylib.org
IfRefused; Deny irefused.htm
IfExpired; Deny iexpired.htm
IfUnauthenticated; Stop
/III
Please note that the Date directive must appear before the Host directive.
Limit access by patron type
If you need to limit remote database access to patrons who are in specific
patron type codes, you can do this by adding "type" lines such as:
::III
Not IfUser -RE [0-9]+; Stop
Host iii.mylib.org
IfRefused; Deny irefused.htm
IfExpired; Deny iexpired.htm
IfUnauthenticated; Stop
IfType 100,105,110; Stop
Deny itype.htm
/III
The Type directive(s) must appear after the Host directive.
In this example, a patron must not only validate, but must also have a patron
type of 100, 105 or 110 to be authorized for remote access. All other patron types will be denied
access and EZproxy will send the itype.htm file (which you create) from the docs subdirectory to explain why access was denied.
Advanced options
See III Advanced Authentication for information on advanced
options for controlling III authorization.
Boîte à outils
