While EZproxy announcements aren't part of the Developer Network strictly speaking, we know lots of us wear multiple hats. Including anything related to systems/technical/authentication anything at your library. So with that spirit, we usually like to let you know when a new enhancement to EZproxy comes out. And here we go--version 5.5 is ready for download. Of course, if you're a hosted EZproxy user, you already have 5.5! Here's a rundown of the changes listed on OCLC.org:
Enhancements for Shibboleth implementations:
- Shibboleth 2.3's default settings for IdPs are now compatible with EZproxy.
- The NameIdentifier (non-persistent ID) is now exposed through the expression variable auth:nameid.
- HTTP POST data can now be in excess of 64 k bytes for Shibboleth. Other HTTP POST data remains limited to 64k bytes.
- Shibboleth 1.3 authentication no longer creates the "SAMLResponse no encrypted Assertion elements" message to the messages.txt file unnecessarily.
- Shibboleth authentication now successful for institutions in the UK Access Federation, instead of logging potential message "SAML received assertion without a status of success, denying access."
- In cases where XDebug directive is used, or if the -D command line argument is used; and there is no "shibuser.txt" file; then, Shibboleth processing will no longer be disabled.
General bug fixes:
- Removed extraneous messages in the messages.txt file about "License Validation."
- The string concatenation operator is interpreted as a character belonging to the neighboring textual constant rather than as a concatenation operator for the following namespaces.
auth:, group:, http:, cookie:
This longstanding behavior will be fixed in 5.5.x for only the following namespaces.
login:, env:, ParseName:, session:, db:, re:
If you see this problem, the workaround is to insert a space around the concatenation operator. For example, this syntax works:
UserFile("groups/" . login:instNumber.".txt")
While this syntax does not:
- Long lines greater than approximately 8192 characters written to messages.txt are now accepted.
- The EZproxy "stopall" command line argument will stop all processes named "ezproxy". It will then remove the ".ipc" and ".lck" files for the EZproxy directory from which the executable was run. The ".ipc" and ".lck" files for other execution directories are left unchanged. This may require that you manually remove them from those directories.
- A number of additional security issues were also addressed in this release.
Happy holidays and happy proxying!