ebrary

EZproxy 3.8a and EZproxy 4.0a issue

EZproxy 3.8a GA (2006-07-07) and EZproxy 4.0a GA (2006-08-02) contain a flaw that can corrupt the ebrary reader plug-in during download. All institutions running either of these versions are encouraged to update to the current release. Note that this issue only affects proxy access configurations, not Single-Sign-On configurations.

Overview

EZproxy 3.6c introduced support for ebrary Single-Sign-On User Authentication. In this configuration, EZproxy does not proxy access to ebrary, but instead uses an ebrary API to authenticate users directly to ebrary. This replaces the ebrary sign-in process and provides an automatic personalized ebrary bookshelf. Single-Sign-On also improves performance and reduces proxy traffic, as the user interacts directly with ebrary and not through EZproxy.

EZproxy also supports proxy access to ebrary, though this is not the preferred method. If you require this option, contact ebrary Customer Support at support@ebrary.com.

Single-Sign-On Configuration

To activate ebrary Single-Sign-On User Authentication:

  1. Contact ebrary Customer Support at support@ebrary.com to arrange the ebrary configuration for single-sign-on. You will need to provide the IP address(es) of your EZproxy server(s). This address can be obtained from your EZproxy Administration page through the "Test network connectivity" option. In the network connectivity test, this is the IP address from the line "To remote hosts, your IP address appears to be ###.###.###.###."
  2. Configure config.txt/ezproxy.cfg as follows:

    ebrarySite channelname

    replacing channelname with the Channel Name from your ebrary URL (http://site.ebrary.com/lib/ channelname).

  3. Test with ebrary.

It is very important that you back up the ezproxy.tkn file on a regular basis; see the section below.

If you are switching from ebrary proxy access to Single-Sign-On, existing user created ebrary bookshelves will need to be migrated to the new automatic bookshelves, ebrary Customer Support will provide additional information.

About Persistent Identifiers

When a user authenticates for ebrary access, EZproxy creates a persistent identifier ("ebrary token") for the user. The persistent identifier is an arbitrary series of letters and digits that is uniquely assigned to the user. Each time the same user accesses ebrary, the same persistent identifier will be used for the user. However, the value of the persistent identifier gives no personally identifiable information about the user, so the persistent identifier does not provide any information for the identity of the user. In an instance of abuse, ebrary can provide your library with the ebrary token and you can use the EZproxy administration page to cross-reference back to the original user if necessary.

Backing up ezproxy.tkn

The persistent identifiers are stored in the file ezproxy.tkn. If this file is lost, all correlation between your users and their persistent identifiers is lost, disrupting all accounts and causing users to lose access to their ebrary bookshelves. To avoid disruption of service caused by server crash, you are encouraged to insure that this file is backed up on a regular basis.

User authentication method requirements

To maintain persistent identifiers, EZproxy requires unique user login information, and most EZproxy user authentication methods provide such information. AutoLoginIP and referring URL are incompatible since they do not provide unique user information.

Sites that use CGI authentication should insure that they are providing "loguser" information to associate distinct user information. See CGI Authentication for more information, including reference scripts for implementing CGI authentication.

Recommended Ebrary Configurations

Using EZproxy without Single-Sign-On (non-SSO):

7 line (with SSL certificate)

Option DomainCookieOnly
Title ebrary
URL http://site.ebrary.com/lib/CHANNELNAME
DJ ebrary.com
Find "site.ebrary.com/
Replace "^psite.ebrary.com^/
Option Cookie

5 line basic configuration (no SSL certificate, and whenSSL requirement is disabled):

Title ebrary
URL http://site.ebrary.com/lib/CHANNELNAME
DJ ebrary.com
Find "site.ebrary.com/
Replace "^psite.ebrary.com^/

Using EZproxy with Single sign-On (SSO

Without neverproxy (with EZproxy versions older than 4.0):

Option ebraryUnencodedTokens
ebrarySite CHANNELNAME
Host site.ebrary.com

With neverproxy (with EZproxy versions 4.0 or later):

Option DomainCookieOnly
Title ebrary
URL http://site.ebrary.com/lib/CHANNELNAME
DJ ebrary.com
Find "site.ebrary.com/
Replace "^psite.ebrary.com^/
Option Cookie

Additional recommended configurations for Single-Sign-On (if the preceding setup options do not work)

3-line configuration with EZproxy versions older than 5.0 (where xxxxx is the ebrary site name):

Option ebraryUnencodedTokens
ebrarySite xxxxx
Host site.ebrary.com

5-line configuration with EZproxy version 5.0 or later (where xxxxx is the ebrary site name):

Option ebraryUnencodedTokens
ebrarySite xxxxx
Host site.ebrary.com
URL http://site.ebrary.com/lib/xxxxx
Neverproxy *.ebrary.com