When using AutoLoginIP to provide transparent access for select users, it may be necessary to require users to authenticate when accessing other resources. To reliably intermix AutoLoginIP with forced authentication, it is necessary to place the databases that will require authentication into a separate group. The following demonstrates how to construct such a configuration.
AutoLoginIP provides a way to have EZproxy provide automatic access without requiring authentication. The main use of this mechanism is to provide branch libraries with access to licensed resources that do not recognize the IP addresses of the branch location. In this example, AutoLoginIP is used to allow remote users to access the OPAC through EZproxy without the users being required to authenticate.
Groups can be used to allow different groups of users to have access to different groups of databases. In this example, groups are used to force remote users to authenticate when they try to access licensed databases.
These sample lines from config.txt demonstrate how to place the resources that will require authentication into a separate group from the groups available through AutoLoginIP.
# Databases that require everyone to log in are best placed at the top of config.txt
# with their appearance coming before any AutoLoginIP or ExcludeIP directives
# This Group directive place creates an arbitrary group named MustLogin
# By placing this database into this group, both local and remote users will be forced to
# authenticate. Without it, local users who went to another database first would be
# transparently authenticated, so later access to this would be unblocked.
Title Some Database for which all must authenticate
# Group directives that appear before AutoLoginIP statements determine which groups
# EZproxy will assign to users who are automatically logged in. This directive
# insures that users who log in automatically will be in only the Default group, and also
# causes the remaining databases to be assigned to that group.
# This AutoLoginIP directive tells EZproxy that the specified IP addresses should
# be automatically logged in for local access.
# This database will be transparently proxied for local users
Title Other Database with local users transparently proxied
# This ExcludeIP directive tells EZproxy that the specified IP address should
# not be proxied and instead should be redirected to the real URL.
Title Another Databases with local users redirected to real URL
For this configuration to work, you must configure EZproxy to associate users who log in with the special MustLogin group that was created above. If you are not using any other group logic in user.txt, then simply make this the first line of your user.txt file:
If you are using Groups with EZproxy, then you must insure your group logic also assigns your users into the MustLogin group.