Ticket Authentication

Overview

Ticket authentication allows remote systems to short-lived URLs that EZproxy will automatically recognize as being authorized to login and permit access to a resource with no need for EZproxy to check back with the program that creates the URL. A sample URL looks like this:

http://ezproxy.yourlib.org:2048/login?user=rdoe&ticket=a6911a5d0219f428b33e190a80818625%24c20041222220203%24e&url=http://www.somedb.com/

The ticket parameter on the URL contains a digital signature that EZproxy uses to verify that the URL was created by an authorized program. The ticket contains a time-stamp of when it was created. EZproxy can be configured to determine how old a ticket can be before it is considered expired.

Ticket directives foruser.txt

A sample entry in user.txt is:

::Ticket
TimeValid 10
MD5 somekey
Expired; Deny expired.html
/Ticket

TimeValid must appear before MD5 or SHA1 and indicates the number of minutes a ticket should be considered valid.

MD5 or SHA1 indicate that the MD5 or SHA1 algorithms should be used to check the digital signature. Either must be followed by a string that is also used in the program that generates the ticket.

Expired is true if the ticket has expired. The use of a semi-colon in this example links the expired state of the ticket to the Deny action which tells EZproxy what file to present to the user if their ticket is expired. If the expired case is not handled, EZproxy ignores the ticket and proceeds on to the next part of user.txt.

Groups

If you want to include groups as part of your tickets, you must tell EZproxy which groups are allowed to appear in tickets with the AcceptGroup directive. Sample usage is:

::Ticket
AcceptGroups General+Medical+Legal
TimeValid 10
MD5 somekey
Expired; Deny expired.html
/Ticket

In this example, a ticket can include any combination of the three groups specified, but any attempt to place the user in any other groups would be ignored.

Ticket generating code

Sample code for generating tickets is available for ASP, Cold Fusion, JSP, Perl, and PHP. You may need to use your browser's "View Source" command to view the code behind these examples.

For assistance in adapting this sample code for use in your application or for creating similar code for other web scripting environments, contact support@oclc.org.