III Advanced Authentication

Version requirement

These instructions are only accurate for EZproxy 4.0 or later. Users of earlier versions of EZproxy should consult III Authentication Prior to EZproxy 4.0 .

Conditions and Actions

III authentication is controlled by a series of conditions and actions. Conditions are tests that must be true if the current line is to be considered further. The III specific conditions are IfExpired, IfRefused, IfTest, and IfType. Actions are things that EZproxy should do. The III specific actions are Date, Host, Ignore, and Password.

In addition to the III specific conditions and actions, there are a large number of common conditions and actions available, including Deny, Group, and Stop. See Common Conditions and Actions for more information.

III specific conditions

These are the III specific conditions available and what they test:

IfExpired

True if the user's account expiration date has passed.

IfRefused

True if the III server refused patron API connection, typically due to the system being down.

IfTest var value[,value...]

Tests an arbitrary patron variable to see if it is among the values specified. var is the short name of the variable such as p53 for the home library; the values may contain the * wildcard to match 0 or more characters.

IfType value[,value...]

Tests the patron type [p47] field against the specified values and returns true if the patron type matches one of these values.

III specific actions

These are the III specific actions available:

Date

Indicates the format of the date when evaluating expiration date. Parameters are MDY (default), DMY and YMD to indicate the sequence in which the Month, Day and Year will appear.

Ignore

When used as an action with the Expired condition, indicates that expired cards should be considered valid; when used as an action with the Refused predicate, indicates that the system should treat the remote user as though their information was valid.

Host

Indicates the name of the system where the III Patron API is running. If followed by a simple hostname, EZproxy connects to the specified hostname using the http protocol to port 4500. The hostname may be prefixed with https:// to indicate that an https connection should be used from EZproxy to the III Patron API when making the request. The hostname may be followed by a colon and a port number to indicate that a port other than 4500 should be used when making the request.

Password

If used, this action must appear before the Host action. This action may appears as "password name" to tell EZproxy to check the login form field "pass" against the last name, "password pin" to check the login form field pass against the user's pin number, "password both" to tell EZproxy to check the login form field "pass" against the last name and to check the login form field "pin" against the user's pin (you must add the field "pin" to login.htm and loginbu.htm if using this option).

Vary EZproxy groups based on III types

This configuration demonstrates how a single condition can accept multiple actions such as the Group and Stop directives, both of which only occur if the condition is true.

::III
Not IfUser -RE [0-9]+; Stop
Host iii.mylib.org
IfRefused; Deny irefused.htm
IfExpired; Deny iexpired.htm
IfUnauthenticated; Stop
IfType 1,2; Group Restricted; Stop
IfType 3,4,5; Group Default+Restricted; Stop
Deny itype.htm
/III


See Groups for more information on EZproxy groups.