III Advanced Authentication

Minimum version required

The options described in this document require EZproxy 2.0g (2003-02-23) through EZproxy 3.6.

Keywords

The keywords for III may be divided into two groups: conditions and actions. Conditions indicate tests that must be true if the current line is to be considered further. The conditions are expired, nogroups, refused, test, and type. Actions are things that EZproxy should do. The actions are allow, date, deny, host, ignore, and password.

The syntax supported between EZproxy 1.x and EZproxy 2.0 or later has changed, with older entries incompatabile with new entries. The following examples show the syntax from version 1.x and how it should now be written for 2.0 or later.

Limit access to specified types

In 1.x if any type line appeared, but if the user did not belong to a specified type, access was denied and the file type.htm was sent. In 2.0 or later, type now acts as a predicate, and if the predicate is true, then anything that follows the semi-colon will occur. In this example, the action that follows is allow, which tells EZproxy to allow users of this type access, and also tells EZproxy to ignore the rest of the lines within this III definition.

Vary access based on specified types

This form is similar to the previous example. However, this shows how a single condition can accept multiple actions like the group and allow statements, both of which only occur if the condition is true.

Conditions

These are the conditions available and what they test:

expired - true if the user's expiration date has passed

nogroups - true if the user is not a member of any EZproxy groups

refused - true if the III server refused patron API connection, perhaps since system down

test var value,value,value - tests an arbitrary patron variable to see if it is among the values specified. var is the short name of the variable such as p53 for the home library; the values may contain the * wildcard to match 0 or more characters

type value,value,value - tests the patron type [p47] field against the specified values and returns true if the patron type matches one of the values

Actions

These are the actions available:

allow - allows access for the remote user. Once an allow is encountered, either directly or as part of a condition, the rest of III processing stops and the user is granted access. date - indicates the format of the date when evaluating expiration date. Parameters are MDY (default), DMY and YMD to indicate the sequence in which the Month, Day and Year will appear.

deny - deny access for the remote user. May be followed by a filename, for which EZproxy will look in the docs subdirectory. If the filename is omitted, EZproxy sends the file deny.htm. The rest of the III options are ignored.

ignore - when used as an action with the expired predicate, indicates that expired cards should be considered valid; when used as an action with the refused predicate, indicates that the system should treat the remote user as though their information was valid.

host - indicates the host to use to check the card number and password

password - if used, this action must appear before the host action. This action may appears as "password name" to tell EZproxy to check the login form field "pass" against the last name, "password pin" to check the login form field pass against the user's pin number, "password both" to tell EZproxy to check the login form field "pass" against the last name and to check the login form field "pin" against the user's pin (you must add the field "pin" to login.htm and loginbu.htm if using this option)