The library community's leading authentication and access solution has been enhanced again.
New features added to EZproxy 5.5 include even more support for Shibboleth, including the following:
- Shibboleth 2.3's default settings for IdPs are now compatible with EZproxy.
- The NameIdentifier (non-persistent ID) is now exposed for EZproxy's Shibboleth implementation through the expression variable auth:nameid.
- HTTP POST data can now be in excess of 64 k bytes for Shibboleth. Other HTTP POST data remains limited to 64k bytes.
- Shibboleth 1.3 authentication no longer creates the "SAMLResponse no encrypted Assertion elements" message to the messages.txt file unnecessarily.
- Shibboleth authentication now successful for institutions in the UK Access Federation, instead of logging potential message "SAML received assertion without a status of success, denying access."
- In cases where XDebug directive is used or if the -D command line argument is used and there is no "shibuser.txt" file, Shibboleth processing will no longer be disabled.
General bug fixes:
- The string concatenation operator is interpreted as a character belonging to the neighboring textual constant rather than as a concatenation operator for the following namespaces.
auth:, group:, http:, cookie:
This longstanding behavior will be fixed in 5.5.x for only the following namespaces.
login:, env:, ParseName:, session:, db:, re:
If you see this problem, the workaround is to insert a space around the concatenation operator. For example, this syntax works:
UserFile("groups/" . login:instNumber.".txt")
While this syntax does not:
- Removed extraneous messages in the messages.txt file about "License Validation."
- Long lines greater than (approximately) 8192 characters written to messages.txt are now accepted.
- The EZproxy "stopall" command line argument will stop all processes named "ezproxy". It will then remove the ".ipc" and ".lck" files for the EZproxy directory from which the executable was run. The ".ipc" and ".lck" files for other execution directories are left unchanged. This may require that you manually remove them from those directories.
- A number of additional security issues were also addressed in this release.
Note about versions
EZproxy V5.5 is the last release to support Solaris SPARC V8. The next release in Spring 2012 will be the last release to support Solaris SPARC V10. Support for Solaris Intel versions remains unchanged.
We encourage you to upgrade to EZproxy 5.5 to stay current with the latest features. Please review the enhancements page and upgrade at your earliest convenience.
EZproxy Hosted service is available
A hosted version of EZproxy is available. Libraries who subscribe to the hosted version are automatically and seamlessly upgraded with each new release of the service. They also enjoy 24 x 7 x 365 support for off-site authentication of electronic content with no servers or IT infrastructure required. The EZproxy hosted version is currently available in the US, and is planned for wider availability going forward.