ShibbolethAccess4librarians
Download as PPT, PDF0 likes947 views
This document discusses identity and access management using Shibboleth and Edugate. It describes identity providers (IP) that authenticate users and service providers (SP) that authorize access. Edugate establishes trust between IP and SP using SAML protocol. The document outlines library use cases for integrating systems like Summon, repositories, catalogs and reference managers with Edugate single sign-on. It also provides guidance on getting publishers, Ezproxy, Millennium and Summon to participate in Edugate federated authentication.
ShibbolethAccess4librarians
- 1. Glenn Wearen, HEAnet Shibboleth Access for Librarians
- 2. Identity Provider (IdP) • Authenticates user and provides user data • Personal data and/or non-personal data or none Service Provider (SP) • Authorises access based on incoming data • Personalises experience based on incoming data • Persists the user experience between sessions • Extends user data with data entered by the user or file Federation • Trust fabric between IdP and SP, uses SAML protocol Edugate
- 3. And lastly, the User •Hates being repeatedly asked to login •Wants one, and only one campus credential (or none at all) •Will avoid websites that have ‘registration’ •Expects their profile (e.g. search basket, favourite article, alert prefererenes) to available from PC to Mobile Web. Edugate
- 4. Identity Providers • Institutes of Technology • Universities • Research agencies on the HEAnet network • VEC’s Edugate
- 6. – Services Providers ( with a library focus) – Publishers – eBooks, Journals, Databases, Reference Managers – On-campus services – Repository (eprints, dspace) – Web catalogue (III, Summon) – Shared services – Collaborations, alliances, groups (e.g MyRI, IReL, LIR, research.ie) Edugate
- 8. Services Providers currently in progress – Elsevier Services Providers invited • Westlaw IE See tracking spreadsheet http://www.edugate.ie/content/edugate-members Prospective members
- 10. Library use-cases Google Search Results. • Less than 20% of staff start their search on the library website • 0% in the case of students (http://twitpic.com/c8kakm) • Where a search result takes a user to a publishers article abstract, and the publisher has ”Institution Login” or ”Shibboleth Login” option for full text of the article.
- 11. Library use-cases Library Systems integration LMS integration Summon Institutional Repository (on-campus or hosted) Catalogue integration A-Z of electronic resources (DCU/CIT/DIT) MARC Record links in catalogue using WAYFless URL or Ezproxy links (Ezproxy supports Shibboleth login) Reference Manager tools (Endnote Web/RefWorks) OpenAthens LA/MD integration
- 12. Edugate on Campus IT department sets up identity provider service (IdP) Any other department can opt to accept a federated login (SP) • Teaching and Learning (VLE) • IT Services (email) • Library (LMS,IR) • Same login credential and login session
- 13. How to get publishers to participate? • Have publishers used guest wifi access to justify higher licence costs. • Has the IReL model licence (which includes Edugate) been used? • Does the publisher offer personalised features? • Does the publisher expect users to ‘register’? • Does the publisher offer a mobile app? • Your campus is preparing for IPv6
- 14. How to get Ezproxy into Edugate? • Ezproxy supports Edugate natively • EZproxy login page uses campus identity provider service • In production at http://remote.dcu.ie (Login)
- 15. How to get Millennium into Edugate? • Native support for Shibboleth not available • III+SSO+Shibboleth • SSO Module cost? Separate server for module? • Shibboleth integration 1 day of effort approx. • Patron and Active Directory account must match • Even without the module, catalogue links to publishers content can still be changed to a WAYFLess url to bypass WAM • SSO currently in production at http://library.ucd.ie (Login)
- 16. How to get Summon into Edugate? • Native support for Shibboleth not available. • Summon + Ezproxy + Shibboleth
- 17. Authorisation