Overview
- 25 EZproxy installations - We administer 25 instances of ezproxy for members of our consortium and institutions across the state
- 14 shib-enabled instances
- 510 unique databases
- 1301 database configurations
Shibboleth - EZproxy integration
Shibboleth - EZproxy integration is easy. EZproxy is configured as a shib SP. This is as simple as having a valid certificate, IdP metadata (sites.xml), and 4 lines in ezproxy.cfg configuration file.
Option X-Shibboleth
ShibbolethWAYF https://login.lib.umd.edu/shibboleth/HS/HS
ShibbolethProviderID urn:usmai:hs:proxy-hs.researchport.umd.edu
ShibbolethSites File=IQ-sites.xml AACert=3
EZproxy groups
Users can be mapped into EZproxy groups based on their attributes (supplied by shib) and their environment, such as incoming IP address. The group mapping is done in a configuration file, shib.usr. Some example mappings from one of our shib.usr:
Test urn:mace:dir:attribute-def:borstatus HSFACR; Deny denied.html
Test urn:mace:dir:attribute-def:borstatus HSSTF; Group +AUTH+PREC+OnCampus
Not IP 134.192.0.0-134.192.255.255; Group -OnCampus
Test urn:mace:dir:attribute-def:borstatus HSPREC; Group +PREC
Access to individual databases can then be based on these ezproxy groups.
Group AUTH
#
# Academic Medicine
T Academic Medicine
U Academic Medicine
H www.academicmedicine.org
D academicmedicine.org
Group OnCampus
#
# HSHSL SciFinder Scholar client page
IncludeIP 0.0.0.0-255.255.255.255
T HSHSL SciFinder Scholar client page
H dl.hshsl.maryland.edu
D dl.hshsl.maryland.edu
ExcludeIP 134.192.0.0-134.192.39.255
Group PREC
#
# Facts and Comparisons
IncludeIP 134.192.0.0-134.192.39.255
T Facts and Comparisons
U http://www.efactsonline.com
...
Maintenance
We maintain all of our ezproxy instances through a single custom web app. A screen shot is attached. There is very little ongoing maintenance for these ezproxy configurations. Occasionally, we have to add a database or e-journal that we missed somewhere along the line, or add a new database. But, we rarely have to edit existing configurations.
To date, we have only had one e journal that was problematic to configure with ezproxy.