Date: Fri, 29 Mar 2024 09:44:16 +0000 (UTC)
Message-ID: <2101539387.7787.1711705456110@ip-10-10-7-29.ec2.internal>
Subject: Exported From Confluence
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_Part_7786_1367722749.1711705456109"
------=_Part_7786_1367722749.1711705456109
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Content-Location: file:///C:/exported.html
Description of Proposed Flow =
=E2=80=93 through sfx and EZProxy, to a Shibboleth protected resource
- User is working from off-campus.
- User accesses MedLine, does a search, finds relevant Abstracts.
- User clicks OPENURL button, gets redirected to SFX server at their home=
campus.
- SFX server provides user with a menu of choices for accessing the resou=
rce; user selects "view online" option. SFX server prepends EZproxy prefix,=
and redirects user to local EZProxy server, passing eventual target url an=
d parameters to access a single article within that target ("the deep link"=
) (note: this description was taken from the chicago page on the wiki =E2=
=80=93 info from Tod =E2=80=93 SFX is designed to pass article-specific inf=
ormation to the journal aggregator's service, but it's up to the journal ag=
gregator to resolve the reference and complete the deep linking. When SFX f=
irst came out, many vendors didn't actually link down to the article level,=
but would leave the user at the issue, journal, or even top-level database=
. That was some years ago, deep linking straight to the article is now much=
more the norm.)
- CURRENTLY, For shibboleth-protected resources not appearing in EZproxy'=
s configuration, EZproxy redirects the user browser directly to the resourc=
e, and the shibboleth transaction proceeds without further involvement of E=
Zproxy.
- (Suggestion from Scott Cantor) EZProxy should redirect the user to a Se=
ssionInitiator at the SP along with a parameter telling it which IdP to use=
, and a parameter containing the deep link url. This will bypass all WAYF p=
rocessing. The SP will use the Federation metadata to choose an appropriate=
protocol to use when comunicationg with the user's campus IdP. The SP will=
then redirect the browser user to their IdP for authentication, passing al=
ong the deep link as the eventual target.
If the deep link url looked like this: (yes, I know this isn't an OpenUR=
L style url, but its what I have):
http:=
//search.ebscohost.com/login.aspx?direct=3Dtrue&db=3Df5h&AN=3D21033=
587&site=3Dehost-live
it would be transformed by EZProxy to:
http://search.ebscohost.com/Login?providerId=3Durn:mace:incommon:osu.=
edu&target=3Dhttp://search.ebscohost.com/login.aspx?direct=3Dtrue&d=
b=3Df5h&AN=3D21033587&site=3Dehost-live
- If the user has previously authenticated, then they are immediately red=
irected back to the "deep link" target. If they have not yet authenticated,=
then the normal authentication process proceeds, and they are then redirec=
ted back to the deep link url.
(From Chris Zagar: A release of EZproxy coming this summer adds the abil=
ity tomake this transformation.)
- If the resource does appear in EZproxy's configuration, then EZProxy re=
directs the browser to the "proxy" component of EZProxy.
- The proxy component of EZProxy accesses the real target url, and retrie=
ves the desired online article.
------=_Part_7786_1367722749.1711705456109--