Shibboleth implementation can be done in two phases -- enabling Shibboleth login to access the rewrite proxy, as well as providing access to individual vendors using Shibboleth.
Why should I implement the Shibboleth-enabled Rewrite Proxy
Enabling Shibboleth authentication for the rewrite proxy has a number of immediate advantages
Benefits to users
- Single password for campus and proxy access
- No user-side configuration needed - this is a great benefit particularly in lockdown environments
Benefits to librarians
- Reduced cost of support from user side configuration and lost passwords
Benefit to library administration
- The rewrite proxy provides a source of central usage statistics ("foot traffic") that can be used independently or in conjunction with vendor-provided usage statistics.
Why should I provide access to Shibboleth-enabled vendors with the Rewrite Proxy?
Taking the first step of enabling Shibboleth for the rewrite proxy solves a number of problems with providing remote access to resources, but accessing individual vendors with Shibboleth provides additional functionality and decreased support and maintenance costs
Benefits to users
- Single password for campus service and proxy access
- No user-side configuration needed
- Integration with personalized vendor functionality - in addition to a single password for remote access, they can use the same password to access their personalized features on the vendor site
Benefits to librarians
- Reduced cost of support
- Less IP and proxy maintenance with 80% case - by providing Shibboleth access to high-traffic resources, libraries can route all traffic through the local proxy, reducing the need to maintain large IP lists with the vendor.
- Permits a gradual rollout of Shib-enabled resources while keeping user experience consistent
Benefits to vendors
- Authoritative validation
- Easier breach investigation
- No maintenance of password information
Benefit to library administration
- Central usage statistics ("foot traffic") - depending on your data collection and privacy policies, the proxy proivdes a central foot traffic log, as does Shibboleth. In addition, Shibboleth can provide additional data to permit summarizing access information by demographics and attributes.