[AI] -- Steve Carmody -- will outline the flow, from the perspective of a user accessing a resource, in several situations:
If the campus is using IP address checking and NOT using Shib, then the user is allowed access.
If the campus has left IP address checking enabled at SD, then the user is allowed access. Otherwise, if the campus is using Shib, user selects "Athens/Institutional Login", redirects to SD's WAYF page, user selects country and then IdP, user clicks Submit and gets redirected to their campus IdP. If user has not previously done a login to the local SSO system, user must login. User is redirected back to SD, accompanied by Shib info identifying them as an authorized user.
User clicks "Access this resource".
If the campus is not using Shib, user is redirected to SD, and is granted access.
If the campus is using Shib, user is redirected to the campus IdP, authenticated if necessary, and then redirected on to SD.
If the campus is not using Shib, user is redirected to SD, and is granted access.
If the campus is using Shib, user is redirected to the campus IdP, authenticated if necessary, and then redirected on to SD.
Are these terminals "forced" to use the library's navigation pages? Or can they go directly to sites?
User goes to the campus navigation page for SD (eg http://dl.lib.brown.edu/gateway/program.php?programid=308 , FIND "ScienceDirect" ):
User clicks "Access this resource".
If the campus is not using Shib, user is redirected to SD, and is granted access.
If the campus is using Shib, user is redirected to the campus IdP, authenticated if necessary, and then redirected on to SD.
User does login (using personal or Guest account). Login is to the campus SSO system?
Are these terminals "forced" to use the library's navigation pages? Or can they go directly to sites?
User goes to the campus navigation page for SD (eg http://dl.lib.brown.edu/gateway/program.php?programid=308 , FIND "ScienceDirect" ):
User clicks "Access this resource".
If the campus is not using Shib, user is redirected to SD, and is granted access.
If the campus is using Shib, user is redirected to the campus IdP, authenticated if necessary, and then redirected on to SD.
Are these terminals "forced" to use the library's navigation pages? Or can they go directly to sites?
User goes to the campus navigation page for SD (eg http://dl.lib.brown.edu/gateway/program.php?programid=308 , FIND "ScienceDirect" ):
User clicks "Access this resource".
If the campus is not using Shib, user is redirected to SD, and is granted access.
If the campus is using Shib, user is redirected to the campus IdP, authenticated if necessary, and then redirected on to SD.
User does login (using personal or Guest account). Login is to the campus SSO system?
Are these terminals "forced" to use the library's navigation pages? Or can they go directly to sites?
User goes to the campus navigation page for SD (eg http://dl.lib.brown.edu/gateway/program.php?programid=308 , FIND "ScienceDirect" ):
User clicks "Access this resource".
If the campus is not using Shib, user is redirected to SD, and is granted access.
If the campus is using Shib, user is redirected to the campus IdP, authenticated if necessary, and then redirected on to SD.
If campus is NOT using Shib, user stops here.
If campus is using Shib, user selects "Athens/Institutional Login", redirects to SD's WAYF page, user selects country and then IdP, user clicks Submit and gets redirected to their campus IdP. If user has not previously done a login to the local SSO system, user must login. User is redirected back to SD, accompanied by Shib info identifying them as an authorized user.
If campus is NOT using Shib, user clicks "off campus", is redirected to the campus proxy. User authenticates, and is redirected via the proxy to SD.
If campus is using Shib, user clicks "Access", is redirected to their campus IdP. If user has not previously done a login to the local SSO system, user must login. User is redirected forward to SD, accompanied by Shib info identifying them as an authorized user.
If the campus is not using Shib, user is redirected to ?? What is standard practice here?
If the campus is using Shib, user is redirected to the campus IdP, authenticated if necessary, and then redirected on to SD.
OR ... If the campus is using Shib, user is redirected to EZP, which determines whether the user is on or off campus, whether the SP is shib-enabled or not, and does the "right thing"
Same as working at home
Instructor should add link pointing to local EZP instance. At run time, EZP decides where to forward the user.
Instructor can either:
i) add link pointing to local IdP. After authn, user is redirected to the SP.
ii) Instructor should add link pointing to local EZP instance. At run time, EZP decides where to forward the user.