View Source

[AI] -- Steve Carmody -- will outline the flow, from the perspective of a user accessing a resource, in several situations:

1) User is on campus

a) User goes directly to www.sciencedirect.com.

If the campus is using IP address checking and NOT using Shib, then the user is allowed access.

If the campus has left IP address checking enabled at SD, then the user is allowed access. Otherwise, if the campus is using Shib, user selects "Athens/Institutional Login", redirects to SD's WAYF page, user selects country and then IdP, user clicks Submit and gets redirected to their campus IdP. If user has not previously done a login to the local SSO system, user must login. User is redirected back to SD, accompanied by Shib info identifying them as an authorized user.

b) User goes to the campus navigation page for SD (eg http://dl.lib.brown.edu/gateway/program.php?programid=308 , FIND "ScienceDirect" ):

User clicks "Access this resource".

If the campus is not using Shib, user is redirected to SD, and is granted access.

If the campus is using Shib, user is redirected to the campus IdP, authenticated if necessary, and then redirected on to SD.

c) User clicks a link on a course home page,pointing to a specific article.

If the campus is not using Shib, user is redirected to SD, and is granted access.

If the campus is using Shib, user is redirected to the campus IdP, authenticated if necessary, and then redirected on to SD.

2) User is at a public terminal in a library

a) No login required on public terminals; authn based on IP address

Are these terminals "forced" to use the library's navigation pages? Or can they go directly to sites?

User goes to the campus navigation page for SD (eg http://dl.lib.brown.edu/gateway/program.php?programid=308 , FIND "ScienceDirect" ):

User clicks "Access this resource".

If the campus is not using Shib, user is redirected to SD, and is granted access.

If the campus is using Shib, user is redirected to the campus IdP, authenticated if necessary, and then redirected on to SD.

b) Login required on public terminals; walkins are given guest account.

User does login (using personal or Guest account). Login is to the campus SSO system?

Are these terminals "forced" to use the library's navigation pages? Or can they go directly to sites?

User goes to the campus navigation page for SD (eg http://dl.lib.brown.edu/gateway/program.php?programid=308 , FIND "ScienceDirect" ):

User clicks "Access this resource".

If the campus is not using Shib, user is redirected to SD, and is granted access.

If the campus is using Shib, user is redirected to the campus IdP, authenticated if necessary, and then redirected on to SD.

c) Optional login available on public terminals (U Wash support)

i) User skips login.

Are these terminals "forced" to use the library's navigation pages? Or can they go directly to sites?

User goes to the campus navigation page for SD (eg http://dl.lib.brown.edu/gateway/program.php?programid=308 , FIND "ScienceDirect" ):

User clicks "Access this resource".

If the campus is not using Shib, user is redirected to SD, and is granted access.

If the campus is using Shib, user is redirected to the campus IdP, authenticated if necessary, and then redirected on to SD.

ii) User does login

User does login (using personal or Guest account). Login is to the campus SSO system?

Are these terminals "forced" to use the library's navigation pages? Or can they go directly to sites?

User goes to the campus navigation page for SD (eg http://dl.lib.brown.edu/gateway/program.php?programid=308 , FIND "ScienceDirect" ):

User clicks "Access this resource".

If the campus is not using Shib, user is redirected to SD, and is granted access.

If the campus is using Shib, user is redirected to the campus IdP, authenticated if necessary, and then redirected on to SD.

3) User is working at home....

a) User goes directly to www.sciencedirect.com.

If campus is NOT using Shib, user stops here.

If campus is using Shib, user selects "Athens/Institutional Login", redirects to SD's WAYF page, user selects country and then IdP, user clicks Submit and gets redirected to their campus IdP. If user has not previously done a login to the local SSO system, user must login. User is redirected back to SD, accompanied by Shib info identifying them as an authorized user.

b) User goes to the campus navigation page for SD (eg http://dl.lib.brown.edu/gateway/program.php?programid=308 , FIND "ScienceDirect" ).

If campus is NOT using Shib, user clicks "off campus", is redirected to the campus proxy. User authenticates, and is redirected via the proxy to SD.

If campus is using Shib, user clicks "Access", is redirected to their campus IdP. If user has not previously done a login to the local SSO system, user must login. User is redirected forward to SD, accompanied by Shib info identifying them as an authorized user.

c) User clicks a link on a course home page,pointing to a specific article.

If the campus is not using Shib, user is redirected to ?? What is standard practice here?

If the campus is using Shib, user is redirected to the campus IdP, authenticated if necessary, and then redirected on to SD.

OR ... If the campus is using Shib, user is redirected to EZP, which determines whether the user is on or off campus, whether the SP is shib-enabled or not, and does the "right thing"

4) User is accessing resources while in a different country

Same as working at home

5) User is an instructor, perhaps within a course management system, who wants to add a link to a resource that will work for a student regardless of the student's location.

a) campus NOT using Shib.

Instructor should add link pointing to local EZP instance. At run time, EZP decides where to forward the user.

b) campus is using Shib

Instructor can either:

i) add link pointing to local IdP. After authn, user is redirected to the SP.

ii) Instructor should add link pointing to local EZP instance. At run time, EZP decides where to forward the user.