From: Jane Sandberg Date: Wed, 19 Aug 2020 21:31:32 +0000 (-0700) Subject: LP1850992: More documentation for the EZProxy remoteauth feature X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=1d0f6fb3cdaf1f5ab4585aa7c0cca321f8edd91c;p=Evergreen.git LP1850992: More documentation for the EZProxy remoteauth feature Signed-off-by: Jane Sandberg Signed-off-by: Galen Charlton --- diff --git a/Open-ILS/examples/apache_24/eg_vhost.conf.in b/Open-ILS/examples/apache_24/eg_vhost.conf.in index b7183fe900..01a0529c1d 100644 --- a/Open-ILS/examples/apache_24/eg_vhost.conf.in +++ b/Open-ILS/examples/apache_24/eg_vhost.conf.in @@ -883,10 +883,12 @@ RewriteRule ^/openurl$ ${openurl:%1} [NE,PT] # Locale (defaults to en_us) #PerlAddVar OILSRemoteAuthLocale "en_us" - # Base URI of your EZProxy server - PerlSetVar OILSRemoteAuthEZProxyBaseURI "http://example.com/ezproxy/" + # Base URI of your EZProxy server; be sure there is no trailing slash + PerlSetVar OILSRemoteAuthEZProxyBaseURI "http://example.com/ezproxy" # shared secret used to generate EZProxy authentication ticket + # This should be the same as the value in the MD5 line of your EZProxy users.txt configuration + # This default value is not suitable for production! PerlSetVar OILSRemoteAuthEZProxySecret "secret" diff --git a/docs/RELEASE_NOTES_NEXT/Administration/ezproxy.adoc b/docs/RELEASE_NOTES_NEXT/Administration/ezproxy.adoc new file mode 100644 index 0000000000..09253c7e96 --- /dev/null +++ b/docs/RELEASE_NOTES_NEXT/Administration/ezproxy.adoc @@ -0,0 +1,30 @@ +EZProxy authentication +^^^^^^^^^^^^^^^^^^^^^^ + +Evergreen can now provide CGI authentication for EZProxy. +To enable this, you will need to: + +. Add a new User Activity Type to Evergreen for EZProxy CGI authentications. +. Add a new Remote Authentication Profile to Evergreen. You will probably want +to use `EZProxyCGI` as the name. +. Edit the `` stanza in Evergreen's eg_vhost configuration +file. In particular, you will need to allow access to from your EZProxy server, +fill in the base uri of your EZProxy server, and add a secret to the +_OILSRemoteAuthEZProxySecret_ variable. +. Restart Apache. +. Edit the EZProxy user.txt file. You will likely want to add a stanza such +as the following: + +.Sample user.txt stanza +---- +::CGI=http://your-evergreen-catalog.com/api/ezproxy?url=^R +::Ticket +MD5 +Expired; Deny expiredticket.htm +/Ticket +---- + +When this feature is enabled, users will see an Evergreen-based login screen. +You may customize the look and feel of this login screen by editing the relevant +template toolkit files. +