1 Wolfgang Lierz / IGeLU 2012 Zurich

Wolfgang LierzStaff IT-Services / Network & Security AdminETH-Bibliothek Zurich

Integration Primo-Aleph-PDS-SSO-AAI

Integration of Aleph/Primo with PDS into larger Shibboleth/SSO environments

2

Integration Primo-Aleph-PDS-SSO-AAIWhy Single Sign-On anyway?

Wolfgang Lierz / IGeLU 2012 Zurich

We have alternatives:

- Post-It around display - Post-It below keyboard- Browser password store- KeePass password store- Cloud password store- Facebook login

3

Integration Primo-Aleph-PDS-SSO-AAIAuthentication and Authorization Infrastructure

Wolfgang Lierz / IGeLU 2012 Zurich

Without AAI-SSO

With AAI-SSO

• 1999-2000 First ideas and workshop• 2001-2003 Project study and pilot• 2004-2005 Implementation

4

Integration Primo-Aleph-PDS-SSO-AAIAAI in Switzerland

Wolfgang Lierz / IGeLU 2012 Zurich

5 Wolfgang Lierz / IGeLU 2012 Zurich

Integration Primo-Aleph-PDS-SSO-AAIAuthentication with nethz

Authentication «Who am I»

«nethz» database

«nethz-login»

HR / Students Administration

ETH Zurich members

Active Directory

LDAPRADIU

S

AAI(Shibbolet

h)

WindowsExchangeSharepoint

e-picsWLAN

eduroamVPN

e-collection.ProxySMS

Authorization «What may I do»

«Same Sign On» «Single Sign On»

6

Integration Primo-Aleph-PDS-SSO-AAIAleph in Switzerland

Wolfgang Lierz / IGeLU 2012 Zurich

• ExLibris Aleph v20(only NEBIS with PDS)

• 5 Systems

• Shared User File (SUF) 700000 accounts

• Integration UZH into NEBIS 2013(INUIT)200000 accounts200 libraries

7

Goals within current NEBIS/Aleph operation:

- eliminate separate individual user registration / activation process at library

- enable nethz-userid for ETHZ staff and students

- use nethz-attributes of ALL staff and students by Aleph and discontinue separate user management

Integration Primo-Aleph-PDS-SSO-AAI AAI-SSO for ETHZ staff and students

Wolfgang Lierz / IGeLU 2012 Zurich

8

Integration Primo-Aleph-PDS-SSO-AAIAleph with nethz / PLIF

nightly

Aleph(Application)

Aleph (Database)

nethz

SAP

nethz

AAI

Indices

A4

PDS (login)

A3Batch / Copy on request

A2User / Copy atLogin

PLIF(at least daily)

Batch / triggered by changes

Wolfgang Lierz / IGeLU 2012 Zurich

Shibboleth UniqueID as additional Aleph ID #20

Alternatives A2+A3 unfortunately impossible with Aleph

9

Integration Primo-Aleph-PDS-SSO-AAI2012: AAI-SSO for ETH members

Wolfgang Lierz / IGeLU 2012 Zurich

Authentication via «native» Aleph login

(may disappear 2013)

Authentication via «nethz-login» (AAI-SSO)

(more selections 2013)

Intermediate (PDS) Login page from September 2012

Embedded WAYF

10 Wolfgang Lierz / IGeLU 2012 Zurich

(SSL connection)

Private customers DB- Attributes from Aleph- Passwords only here

New separate Private Customers IDP (at ETHZ)

NEBIS/AlephEAD00

Aleph (Oracle DB)

Private customers

Indices (Aleph)

AAI IDP (operated by Switch)aai-login.libraries.ch

PDS (login) with Shibboleth

Integration Primo-Aleph-PDS-SSO-AAI2013: AAI-SSO for private customers

EAD50 ZAD50 UZH50

AAI IDP (at ETHZ)aai-login.ethz.ch

(via nethz)WAYF

Re(set) passwordpassword.librari

es.ch

(New) registrationregister.libraries

.chInitialPassword

other AAI IDPs

INUIT

future

PIN-VHO

E-Lending

Primo FE 1...4e-shelf

NEBIS Form forregistration

11 Wolfgang Lierz / IGeLU 2012 Zurich

Private customers DB- Attributes now HERE- Passwords only here

Swiss-widePrivate Customers IDP

Alma ?

AAI IDP (operated by Switch)aai-login.libraries.ch

PDS as a separate service WITH attribute retrieval

Integration Primo-Aleph-PDS-SSO-AAIFuture: ID management outside Ex Libris

AAI IDP (at ETHZ)aai-login.ethz.ch

(via nethz)WAYF

Re(set) passwordpassword.librari

es.ch

(New) registrationregister.libraries

.ch

other AAI IDPs

Primo FE 1...4e-shelf

Interface to externalIdentity Management

E-Lendingand others

12

For much more details see our report

Single Sign On für e-lib.ch und sein Webportal(in German, 2012, 61 p.)

e-collection.library.ethz.ch/view/eth:5453

Integration Primo-Aleph-PDS-SSO-AAI Further reading

Wolfgang Lierz / IGeLU 2012 Zurich

13

Thanks to:- SSO project team of ETH-

Bibliothek- ITS IT-Services of ETH-Bibliothek- ICT services of ETH Zurich- SWITCH AAI team- ELCA Informatik AG, Zürich

Integration Primo-Aleph-PDS-SSO-AAI Credits

Wolfgang Lierz / IGeLU 2012 Zurich

14

Thank you!

wolfgang.lierz@library.ethz.ch

Integration Primo-Aleph-PDS-SSO-AAI Questions ?

Wolfgang Lierz / IGeLU 2012 Zurich

SFX with PDS-SSO-AAI ?

15 Wolfgang Lierz / IGeLU 2012 Zurich

DEMO

http://www.switch.ch/aai/demo/