ucl’s preparations for shibboleth
DESCRIPTION
UCL’s preparations for Shibboleth. Margaret Flett IT Services Development Officer UCL Library Services [email protected]. UCL’s preparations for Shibboleth. Background - UCL Library Services From AthensDA to Shibboleth What to tell the users?. UCL Library Services. - PowerPoint PPT PresentationTRANSCRIPT
UCL LIBRARY SERVICES
UCL’s preparations for ShibbolethMargaret Flett
IT Services Development OfficerUCL Library Services
UCL LIBRARY SERVICES
UCL’s preparations for Shibboleth
Background - UCL Library Services From AthensDA to Shibboleth What to tell the users?
UCL LIBRARY SERVICES
UCL Library Services
Similar profile to LSE (user types and access requirements) Broader range of disciplines, and hence resources Moved from “classic” Athens to AthensDA during 2005/6 Also use EZProxy for offsite access to (Athens and)
non-Athens resources
UCL LIBRARY SERVICES
AthensDA at UCL
HDD method (persistent cookie) Single sign-on with EZProxy (ie simultaneous). Same HTML login page whether users come via Athens or
EZProxy
UCL LIBRARY SERVICES
UCL LIBRARY SERVICES
UCL LIBRARY SERVICES
UCL LIBRARY SERVICES
http://libproxy.ucl.ac.uk/login?url=http://aapgbulletin.datapages.com/
UCL LIBRARY SERVICES
UCL LIBRARY SERVICES
AthensDA to Shibboleth
Install and test Shibboleth Identity Provider Join the UK Access Management Federation Register Shib Identity Provider with Athens (testing) Test compliance of Athens resources with the
Shib-Athens gateway Plan strategy for non-compliant resources Consider best access route for each resource
(gateway / direct Shib / proxy / other) Plan end-user information Switch from AthensDA to Shib IdP
UCL LIBRARY SERVICES
UCL LIBRARY SERVICES
UCL LIBRARY SERVICES
Shib-Athens gateway
Nearly all Athens resources are compliant. Exceptions listed on Athens website. For UCL, four resources, including LexisNexis (Executive/Professional) and Westlaw.
Otherwise, behaves just like AthensDA
Photo by paparutzi displayed on Flickr.com
Shibboleth-authenticated
users
Athens-protectedresources
UCL LIBRARY SERVICES
https://auth.athensams.net/setsite.php?id=https://shib-idp.ucl.ac.uk/shibboleth&ath_dspid=ATHENS.MY&ath_returl=%2Fmy%2F
UCL LIBRARY SERVICES
UCL LIBRARY SERVICES
UCL LIBRARY SERVICES
User education
Access from Library-controlled links
Access from resources directly
Personalisation features
UCL LIBRARY SERVICES
Library-controlled links
Mostly EZProxy* (IP authentication + proxying permitted) Some Athens (gateway) Some Shibboleth (eg Science Direct) Other password On-campus only (IP authentication, no proxying)
*EZProxy itself will be Shibbolized
UCL LIBRARY SERVICES
Documentation
Instructions for: Accessing a typical resource via library link List of exceptions to the above Accessing a typical resource via native interface (“Athens”) Exceptions to the above (Shibboleth, eg Science Direct)
Explanation for keen users about single sign-on, Shibboleth sessions, etc.
UCL LIBRARY SERVICES
Personalisation features
Most Athens resources which offer alerts etc. require separate registration (username/password)
Exceptions include ScienceDirect, Zetoc, TRILT
Zetoc transfer works Still waiting to test ScienceDirect
personalisation features with direct Shibboleth.
UCL LIBRARY SERVICES
Shibboleth in other Library resources
UCL is also trying to implement Shibboleth login for as many different services as possible, to take advantage of single sign-on.
EZProxy - tested MetaLib (and other Ex Libris products) - testing
And other institutional resources, eg WebCT, Moodle.