Admins: Remote access options

On-campus“, patrons can access your ebrary site without providing credentials if we’ve pre-validated your on-campus IP addresses (IP-authentication).

Off-campus“, patrons can access your ebrary site if you provide a remote access protocol requiring them to log in with a unique username/password or barcode.

REMOTE ACCESS OPTIONS

1. Proxy server:

  • If your institution/company uses a proxy server to provide access to online shared resources, we can work with you to easily configure it for ebrary. This is a desirable solution if your patrons are already familiar with their proxy server login credentials.  Typical proxy servers are EZproxy, WAM, and Squid.
  • For EZproxy servers, you can choose a Single Sign On (SSO) option that sends users through the proxy server to sign in to their personal ebrary account as well.  This method provides faster remote access than basic proxy access, and patrons typically appreciate needing only one set of login credentials.  (EZproxy v4.0+ is required, v5.0+ is preferred.)

2. OpenAthens or Shibboleth:

  • These authentication methods work particularly well if your patrons are already familiar with their login credentials.
  • To sign in to a personal ebrary account, users will be sent to the institution’s Athens or Shibboleth login page and must sign in there.
  • Shibboleth authentication is offered through the following federations:
    • UK Federation –  SP WAYFless access (UK)
    • InCommon Federation (USA)
    • German Federation – SP WAYFless access (Germany)
    • EduGate Federation (Ireland)
    • RedIRIS Identity Service (SIR, Spain)
    • eduID.cz Federation (Czech Republic)
    • GakuNin (Japan)
    • Check with support@ebrary.com for Shibboleth authentication availability in other regions.
  • Shibboleth authentication requires the following 2 attributes to be passed:
    1. This attribute is required:
      eduPersonScopedAffiliation
    2. And one of the three following attributes is required:
      eduPersonTargetedID
      eduPersonPrincipalName
      eduPersonPersistentID

3. VPN, Virtual Private Network:

  • ebrary works well with VPNs as long as they are not URL-rewriting.
    URL-rewriting VPN is not supported.

4. Referring URL:

  • If your institution or company website already offers a secure login for your patrons, we might be able to pre-validate users accessing ebrary from behind the login page.
  • You would put a link to ebrary on one or more of your webpages that can only be accessed after having signed in through your website’s secure login.  You would then give us the URL of that webpage, and we would pre-validate all users coming from that URL.  Your off-campus patrons would need to access ebrary using the link on that webpage.
  • It often works well to provide links to ebrary from behind the secure login of Course Management Systems such as BlackBoard or Moodle. (Note, Canvas is not an option at this point because of its https restrictions).  We would pre-authorize any users coming from http pages behind the login.
  • Important criteria for the webpage/URL to be used as a referring URL:
    • It must be an http URL (not an https URL)
    • It must only be accessible once a user has signed in.  (That is, if you paste the URL into a browser, it won’t take you there; it will either give an error or take you to the login screen)
    • There needs to be a direct link to the ebrary site on the page that’s setup as the referring URL
      • An imbedded URL will not work
      • Do not open the link in a frame or redirected through another URL
      • The link to ebrary needs to come through from the same session and the same window

5. ebrary-hosted Single Sign On, often referred to as RPA (for Remote Patron Authentication):

  • ebrary can host remote access for your ebrary site if you provide us with a file containing either:
    • A unique username and password for each patron
    • Or, a unique barcode for each patron (must be at least 6 digits)
  • This method requires patrons to use that same username/password or barcode to sign in to their personal ebrary account.
  • The library admin sends support@ebrary.com the list of username/passwords or barcodes to authorize.  The admin can request changes, additions, and deletions over time.
  • Users cannot manually change their own passwords; changes can only be made by the site’s admin, the admin submits changes to support@ebrary.com
    • This is consistent with industry-standard Single Sign On (SSO) implementations such as Shibboleth, Athens, and EZproxy SSO
  • Note RPA does not work smoothly with IE 10
    See http://support.ebrary.com/kb/rpa-ie10/

REMOTE ACCESS OPTIONS THAT DON’T WORK:

  • Apache proxy servers DON’T work well with ebrary.
  • VPNs that re-write the URL DON’T work with ebrary.