Admins: EZproxy Single Sign On (SSO)

EZproxy Single Sign On (SSO) works very well with ebrary sites and offers two distinct advantages over a standard proxy approach:

  1. Response time is much better because SSO is a hand-off approach, whereas with a standard proxy approach every command and response passes through the proxy server.
  2. Users have just one username and password to deal with.  Users sign in through your proxy server for both remote access and to sign in to their personal ebrary account.

Three requirements of your proxy server to use this approach:

  1. Your proxy server must require a unique login for each person.  That is, every user has their own username and password or barcode instead of everyone logging on as, for example, “student”.
  2. Once a user logs in through the proxy, a unique identifier for that user must be passed on.  That is, users aren’t all called “cgi-user” or something once they are logged on.
  3. You need to be running at least version 4.0 of EZproxy.

An overview of how EZproxy SSO works:

  • When a user is on-campus, they can access the ebrary site without logging on, but as soon as they try to use a feature that requires them to be signed into their personal ebrary account, we pass them to your proxy-log-on screen.  Once they successfully enter their username and password there, they are passed back to the ebrary screen, and they will have full access to the ebrary site and to their personal ebrary account.
  • When a user is off-campus, they will still use the regular (unproxied) link to access the ebrary site,<YourSiteName>.  The ebrary site recognizes they are off-campus and they are immediately passed to your proxy-log-on screen.  Once they successfully sign in there, they are passed to the ebrary site and at that point they are also already signed in to their personal ebrary account.
  • Note that once EZproxy SSO is in use, users won’t have their old personal ebrary accounts; their ebrary account username will be based on their EZproxy SSO login.   Any users that want the info in their old bookshelf transferred to their new bookshelf just needs to send us their old and new usernames, and we can quickly transfer their bookshelf contents.

Important note:

  • If you are migrating to EZproxy SSO and you have users that had created bookshelves using the prior setup, the contents of those bookshelves will not be automatically transferred over to the new bookshelves.  However, users can email to request their bookshelf contents be copied over; users would need to supply their old username and their new username.  One challenge is that any folders that users might have set up in their bookshelves will not be copied over – all of their bookshelf items will be copied over to the top (uncategorized) level of their new bookshelf.

Setting up EZproxy SSO:

  • To set up EZproxy SSO for your ebrary site, email
  • We’ll make a few changes to your ebrary site’s configuration from our side. To do this we’ll need to know:
    • Your proxy server IP address
    • The URL of your proxy server
    • The version number of EZproxy you are running
    • A temp log-in for your proxy if possible so we can test the setup (just a username/password like a student would get)
  • We’ll send you the specific lines to add to your proxy config file
    • It is important that the ebrary config lines are placed in the config file before any use of AutoLoginIP
    • (AutoLoginIP is used to identify computers that should be automatically logged into EZproxy – and this blocks the process of having on-campus users sign in to their personal ebrary account, which is done via the proxy server)
  • Once both you and we have made the changes, we’ll test and confirm