Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
ezproxy_maintenance [2022/02/15 21:02] jmulvaney |
ezproxy_maintenance [2023/12/08 14:46] (current) myoungberg [User Files] |
||
|---|---|---|---|
| Line 5: | Line 5: | ||
| ==== Maintaining the Configuration File (config.txt) ==== | ==== Maintaining the Configuration File (config.txt) ==== | ||
| - | OCLC Created Stanzas can be found here: [[https://help.oclc.org/Library_Management/EZproxy/Database_stanzas]] | + | OCLC Created Stanzas can be found here: [[https://help.oclc.org/Library_Management/EZproxy/EZproxy_database_stanzas/Database_stanzas]] |
| During the renewals process, stanzas should be checked against the OCLC documentation to make sure that the most recent version is being used. The best way to tell if the stanza doesn't work is trying to access a resource from off campus (or via Opera w/ VPN installed) which will trigger a Need Host page if the stanza no longer works. If a resource is cancelled or ceased and we do not retain post-cancellation/perpetual access, then the stanza should be removed from the config file. | During the renewals process, stanzas should be checked against the OCLC documentation to make sure that the most recent version is being used. The best way to tell if the stanza doesn't work is trying to access a resource from off campus (or via Opera w/ VPN installed) which will trigger a Need Host page if the stanza no longer works. If a resource is cancelled or ceased and we do not retain post-cancellation/perpetual access, then the stanza should be removed from the config file. | ||
| Line 29: | Line 29: | ||
| * The Stanzas are roughly alphabetical, and they are hierarchical. Lines that are higher are given priority over lines that are lower. | * The Stanzas are roughly alphabetical, and they are hierarchical. Lines that are higher are given priority over lines that are lower. | ||
| * Trials are always at the end of the file. | * Trials are always at the end of the file. | ||
| - | * To add a new stanza, [[https://help.oclc.org/Library_Management/EZproxy/Database_stanzas|Check OCLC]] or use Google to try and find one that someone else has created. | + | * To add a new stanza, [[https://help.oclc.org/Library_Management/EZproxy/EZproxy_database_stanzas/Database_stanzas|Check OCLC]] or use Google to try and find one that someone else has created. |
| * To make edits (like an HTTPS update) add information to existing stanzas. | * To make edits (like an HTTPS update) add information to existing stanzas. | ||
| * Save the Local copy | * Save the Local copy | ||
| Line 67: | Line 67: | ||
| We are not currently using include files for the config. DRMS wants to explore this further in the future but for now please place all stanzas directly in the config file. | We are not currently using include files for the config. DRMS wants to explore this further in the future but for now please place all stanzas directly in the config file. | ||
| - | ==== User File ==== | + | ==== User Files ==== |
| - | The user file is less complex than the config file and is primarily used to temporary block NetIDs which have become compromised until IT confirms that the patrons password has been reset. For specific instructions on this process see the Licensing Violations document below. When blocking a patron, format as "netid::deny" | + | **NOTE:** This section has been rewritten as of our September 2023 switch from LDAP to SSO authentication. Please refer to earlier versions of this page for LDAP documentation. |
| - | To create temporary usernames/passwords for troubleshooting, use the following format: | + | Unlike LDAP authentication, SSO authentication requires two user files: user.txt and shibuser.txt. |
| - | # Context (Name of user, etc.) | + | |
| - | Username:Password | + | |
| - | * Please always preserve the login for EBSCO, Mount Ida, and the temporary EZproxy troubleshooting password. If publishers ask for credentials try and create a unique login and delete it when they are done. | + | |
| - | The username/password for the EZProxy web admin is configured here. **DO NOT DELETE IT.** | + | === user.txt === |
| + | We use this file for two purposes: | ||
| + | * to create **temporary login credentials**, usually for vendors | ||
| + | * to specify **authentication method** | ||
| + | Instructions for how to perform these tasks, including links to OCLC documentation, are included in user.txt. Since the temporary credentials we create in user.txt are not issued by OIT, the SSO login screen will not work. Instead, users with these credentials will need to bypass the SSO login screen. When creating temporary credentials, please provide the following information to the recipient: | ||
| + | * Log in via https://silk.library.umass.edu:443/login?user=username&pass=password | ||
| + | * This link will land you on a menu page, but you'll be logged in and can follow any links from EDS that contain silk.library.umass.edu | ||
| + | |||
| + | === shibuser.txt === | ||
| + | |||
| + | We use this file for two purposes: | ||
| + | * To specify any actions that should apply to **all users** – as of October 2023, the only directive in this category is to log activity using netid@umass.edu as the username instead of shibboleth. | ||
| + | * To specify any actions that should apply to **specific users**. As of October 2023, this includes specifying which users can log into the EZProxy server as admins and temporarily blocking users | ||
| + | Instructions for how to perform these tasks, including links to OCLC documentation, are included in shibuser.txt. | ||
| ==== EZProxy Public Pages (Documents) ==== | ==== EZProxy Public Pages (Documents) ==== | ||
| Patrons primarily experience the EZProxy login page, and may never encounter the various other pages which are mostly reserved for specific EZProxy related errors. These are stored in the "docs" directory of the server. The include the following pages: | Patrons primarily experience the EZProxy login page, and may never encounter the various other pages which are mostly reserved for specific EZProxy related errors. These are stored in the "docs" directory of the server. The include the following pages: | ||
| Line 100: | Line 110: | ||
| ==== EZProxy Security Rules ==== | ==== EZProxy Security Rules ==== | ||
| - | As of version 7.1, rules can be set that when patrons trip them will cause their NetID to be logged and/or blocked. Currently the only rules which will block a patron relate to how many gigabytes of content are download, if a NetID access EZproxy from 4 or more countries, or if they access EZProxy from 20 or more IP addresses. | + | As of version 7.1, rules can be set that when patrons trip them will cause their NetID to be logged and/or blocked. Currently the only rules which will block a patron relate to how many gigabytes of content are download, if a NetID access EZproxy from 4 or more countries, or if they access EZProxy from 20 or more IP addresses. There are additional rules which will log a NetID instead of blocking them. |
| ==== License Violation Incidents through proxy ==== | ==== License Violation Incidents through proxy ==== | ||
| See [[license_violation_procedures|License Violation Procedures]] | See [[license_violation_procedures|License Violation Procedures]] | ||
