EZProxy can be configured to take you to a start page that it generates, but
more commonly it is set up to take you through to the URL you give it. In
our setup, you approach EZProxy with a url like this:
http://login.ezproxy.library.ualberta.ca/login?url=http://www.whereyouwantto
go.org
After authentication (which can be by IP as well as user id or whatever), it
redirects you to
http://www.whereyouwanttogo.org.login.ezproxy.library.ualberta.ca/
It fetches the remote page and rewrites all the links (or rather the ones it
knows you need to proxy) to keep you in its artificial little window on the
web.
It uses cookies to manage sessions. In the context of a federated search, I
think you could do something like this:
1) user requests search from search agent
2) search agent passes search on to a number of external resources via
EZProxy. The agent must cache the session cookie from EZProxy (the cookie's
domain is .ezproxy.library.ualberta.ca), as well as any cookies it gets from
the external resources, whose cookies will have domains like
80-web18.epnet.com.login.ezproxy.library.ualberta.ca.
3) the search agent composes a page of hits for the user (with all the links
pointing to EZProxy urls) and sends it down to the browser, along with all
the cookies needed to access the resources in question. All the cookies are
at least associated with a local domain, so it should be possible to have
them accepted by the browser (though I'm not sure of the details here -
could metasearch.library.ualberta.ca set a cookie for
ezproxy.library.ualberta.ca without setting off alarms?)
At the end of this, the user should get a page that has everything needed to
replicate the search environment that the federated search agent set up. To
get all those cookies set without hassles, it might be necessary to access
the result page via EZProxy.
I hope that at least frames the right questions about this approach. A
question to the EZProxy listserv would get the attention of EZProxy's
designer Chris Zagar, who could point out any flaws in this scheme.
Peter
Peter Binkley
Digital Initiatives Technology Librarian
Information Technology Services
4-30 Cameron Library
University of Alberta Libraries
Edmonton, Alberta
Canada T6G 2J8
Phone: (780) 492-3743
Fax: (780) 492-9243
e-mail: [log in to unmask]
> -----Original Message-----
> From: Walter Lewis [mailto:[log in to unmask]]
> Sent: Tuesday, March 16, 2004 07:38 AM
> To: [log in to unmask]
> Subject: Re: [CODE4LIB] Remote authentication cookies (was
> Re: [CODE4LIB] index of open access journals)
>
>
> Binkley, Peter wrote:
>
> >I wonder if you could fake it using EZProxy, which does a
> good job of
> >managing cookies for proxied resources. Have the metasearch process
> >start an EZProxy session and then hand that over to the user.
> >
> I had a sense that proxies were going to enter into the
> solution in some fashion, especially given that the
> metasearch is almost a proxied search.
>
> Does anyone have any experience with EZProxy or its
> competition in this context? The EZProxy docs suggest that
> the OOTBE is designed to handle passing people on to the
> authenticated start page. In the federated search paradigm
> we're trying to hand them off to a moderately relevant
> results page. Any insight at this stage could save a lot of time.
>
> Thanks.
>
> Walter Lewis
> Halton Hills
>
|