Have you looked into OpenAthens? It is an alternative to EZproxy which doesn't require setting up a proxy server. I'm not 100% familiar with it, but the whole idea is to enable users to access content via single sign on without the need for IP authentication.
Lucy Scribner Library, 210
[log in to unmask]
From: Code for Libraries <[log in to unmask]> On Behalf Of Andreas Orphanides
Sent: Thursday, February 20, 2020 3:17 PM
To: [log in to unmask]
Subject: Re: [CODE4LIB] Mobile access to IP-authenticated resources
As far as non-proxy solutions go, I think full tunnelling would probably be the only option that I can think of that would reliably allow IP-authenticated access to an arbitrary resource. I suppose some vendors might allow shibboleth or similar authentication at their site depending on how your subscription is configured, but that doesn't seem like it'd be a super convenient option to me.
On Thu, Feb 20, 2020 at 3:11 PM Andreas Orphanides <[log in to unmask]>
> Good point; I was unclear. What I mean is, when a user follows a
> proxified link to a resource, our proxy redirects on-campus users to
> the actual URL to enable IP authentication from the vendor. But VPN
> users remain through the proxy because otherwise the split tunneling
> kicks in and the vendor wouldn't be able to IP-authenticate.
> I don't think there's a magic way to intervene if someone's, say,
> following a non-proxied link from an email. The Lean Library browser
> plugin (and possibly others?) advertises the ability to send a push
> notification to a user if they can get access to an arbitrary website
> via reloading through the proxy. But the service is $$$ and also you'd
> need every relevant user to have the plugin installed on their browser.
> One thing we've done lately is provide access to a little bookmarklet
> that all it does is reload the current page via the proxy. This is
> useful for people who know how and when to use it, but is hardly a panacea.
> On Thu, Feb 20, 2020 at 3:03 PM Bob Dougherty <[log in to unmask]> wrote:
>> Andreas, I think I misunderstood something you wrote: "our solution
>> is to force all connections via the VPN through the proxy."
>> Can you "force" a connection through the proxy when it didn't start
>> with a proxied web page? Such as the scenarios I mentioned (a link to
>> an article found in an internet search or an email)?