Have you looked into OpenAthens?  It is an alternative to EZproxy which doesn't require setting up a proxy server.  I'm not 100% familiar with it, but the whole idea is to enable users to access content via single sign on without the need for IP authentication.


Michael Paulmeno
Systems Librarian
Lucy Scribner Library, 210
Skidmore College
(518) 580-5505
[log in to unmask]

-----Original Message-----
From: Code for Libraries <[log in to unmask]> On Behalf Of Andreas Orphanides
Sent: Thursday, February 20, 2020 3:17 PM
To: [log in to unmask]
Subject: Re: [CODE4LIB] Mobile access to IP-authenticated resources

As far as non-proxy solutions go, I think full tunnelling would probably be the only option that I can think of that would reliably allow IP-authenticated access to an arbitrary resource. I suppose some vendors might allow shibboleth or similar authentication at their site depending on how your subscription is configured, but that doesn't seem like it'd be a super convenient option to me.

On Thu, Feb 20, 2020 at 3:11 PM Andreas Orphanides <[log in to unmask]>

> Good point; I was unclear. What I mean is, when a user follows a 
> proxified link to a resource, our proxy redirects on-campus users to 
> the actual URL to enable IP authentication from the vendor. But VPN 
> users remain through the proxy because otherwise the split tunneling 
> kicks in and the vendor wouldn't be able to IP-authenticate.
> I don't think there's a magic way to intervene if someone's, say, 
> following a non-proxied link from an email. The Lean Library browser 
> plugin (and possibly others?) advertises the ability to send a push 
> notification to a user if they can get access to an arbitrary website 
> via reloading through the proxy. But the service is $$$ and also you'd 
> need every relevant user to have the plugin installed on their browser.
> One thing we've done lately is provide access to a little bookmarklet 
> that all it does is reload the current page via the proxy. This is 
> useful for people who know how and when to use it, but is hardly a panacea.
> On Thu, Feb 20, 2020 at 3:03 PM Bob Dougherty <[log in to unmask]> wrote:
>> Andreas, I think I misunderstood something you wrote: "our solution 
>> is to force all connections via the VPN through the proxy."
>> Can you "force" a connection through the proxy when it didn't start 
>> with a proxied web page? Such as the scenarios I mentioned (a link to 
>> an article found in an internet search or an email)?
>> Thanks,
>> Bob