Overview of Voyager External Patron Authentication Michael Doran, Systems Librarian Ex Libris Southwest Users Group February 6, 2008 – Santa Ana College.

Slides:



Advertisements
Similar presentations
EBSCOadmin Authentication
Advertisements

Using the Self Service BMC Helpdesk
“The Honeywell Web-based Corrective Action Solution”
MY NCBI (module 4.5).
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Library Online Catalog Tutorial Pentagon Library Last Updated March 2008.
Reference and Instruction Automated Statistics Gathering and Reporting System Members: Patrick Chen (pyc7) Soo-Yung Cho (sc444) Gregg Herlacher (gah24)
Servlets and a little bit of Web Services Russell Beale.
Input Validation For Free Text Fields ADD Project Members: Hagar Offer & Ran Mor Academic Advisor: Dr Gera Weiss Technical Advisors: Raffi Lipkin & Nadav.
Week 2 IBS 685. Static Page Architecture The user requests the page by typing a URL in a browser The Browser requests the page from the Web Server The.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Session Management A290/A590, Fall /25/2014.
Welcome to Neoserra.
Chapter 7 Managing Data Sources. ASP.NET 2.0, Third Edition2.
Creating Web Page Forms
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
The New Books List Michael Doran, Systems Librarian Ex Libris Southwest Users Group February 6, 2008 – Santa Ana College.
Form Handling, Validation and Functions. Form Handling Forms are a graphical user interfaces (GUIs) that enables the interaction between users and servers.
03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.
Advance Computer Programming Java Database Connectivity (JDBC) – In order to connect a Java application to a database, you need to use a JDBC driver. –
1 Web Developer & Design Foundations with XHTML Chapter 6 Key Concepts.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Reading Data in Web Pages tMyn1 Reading Data in Web Pages A very common application of PHP is to have an HTML form gather information from a website's.
Comp2513 Forms and CGI Server Applications Daniel L. Silver, Ph.D.
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.
EBSCOadmin. Select Change Password Select EBSCOadmin Security.
South Dakota Library Network MetaLib Management Basics Adding Resources South Dakota Library Network 1200 University, Unit 9672 Spearfish, SD
ShelfLister ShelfLister Real-time Voyager Shelf Lists via Wireless PDA Michael Doran, Systems Librarian Ex Libris Southwest Users Group February 6, 2008.
Lecture 7 Interaction. Topics Implementing data flows An internet solution Transactions in MySQL 4-tier systems – business rule/presentation separation.
AQS Web Quick Reference Guide Changing Raw Data Values Using Maintenance 1. From Main Menu, click Maintenance, Sample Values, Raw Data 2. Enter monitor.
1 PHP and MySQL. 2 Topics  Querying Data with PHP  User-Driven Querying  Writing Data with PHP and MySQL PHP and MySQL.
Creating an LDAP Patron Authentication Adaptor Michael Doran, Systems Librarian University of Texas at Arlington Endeavor Users Group Meeting, Chicago,
M1G Introduction to Database Development 6. Building Applications.
PHP meets MySQL.
9 Chapter Nine Compiled Web Server Programs. 9 Chapter Objectives Learn about Common Gateway Interface (CGI) Create CGI programs that generate dynamic.
1 In the good old days... Years ago… the WWW was made up of (mostly) static documents. –Each URL corresponded to a single file stored on some hard disk.
Web Server Administration Chapter 7 Installing and Testing a Programming Environment.
COMP3121 E-Commerce Technologies Richard Henson University of Worcester November 2011.
Activating Clarity  Activating Clarity  Activation  Online Activation  Fax Activation  Review and Verify Activation and License Terms  Updating.
authenticated networked guided environment for learning - secure integration of learning environments with digital libraries - Current.
Website Development with PHP and MySQL Saving Data.
 Whether using paper forms or forms on the web, forms are used for gathering information. User enter information into designated areas, or fields. Forms.
Chapter 6 Server-side Programming: Java Servlets
ASP.NET The Clock Project. The ASP.NET Clock Project The ASP.NET Clock Project is the topic of Chapter 23. By completing the clock project, you will learn.
Flinders University Library Opening Hours, RSS and Authentication Modules.
WWW: an Internet application Bill Chu. © Bei-Tseng Chu Aug 2000 WWW Web and HTTP WWW web is an interconnected information servers each server maintains.
MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.
DataFlow Diagram – Level 0
WebVoyáge with a Wrapper Michael Doran, Systems Librarian Kentucky Voyager Users’ Group Meeting Thomas More College - June 1, 2007.
Introduction to Voyager External Patron Authentication Michael Doran, Systems Librarian University of Texas at Arlington October 1, 2004.
Introduction to KE EMu
FAA Access to CPS Online for EDExpress Users - Hands-on Ginger Klock Eric Smith Session 5.
© MIT 2000 Building Web Applications With Webjects Michael D. Barker The MIT Educational Media Creation Center November 2001.
Overview of Voyager External Patron Authentication EndUser Session #20 – Thursday 4:15-5:15pm Michael Doran, Systems Librarian University of Texas at Arlington.
Office of Housing Choice Voucher Program Voucher Management System – VMS Version Released October 2011.
Staff Module and Summary of Changes 1. Icon Changes: Page 3 Signing In and Password/Pin Changes: Page 4 Logging Out: Page 8 Staff Module Changes: Page.
1 State and Session Management HTTP is a stateless protocol – it has no memory of prior connections and cannot distinguish one request from another. The.
WebVoyáge with a Wrapper Michael Doran, Systems Librarian Ex Libris Users of North America (ELUNA) Meeting Long Beach, CA - Session 48.2.
IS2803 Developing Multimedia Applications for Business (Part 2) Lecture 1: Introduction to IS2803 Rob Gleasure
Staff Module and Summary of Changes 1. Icon Changes: Page 3 Signing In and Password/Pin Changes: Page 4 Logging Out: Page 8 Staff Module Changes: Page.
Copyright 2007, Information Builders. Slide 1 iWay Web Services and WebFOCUS Consumption Michael Florkowski Information Builders.
LOGIN FORMS.
Introduction to Terra Dotta Applications Integration with Campus Data Systems for institutions beginning their software implementation.
Emdeon Office Batch Management Services This document provides detailed information on Batch Import Services and other Batch features.
CollegeSource Security Application &
z/Ware 2.0 Technical Overview
PHP / MySQL Introduction
New Primo Authentication
PDS, Primo, Aleph, MetaLib, SFX General workflow
Presentation transcript:

Overview of Voyager External Patron Authentication Michael Doran, Systems Librarian Ex Libris Southwest Users Group February 6, 2008 – Santa Ana College

Michael Doran, Systems Librarian Standard Patron Authentication - User Perspective - The user clicks the “Login” (or “Patron”, etc.) button gets a login form enters credentials and submits...

Michael Doran, Systems Librarian Once logged in, the user has access to their patron information, requests, MyOPAC functionality, etc. Standard Patron Authentication - User Perspective -

Michael Doran, Systems Librarian The user clicks the “Login” (or “Patron”, etc.) button gets a login form enters credentials and submits... External Patron Authentication - User Perspective -

Michael Doran, Systems Librarian Once logged in, the user has access to their patron information, requests, MyOPAC functionality, etc. External Patron Authentication - User Perspective -

Michael Doran, Systems Librarian What’s the Difference? From a user perspective the login experience is pretty much the same, regardless of whether he/she uses standard Voyager patron authentication or an external authentication system. A sharp-eyed user might notice that another web application comes into play during external authentication....

Michael Doran, Systems Librarian Standard Patron Authentication Everything is handled by WebVoyáge (i.e. Pwebrecon.cgi)

Michael Doran, Systems Librarian Standard Patron Authentication

Michael Doran, Systems Librarian External Patron Authentication query string WebVoyáge hands over control to an “adaptor”...

Michael Doran, Systems Librarian External Patron Authentication... and then returns control to WebVoyáge... the adaptor does the authentication...

Michael Doran, Systems Librarian WebVoyáge to Adaptor Hand Off WebVoyáge [Pwebrecon.cgi] Authentication Adaptor [customer-adaptor.cgi] PAGE=pbLogonPatron&PID=2063&SEQ= “query string” What determines whether this hand off occurs?...

Michael Doran, Systems Librarian ExtAuthenticationSystem stanza [ExtAuthenticationSystem] ExtAuthSystemEnabled=Y ExtAuthBypassLoginScreen=Y ExtAuthSubmitText=Login with NetID ExtAuthSystemURL=/cgi-bin/customer-adaptor.cgi ExtAuthButtonMethod=GET The opac.ini configuration file contains a stanza called ExtAuthenticationSystem. The parameters in this stanza control the initial hand-off to a patron authentication adaptor.

Michael Doran, Systems Librarian ExtAuthenticationSystem stanza To totally bypass the WebVoyáge login screen: [ExtAuthenticationSystem] ExtAuthSystemEnabled=Y ExtAuthBypassLoginScreen=Y ExtAuthSubmitText=Login with NetID ExtAuthSystemURL=/cgi-bin/customer-adaptor.cgi ExtAuthButtonMethod=GET Takes user directly to external authentication login screen.

Michael Doran, Systems Librarian ExtAuthenticationSystem stanza To give users the option of logging in using the standard WebVoyáge or the external authentication: [ExtAuthenticationSystem] ExtAuthSystemEnabled=Y ExtAuthBypassLoginScreen=N ExtAuthSubmitText=Login with NetID ExtAuthSystemURL=/cgi-bin/customer-adaptor.cgi ExtAuthButtonMethod=GET Takes user to standard WebVoyáge login screen......which includes a button linking to the adaptor login screen.

Michael Doran, Systems Librarian Now where did I put that adaptor? Patron authentication adaptor feature “functionality that allows WebVoyáge to communicate with an external authentication program, via a customer-developed authentication adaptor” Patron authentication adaptor “the customer-developed adaptor which provides the communications bridge between WebVoyáge and the external authentication program” The patron authentication adaptor referred to is a computer program. Customer-developed means you get to write it.

Michael Doran, Systems Librarian Authentication Adaptor Tasks Authentication Adaptor [customer-adaptor.cgi] When first called: Parse and store WebVoyáge query string The query string contains the data such as the PID (“process ID”) which identifies the session and is necessary for maintaining session state. Generate HTML code for a patron login form in order to gather desired user credentials

Michael Doran, Systems Librarian Authentication Adaptor Tasks Authentication Adaptor [customer-adaptor.cgi] Query external authentication system  Get “yea” or “nay” on user  Retrieve “Institution ID” If yea, insert a record into the WOPAC_PID_PATRON_KEYS table:  PID (saved from query string)  Institution ID Return control to WebVoyáge via a redirect to Pwebrecon.cgi URL appended with:  Original (saved) query string, plus  Authentication key-value pair After user credentials are submitted:

Michael Doran, Systems Librarian Authentication Adaptor Tasks Authentication Adaptor [customer-adaptor.cgi] Query external authentication system  Get “yea” or “nay” on user  Retrieve “Institution ID” If yea, insert a record into the WOPAC_PID_PATRON_KEYS table:  PID (saved from query string)  Institution ID Return control to WebVoyáge via a redirect to Pwebrecon.cgi URL appended with:  Original (saved) query string, plus  Authentication key-value pair After user credentials are submitted:

Michael Doran, Systems Librarian Authentication Systems There are many authentication systems... LDAP (Lightweight Directory Access Protocol) Kerberos NIS/NIS+ (Network Information Service) SMB (Windows) Shibboleth RADIUS (Remote Authentication Dial In User Service) etc... In addition, authentication systems such as LDAP will differ in internal data structure from one organization to another. Time out!

Michael Doran, Systems Librarian Which means... The multitude of authentication systems, as well as the fact that the systems can vary in internal data structure, are the principle reasons why Voyager comes with a WebVoyáge patron authentication adaptor feature, but not an actual patron authentication adaptor. And which are also why the feature is entirely authentication-system neutral, but the adaptor itself is by necessity, authentication-system specific. Systems Librarian

Michael Doran, Systems Librarian Authentication Adaptor Tasks Authentication Adaptor [customer-adaptor.cgi] Query external authentication system  Get “yea” or “nay” on user  Retrieve “Institution ID” If yea, insert a record into the WOPAC_PID_PATRON_KEYS table:  PID (saved from query string)  Institution ID Return control to WebVoyáge via a redirect to Pwebrecon.cgi URL appended with:  Original (saved) query string, plus  Authentication key-value pair After user credentials are submitted:

Michael Doran, Systems Librarian Query External Authentication System Authentication Adaptor [customer-adaptor.cgi] 1.Adaptor sends formatted query containing username and password 2.Authentication system replies with success/failure response plus user information if success Authentication System [e.g. LDAP]

Michael Doran, Systems Librarian Plus user information? dn:cedarid= ,cn=people,dc=uta,dc=edu objectClass: top person inetOrgPerson utaPerson cedarid: utaSSN: mail: utaDiscloseInfo: utaMiddleName: d cn: michael d doran sn: doran givenName: michael displayName: doran, michael d utaPrevAccountName: doran utaAccountName: doran uid: doranmd Example response from UTA OpenLDAP server (a “people” record)

Michael Doran, Systems Librarian Needed: Institution ID dn:cedarid= ,cn=people,dc=uta,dc=edu objectClass: top person inetOrgPerson utaPerson cedarid: utaSSN: mail: utaDiscloseInfo: utaMiddleName: d cn: michael d doran sn: doran givenName: michael displayName: doran, michael d utaPrevAccountName: doran utaAccountName: doran uid: doranmd The authenticator response needs to be parsed for a value (preferably the Institution ID) that can be used to identify that user’s Voyager patron record.

Michael Doran, Systems Librarian Standard Patron Authentication XXXDB.PATRON PATRON_ID SSAN NORMAL_LAST_NAME NORMAL_INSTITUTION_ID XXXDB.PATRON_BARCODE PATRON_ID PATRON_BARCODE Voyager Tables Authentication confirms an identity. The standard WebVoyáge login process authenticates a user by matching the user input (last name and identifier) against patron records to identify a unique patron record.

Michael Doran, Systems Librarian Authentication Adaptor Tasks Authentication Adaptor [customer-adaptor.cgi] Query external authentication system  Get “yea” or “nay” on user  Retrieve “Institution ID” If yea, insert a record into the WOPAC_PID_PATRON_KEYS table:  PID (saved from query string)  Institution ID Return control to WebVoyáge via a redirect to Pwebrecon.cgi URL appended with:  Original (saved) query string, plus  Authentication key-value pair After user credentials are submitted:

Michael Doran, Systems Librarian Provide a Unique Patron Identifier Although you’ve confirmed the user’s identity within the external system, WebVoyáge needs to be able to identify a unique patron record internal to the Voyager database. The Patron Authentication Adaptor feature is designed to use the Institution ID to match on the Voyager patron record for that user. The customer adaptor must insert that value as well as the PID value into a Voyager database table (via an SQL DML statement). cedarid: utaSSN: mail: PID value from saved query string Institution ID value from authenticator response insert into XXXDB.WOPAC_PID_PATRON_KEYS (PID, PATRON_KEY) values (‘2063',' ')

Michael Doran, Systems Librarian Authentication Adaptor Tasks Authentication Adaptor [customer-adaptor.cgi] Query external authentication system  Get “yea” or “nay” on user  Retrieve “Institution ID” If yea, insert a record into the WOPAC_PID_PATRON_KEYS table:  PID (saved from query string)  Institution ID Return control to WebVoyáge via a redirect to Pwebrecon.cgi URL appended with:  Original (saved) query string, plus  Authentication key-value pair After user credentials are submitted:

Michael Doran, Systems Librarian Adaptor to WebVoyáge Hand Off WebVoyáge [Pwebrecon.cgi] Authentication Adaptor [customer-adaptor.cgi] PAGE=pbLogonPatron&PID=2063&SEQ= &authenticate=Y “query string”

Michael Doran, Systems Librarian WebVoyáge Back on the Job WebVoyáge [Pwebrecon.cgi] PAGE=pbLogonPatron&PID=2063&SEQ= &authenticate=Y authenticate=Y A successful external authentication (“Y”) results in WebVoyáge retrieving the record inserted into the WOPAC_PID_PATRON_KEYS table by the adaptor. authenticate=N An authentication failure (“N”) results in WebVoyáge displaying an error message, and returning the user to a login screen.

Michael Doran, Systems Librarian Retrieving Unique Identifier PAGE=pbLogonPatron&PID=2063&SEQ= &authenticate=Y The query string PID value lets Voyager know which WOPAC record to retrieve. XXXDB.WOPAC_PID_PATRON_KEYS PID PATRON_KEY Voyager grabs the PATRON_KEY value for that PID and then deletes that record in the WOPAC table. WebVoyáge [Pwebrecon.cgi]

Michael Doran, Systems Librarian Looking Up Patron Record WebVoyáge [Pwebrecon.cgi] WebVoyáge compares the PATRON_KEY value with normalized Institution ID values in the patron table. XXXDB.PATRON PATRON_ID NORMAL_INSTITUTION_ID A successful match means that Voyager has identified the user, and the user can then be logged in and the requested page provided. If no match is found, WebVoyáge displays an error message and returns the user to the login screen.

Michael Doran, Systems Librarian The “Institution ID” Blues This can be a problem if: 1) Your organization doesn’t use Institution IDs and/or your library doesn’t populate that field in the Voyager PATRON table, or... 2)You have Institution IDs in the Voyager PATRON table, but the external authorization system doesn’t return an attribute containing a user’s Institution ID. The PATRON_KEY value inserted into the Voyager “WOPAC” table has to be the Institution ID since that is the field in the patron record that it will be matched against. Barcodes and social security numbers (that aren’t also Institution IDs) will not work. Systems Librarian

Michael Doran, Systems Librarian Work-Arounds Systems Librarian The bottom line is that the Institution ID field of the patron record has to be populated with unique identifiers in order to use the WebVoyáge external patron authentication feature. If your organization uses social security numbers as the de facto institution IDs, then patron update SIF files must include social security numbers in the Institution ID field in addition to the SSAN field. If the external authentication system doesn’t return the Institution ID values that you have in your Voyager patron records, but returns another unique identifier included in your patron records, it may be possible to have the authentication adaptor query Voyager for the appropriate Institution ID prior to inserting a record into the WOPAC table.

Michael Doran, Systems Librarian Ex Libris Documentation The Voyager Technical User’s Guide, Appendix C contains “WebVoyáge Patron Authentication Adaptor feature”. Note: Ex Libris has substantially revised the WebVoyáge Patron Authentication Adaptor documentation since the initial release. Always the best place to start...

Michael Doran, Systems Librarian Constructing an adaptor There are no real restrictions on the programming language used... Perl Java/JSP C/C++ Shell script whatever However... it saves a lot of work to have pre- built components/modules for: 1)parsing CGI form data, 2)interfacing with an Oracle database, and 3)interfacing with the desired authentication system.

Michael Doran, Systems Librarian Perl is a good choice CGI.pm module or cgi-lib.pl library for processing CGI forms DBI and DBD::Oracle modules for interfacing with the Voyager database Net::LDAP or Net::LDAPS modules for interfacing with an LDAP server Plus many other authentication modules available on CPAN

Michael Doran, Systems Librarian Authentication adaptors for LDAP written in Perl Flatten out the learning curve by adapting these two Perl scripts created by other Voyager customers. “Adaptor Example Source Code” A production-worthy Voyager third-party patron authentication adaptor script using Perl to query an LDAP server by Michael Doran, University of Texas at Arlington “login” An authentication script used to authenticate access to Voyager's MyOPAC [This is also a production level script, in Perl] by Steve Thomas, University of Adelaide

Michael Doran, Systems Librarian An authentication adaptor for Kerberos written in Java Or if Java is more your cup of tea, take a look at this EndUser presentation: “External Patron Authentication” EndUser 2004, Session 35 by Jeff Barnett, Gail Barnett, and Kalee Sprague, Yale University or Yale University Library developed an external patron authentication adaptor written in Java. It authenticates against a Kerberos server. For more info see:

Michael Doran, Systems Librarian Some Voyager sites using external patron authentication Columbia University Tarrant County College Monash University University of Adelaide University of British Columbia University of Texas at Arlington Washington Research Library Consortium Worcester Polytechnic Institute Yale University Get a fuller list of implementing libraries at:

Michael Doran, Systems Librarian This presentation… Creating an LDAP Patron Authentication Adaptor (using Perl) …was an overview You might also want to take a look at…

Michael Doran, Systems Librarian Any questions?