[Eril-l] Proquest EbookCentral, single signon, ezproxy - question about weird problem

Melissa Belvadi mbelvadi at upei.ca
Mon Oct 1 07:14:19 PDT 2018


Hi, all, further update for anyone experiencing a similar problem with
Proquest EbookCentral with Single Sign On.
I have both Proquest and Ezproxy support looking at this from both sides.
Two things I've learned so far:

1. The EbookCentral stanza in ezproxy config absolutely must come above any
A, E, or I directives, which is unfortunate for those of us who are trying
to keep a consistent layout to our configs with the stanzas in alpha order
below the rest of the config settings.

2. It is apparently possible for Proquest to implement SSO incompletely so
that it's partly SSO and partly patron login, which makes for a big mess
that is only noticed if multiple patrons happen to notice they're getting
the same hashed-username as other patrons. The overwhelming majority of
patrons would likely never notice this because they aren't using any of the
customization or download features that would make it apparent.


Melissa Belvadi
Collections Librarian
University of Prince Edward Island
mbelvadi at upei.ca
<http://www.google-analytics.com/collect?v=1&tid=UA-5663860-1&cid=109230&t=event&ec=email&ea=open&el=mbelvadi%40upei.ca&cs=newsletter&cm=email&cn=PLP>
 902-566-0581
my public calendar
<http://www.google.com/calendar/embed?src=mbelvadi%40upei.ca&ctz=America/Halifax&mode=week>
Make an appointment <https://mbelvadi.youcanbook.me/>




On Fri, Sep 28, 2018 at 5:26 PM, Fox, Linda J. <FoxLJ at umkc.edu> wrote:

> Probably.  I don’t have much to do with that end of things.  My
> understanding of how EZproxy works is rudimentary.
>
>
>
> When you test with the unproxied URLs, are you being prompted to log in
> when you link to Ebook Central?  For us, it doesn’t make any difference
> whether we use proxied or unproxied URLs.  The behavior is the same.  Once
> you are automatically authenticated by EZproxy, you end up using that same
> hashed identity.
>
>
>
> I did speak with the person who manages our proxy server.  He said that
> the only way to “fix” the problem and still use EZproxy is to require on
> campus users to log in just like remote users—for everything, not just
> Ebook Central.  That is something that we are not prepared to do at this
> time.  (He did mention one alternative: to set up a second proxy server
> just for Ebook Central.  The cost in dollars and in staff time to manage it
> means this is a non-starter.)
>
>
>
> Linad
>
>
>
>
>
> *From:* Melissa Belvadi <mbelvadi at upei.ca>
> *Sent:* Friday, September 28, 2018 1:54 PM
> *To:* Fox, Linda J. <FoxLJ at umkc.edu>
> *Cc:* eril-l <eril-l at lists.eril-l.org>
> *Subject:* Re: [Eril-l] Proquest EbookCentral, single signon, ezproxy -
> question about weird problem
>
>
>
> I'm guessing you are using the A directive in ezproxy to keep on-campus
> users proxied but without prompting?
>
> We had some of that on, but turned it off for our Proquest EbookCentral
> stanza as part of testing this, and it didn't seem to have any effect.
>
> Also we see the problem when we carefully text with completely unproxied
> URLs, so the proxy server stanza is playing no role at all, at least not in
> the first clicks - we have no idea what Proquest is saying/getting from our
> proxy server when they do their SSO thing.
>
>
> Melissa Belvadi
>
> Collections Librarian
>
> University of Prince Edward Island
>
> mbelvadi at upei.ca
> <http://www.google-analytics.com/collect?v=1&tid=UA-5663860-1&cid=109230&t=event&ec=email&ea=open&el=mbelvadi%40upei.ca&cs=newsletter&cm=email&cn=PLP>
>  902-566-0581
>
> my public calendar
> <http://www.google.com/calendar/embed?src=mbelvadi%40upei.ca&ctz=America/Halifax&mode=week>
>
> Make an appointment <https://mbelvadi.youcanbook.me/>
>
>
>
>
>
>
>
> On Fri, Sep 28, 2018 at 3:43 PM, Fox, Linda J. <FoxLJ at umkc.edu> wrote:
>
> Hi, Melissa,
>
>
>
> We’re seeing a problem that sounds remarkably similar to what you
> describe.  We’ve harrowed it down to a specific circumstance.  Even though
> we don’t have to proxy the links to Ebook Central, we choose to do so for
> the sake of consistency.  We can reliably trigger this behavior if we are
> logged into our campus network.  We have configured EZproxy not to prompt
> for credentials when users are on the campus network because they have
> already authenticated at that point.  So if I follow a proxied link to
> another database, say Academic Search Complete, I’m automatically “logged
> in” to the proxy server.  If I then follow a link to Ebook Central, the
> proxy server “knows” that I’ve already authenticated, and doesn’t prompt me
> for my username and password.  It instead passes along some sort of generic
> username—and like you it always seems to be the same one.  If I actually
> log out of the proxy server and then link to the same ebook, I am prompted
> to log in, and the username is different.
>
>
>
> We have been working with ProQuest on this for months, with no real
> progress.  I was just thinking about touching base with our EZproxy expert
> to where the ticket is.  If I learn anything more, I’ll pass it along.
>
>
>
> Linda
>
>
>
> Linda Fox
> Senior Library Information Specialist
> UMKC University Libraries
> Miller Nichols Library Room 304
> <https://maps.google.com/?q=Room+304+%0D%0A800+E+51&entry=gmail&source=g>
> 800 E 51 <https://maps.google.com/?q=800+E+51&entry=gmail&source=g>st
> Street
> Kansas City, MO  64110
>
> https://library.umkc.edu
> (816) 235-5290
> fax: (816) 235-5531
>
> foxlj at umkc.edu
>
>
>
>
>
>
>
> *From:* Eril-l <eril-l-bounces at lists.eril-l.org> *On Behalf Of *Melissa
> Belvadi
> *Sent:* Friday, September 28, 2018 10:18 AM
> *To:* eril-l <eril-l at lists.eril-l.org>
> *Subject:* [Eril-l] Proquest EbookCentral, single signon, ezproxy -
> question about weird problem
>
>
>
> Hi, I'm working with Proquest support on this but so far we're confused
> and I'm hoping someone else ran into this and found a solution.
>
>
>
> This would only apply if you have Proquest Ebook Central configured to use
> their Single SignOn service.  That enables users on campus to get from our
> ezproxy server (without being bothered to login) a hashed identity code so
> they can use all of the interface features of someone with an account in
> the platform, without actually making one and revealing their identity.
>
>
>
> What Proquest apparently does is talk to our proxy server, even when the
> link is not proxied and the user is on campus, to get that hashed identity
> code. The user is not prompted for a username/password in this, so I'm not
> sure how ezproxy could even be doing this.
>
>
>
> We're finding that multiple users are getting the same hashed identity.
> The way this showed up is when one staff member used up most of the
> allocation of pages that could be downloaded, and another staff member on a
> different computer accessed the same book, they saw the allocation already
> used up.  They brought it to me, where I verified on my own computer in
> three different web browsers the same problem.  You can see the problem by
> looking in settings-profile and note the same hashed-garbage username in
> all of the affected sessions throughout all those different computers and
> browsers.
>
>
>
> Have any of you seen this before and if so, did you find a solution short
> of abandoning the SSO service from Proquest?
>
>
>
> Melissa Belvadi
>
> Collections Librarian
>
> University of Prince Edward Island
>
> mbelvadi at upei.ca 902-566-0581
>
> my public calendar
> <http://www.google.com/calendar/embed?src=mbelvadi%40upei.ca&ctz=America/Halifax&mode=week>
>
> Make an appointment <https://mbelvadi.youcanbook.me/>
>
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eril-l.org/pipermail/eril-l-eril-l.org/attachments/20181001/e5193600/attachment.html>


More information about the Eril-l mailing list