Table of Contents |
---|
This sections gathers all required information to try out and hands on experience on the pilots provided by AARC SA1
...
Introduction
Hybrid Authentication is an operational scenarios many libraries are currently involved in: online publishers resources can be accessed both via IP based authentication and through a Web Single-Sign-On Session
Demonstration Portal
Workflow
For federated users
For non-federated users
Components
Benefits
Demo Video
https://drive.google.com/open?id=0B6nLU4k7ZZvfUjNhNHdKYkNHTmc
Transcript Transcript https://drive.google.com/open?id=0B6nLU4k7ZZvfU3lNalN2Q2JsYzA
Scenario A
...
FEDERATED USER
a USER, provided with FEDERATED ID,
...
The federated resource is: DOGS https://sp24-test.garr.it/dogs-101.html (Access protected by SAML SSO authentication)
The not federated resource is: CATS https://sp24-test.garr.it/cats-101.html (Access forbidden, access permitted only through authorised IPs)
...
- Login to EZproxy portal with your federated ID:
- choose your IdP (if not listed, ask to idem-help@garr.it to add your IdP to IDEM test federation for the purpose of this test)
- login with your home organisation credentials
- Choose the Federated Resource Dogs 101 (redirection to SSO) (note the URL http://ezproxy.fi.infn.it/login?url=https://sp24-test.garr.it/dogs-101.html )
- after click, note the URL on the address bar of the browser https://sp24-test.garr.it/dogs-101.html . Your SAML SSO session is active and the paxe isn't proxed.
- after click, note the URL on the address bar of the browser https://sp24-test.garr.it/dogs-101.html . Your SAML SSO session is active and the paxe isn't proxed.
- Choose the Not Federated Resource Cats 101 (via proxy) (note the URL http://ezproxy.fi.infn.it/login?url=https://sp24-test.garr.it/cats-101.html )
- after click, note the URL on the address bar of the browser https://sp24-test-garr-it.ezproxy.fi.infn.it/cats-101.html . You are permitted to access thanks to the rewriting rule of the proxy.
...
- A user use only one unified method of authentication to access both federated and not federated resources
- For each resource the Library logs the access in a unified way. If a Resource is federated, only federated access will be allowed, and IP based auth wont be permitted anymore. If a Resource is not federated, the user gets the access via IP address auth, and the proxy will log the access o that resource in this way.
DOGS https://sp24-test.garr.it/dogs-101.html