Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This sections gathers all required information to try out and hands on experience on the pilots provided by AARC SA1

 

Scenario A] FEDERATED USER

a USER, provided with FEDERATED ID,

firstly logs in the institution EZproxy and, if succesfully authenticated,  gets 1. a SSO session and 2. a shielded access masked with the IP addreess of the proxy.

When she accesses

-> A.1] a FEDERATED RESOURCE, by means of SAML SSO session, she gets access to the resource with SAML authentication;

-> A.2] a NOT FEDERATED RESOURCE restricted to authorised IPs, by means of REWRITING properties of the proxy she gets access to the resource because she's authorized having the IP address of the proxy.

 

The USER: you with your federated credential

EZproxy is the portal:The EZproxy portal is: https://ezproxy.fi.infn.it/

The federated resource is: https://sp24-test.garr.it/i...

...

  1. Login to EXproxy portal with your federated ID:
  2. Choose FR https://sp24-test.garr.it/i...
    1. note the URL on the address bar of the browser. Your SAML SSO session is active
  3. Choose NFR https://sp24-test.garr.it/i...
    1. note the URL on the address bar of the browser. You are permitted to access thanks to the rewriting rule of the proxy

 

Scenario B] NOT FEDERATED USER

in this case the user is not provided with Federated access and is permitted via her IP address.

  1. login to "Local access to Library services:" in order to get the local IP address of the proxy
  2. Choose FR https://sp24-test.garr.it/i...
    1. note the URL on the address bar of the browser. Your SAML SSO session is active

...

  1. Choose NFR https://sp24-test.garr.it/i...
    1. note the URL on the address bar of the browser. You are permitted to access thanks to the rewriting rule of the proxy

 

Benefts

  1. A user use only one unified method of authentication to access both federated and not federated resources

...

  1. For each resource the Library logs the access in a unified way. If a Resource is federated, only federated access will be allowed, and  IP based auth wont be permitted anymore. If a Resource is not federated, the user gets the access via IP address auth, and the proxy will log the access o that resource in this way.