EZProxy server - WikipediaLibrary/TWLight GitHub Wiki

We have a hosted OCLC EZProxy server for user access authentication. The configuration must be updated when adding or removing proxy or bundle partners, or when moving partners between proxy and bundle authentication methods.

The repository for that server's configuration can be found at WikipediaLibrary/twlight_ezproxy.

Configuring resources

  • To configure a resource for proxy or bundle access, a database stanza must be added to ezproxy.cfg.
  • We prefer to use OCLC-provided stanzas where possible.
    • Many of the stanzas offer an optional hosted EZproxy Include File. We prefer these because hosted EZproxy customers receive automatic updates with OCLC’s latest version of this stanza.
  • We make use of EZproxy resource groups, and the Group directive is position-dependent; order matters.
    • Bundle partner stanzas should be placed after the Group BUNDLE directive, but before the next Group directive.
    • Proxy partner and stream stanzas should each have their own Group directive.
    • Partner group names should be Group Px where x is the ID of the partner in the library card platform.
    • Stream group names should be Group PxSy where x is the ID of the partner, and y is the ID of the stream in the library card platform.

ezproxy.usr provides the ticket authentication configuration for EZproxy and must also be updated when the set of bundle or proxy resources changes. You won't find it in source control, because it contains secrets. You'll need to pull the current configuration from the hosted server and edit a local copy. The file follows the following convention:

::Ticket
AcceptGroups BUNDLE+P9+P10+P11+P14+P15+P17+P19+P20+P21+P22S17+P22S18+P23+P23S7+P23S8+P23S9+P24+P27+P29+P31+P36+P37+P38+P39+P41+P42+P43+P44+P47+P48+P49+P50+P53+P55+P56+P58+P59+P60+P62+P63+P67+P69+P71+P73+P74+P75+P76+P77
SHA512 secretkey
IfUnauthenticated; Stop
/Ticket

Where the groups listed in AcceptGroups must be kept in sync with the resource groups in ezproxy.cfg. The groups can be extracted from ezproxy.cfg with a shell command, such as:

grep "^Group" ezproxy.cfg | cut -d ' ' -f 2 | tr '\n' '+' | sed 's/\+Default+//g'

Details for deploying configuration changes to the hosted service can be found in the Hosted EZproxy Self Service Guide.

Logs

Usage logs are available to TWL staff at https://wikipedialibrary.idm.oclc.org/public/admin.htm. The login details for this interface are located in 1Password.