>>I'd be curious as to whether this flow would work thru the gateways.
>>
>any chance of seeing the flow details Steven?
>
3. User clicks OPENURL button, gets redirected to SFX
server at their home campus.
4. SFX server provides user with a menu of choices for
accessing the resource; user selects "view online" option. SFX server
prepends EZproxy prefix, and redirects user to local EZProxy server,
passing eventual target url and parameters to access a single article
within that target ("the deep link")
5. IF the resource is Shibboleth-protected, EZProxy
should redirect the user to a SessionInitiator at the SP along with a
providerId parameter telling it which IdP to use, and a parameter
containing the deep link url. This will bypass all WAYF processing.
The SP will use the providerId parameter to search the Federation
metadata for the appropriate entry, and to choose an appropriate
protocol to use when communicating with the user's campus IdP. The SP
will redirect the browser user to their IdP for authentication,
passing along the deep link as the eventual target.
If the deep link url looked like this: (yes, I know this isn't an
OpenURL style url, but its what I have):
http://search.ebscohost.com/login.aspx?direct=true&db=f5h&AN=21033587&site=ehost-live
it would be transformed by EZProxy to (something like this):
http://search.ebscohost.com/Login?providerId=urn:mace:incommon:osu.edu&target=http://search.ebscohost.com/login.aspx?direct=true&db=f5h&AN=21033587&site=ehost-live
6. When the user arrives at their IdP.... if they have
previously authenticated, then they are immediately redirected back
to the "deep link" target. If they have not yet authenticated, then
the normal authentication process proceeds, and they are then
redirected back to the deep link url.
|