Hi
I can only speak for the development bit. Our situation was that our we have two library catalogue websites, both on the same domain, and we wanted to auto-login our users to the Reader section of the appropriate (to manage loans etc, based on which college campus they're at) from one login. Here's what I setup:
- Shibboleth SP software on the windows server hosting the web pages (piece of cake)
- A folder within the catalogue sites folder, which also happens to be the entity ID of the service (e.g. https://opac.hull-college.ac.uk/secure/)
- A script within the above folder, which checks if they have a shibboleth session first THEN looks at their username, and also receives their orgUnitDN attribute value so we know which college site they're based at and therefore which library catalogue site to send them to (the two sites are at opposite ends of Yorkshire)
You CAN do it without putting the SP in the federation, but that makes setting up the IdP end harder - though it does mean that no other institution IdP can access it. So if you register that SP with the federation, you can just use your usual attribute-release method. We have ours setup to release certain attributes to ALL SPs within the UK Federation, but certain other resources require other attributes which we define per entity.
Hopefully that makes sense!
Dave
David Perry
eContent Developer, eLearning Team (L34 - Library)
Hull College
Wilberforce Drive
Queen's Gardens, Hull
HU1 3DG
Extension 2230 / Direct Dial: 01482 381930
* * * Think about the environment - Do you really need to print this email?>>> Illtud Daniel <[log in to unmask]> 26/06/2012 10:40 >>>
Hi,
At the National Library of Wales, we've got a hosted
cross-searching service (Summon by SerialSolutions) available
here:
http://llgc.summon.serialssolutions.com/search?s.q=
If you've logged into Shibboleth, you get a pretty seamless
experience, clicking through to the content you've discovered.
If you're not, users can get pretty lost.
Serialsolutions recommend ezproxy as the solution to this, and
that we proxy our logged-in users' access to the hosted search,
as their interface can easily detect whether a user is coming
from our proxyied or internal IPs, and if they're not (ie,
they're not logged into ezproxy) a banner can pop up advising
them to log in.
I'm not sold on ezproxy as a technical solution (I think it's
a good product, we have an installation to support the few
e-resources that we use that still haven't moved to shibboleth)
but I think it's a hack, when we have federated identitiy
management services in place that work fine with 90% of the
e-resources we offer.
But, the user experience in our particular setup isn't great.
So here's my questions:
* Anybody have a similar setup with shibboleth and how do you
manage it?
* what would it take for serialsolutions to be able to implement
a similar banner that detects whether the user has a shibboleth
session in place. I'm presuming they'd need to be an SP in
the UK Federation, but how much development would it be to just
implement the session detection? Anybody done something similar?
Hope I explained that well enough.
Thanks.
--
Illtud Daniel [log in to unmask]
Pennaeth TGCh Head of ICT
Llyfrgell Genedlaethol Cymru National Library of Wales
**********************************************************************
This message is sent in confidence for the addressee
only. It may contain confidential or sensitive
information. The contents are not to be disclosed
to anyone other than the addressee. Unauthorised
recipients are requested to preserve this
confidentiality and to advise us of any errors in
transmission. Any views expressed in this message
are solely the views of the individual and do not
represent the views of the College. Nothing in this
message should be construed as creating a contract.
Hull College owns the email infrastructure, including the contents.
Hull College is committed to sustainability, please reflect before printing this email.
**********************************************************************
|