SirsiDynix Web2 Single Sign-on
From EZProxyWiki
Contents |
Requirements
- EZproxy 4.0b or greater
- SirsiDynix Unicorn GL3.0 or greater
- SirsiDynix Web2 GL3.1 or greater
- Webserver running a version of PHP that supports the use of the exec command
EZproxy Configuration
The first step in using EZproxy to perform single sign-on (SSO) for SirsiDynix Web2 is to setup a configuration entry and secret key used for communicating between the webserver and EZproxy. This is accomplished by using the following line in ezproxy.cfg.
SSO -Secret=***oursecret*** -URL=http://www.example.edu/catsso.php CA1
In place of ***oursecret*** you should use a relatively secure phrase or sequence of numbers and letters. I use http://grc.com/passwords/ to generate this entry for our library. The longer the string used, the shorter the overall URL can be due to a limitation in certain browsers. The URL entry on this configuration line must be the same as the script created in step 3. The final parameter “CA1” is a unique identifier for this SSO configuration line in EZproxy and is used to generate the appropriate SSO login url.
Webserver / Web2 Configuration
Next, place the ezproxy php support library ezproxysso.php on your webserver, preferably somewhere in the php include path. This file can be downloaded from OCLC at http://www.oclc.org/us/en/support/documentation/ezproxy/usr/sso/phpsso.tar
You will now need to create a wrapper script for tramp2.exe that handles triggering the SSO attempt. I have included 'catalogsso.php' as an example that has been working for us. Your mileage may vary.
Now change the HTML in Web2 that would normally be used to access the 'MyAccount_Intro.html' page to instead point to your SSO php page.
catalog.sso
<?php
start_session();
/* By using the php session variable, you can store the user name in the php session and then have it available to other php pages w/o requiring additional logins. */
require("ezproxysso.php");
/* Create new EZ Proxy SSO Object */
$EZproxySSO = new EZproxySSO(
'***oursecret***', 'https://ezproxy.example.com/sso/CA1');
if (! $EZproxySSO->valid()) {
if ($EZproxySSO->expired()) {
header ("Location: " .$_SERVER['PHP_SELF']);
} else {
header ("Location: http://www.example.com/catalog/");
}
exit();
}
/* uppercase the username so it will match our patron database */
$user = strtoupper($EZproxySSO->user());
/* At this point you can save the user name to the PHP session for later use */
/* Setup the environment variables needed by web2 */
putenv('SERVER_NAME='. $_SERVER['SERVER_NAME']);
putenv('SERVER_PORT='. $_SERVER['SERVER_PORT']);
putenv('SERVER_PROTOCOL='. $_SERVER['SERVER_PROTOCOL']);
putenv('GATEWAY_INTERFACE='. $_SERVER['GATEWAY_INTERFACE']);
putenv('REQUEST_METHOD='. $_SERVER['REQUEST_METHOD']);
putenv('WEB2_REMOTE_USER=REMOTE_USER');
putenv('REMOTE_USER='. $user);
putenv('PATH_INFO=/websso');
putenv('SCRIPT_NAME=/web2/tramp2.exe');
/* The following line (after QUERY_STRING=) should be customized to fit your Web2 environment */
putenv('QUERY_STRING=setting_key=English&servers=1home&screen=MyAccount_Intro.html&fail_screen=MyAccount_Intro.html');
/* Call TRAMP2 and place the resulting output into $return_array */
unset($return_array);
exec('c:\SirsiWeb2\Web2\cgibin\tramp2.exe', $return_array, $return_val);
$skip = 1;
/* Display the output, skipping the headers output by ''tramp2.exe'', PHP has already generated headers due to start_session */
while (list($key, $value) = each($return_array)) {
if ($skip == 1) {
$skip=0;
} else {
echo $value . "\n";
}
}
?>
Unicorn Changes
Now, as long as you have populated the “WEB AUTH ID” field in Unicorn with the same login information used by EZproxy for authentication, your patrons should be able to login to their Web2 account automatically by using EZproxy. In the case of the original author's institution, the patron's login name in LDAP was placed in the WEB AUTH ID field.
John Wohlers - Waubonsee Community College 14:24, 23 February 2007 (EST)
