This blog post is an attempt to elaborate on a problem with managing on/off campus access to electronic journals at the University of Lincoln. It’s a problem which confuses a lot of our users. I hinted at the issue in an earlier blog post.
Underlying the problem is a lack of consistency in the way e-journal platform providers/publishers implement Athens/”Shibboleth” access to their content.
I think the answer to this problem is “…use EZProxy as well or instead“. (We plan to do so.) However if anyone from a ‘strong’ federated-access position can suggest a way around the problem based purely on honest, SAML-based principles, then I’m all ears!
The system we use to manage access to e-journals at the University of Lincoln is EBSCO’s electronic journals A-to-Z. Within its underlying journals knowledgebase, the A-to-Z stores a URL for each journal – here I’ll refer to that URL as A.
The A-to-Z also provides the facility—a very nice facility, as it happens—to rewrite that URL according to a set of predictable rules, generating a new URL which is a function of the original URL: in my pseudomathematical shorthand I’ll call this f(A).
EBSCO call this facility of theirs a “Proxy Server”. Now – I could be being thick, but I don’t think this is a proxy server: it’s a URL rewriting application which merely happens to be used by some libraries to redirect traffic via a URL-rewriting proxy (such as the aforementioned EZProxy); in fact it can be used to ‘mask’ any URL.
We use the so-called “Proxy Server” facility to mask the default URL, A, and instead direct the browser back to the OpenAthens authentication point for the journal provider/publisher (allowing authentication both via the UK Federation and trad. Athens), with a redirect back to the post-authentication page for the journal. We’ll call that page A′ (i.e. “A prime”). A′ permits access to the full text of the journal.
N.B. it’s only possible to do this at all if the Athens/UKAMF authentication point for the journal has a predictable structure. If A′ includes any randomly-generated or unknown elements that aren’t in A and which vary from journal to journal, then A′ can’t be generated by f(A) – so some providers rule themselves out at the first hurdle. Bonjour, most legal databases! Yeah, you know who you are…
If it isn’t possible to create an A-to-Z “Proxy Server” URL mask, then our usual fallback position is to rely on IP authentication for on-campus traffic, but to instruct the user to manually select an Athens/’my institution’-type login for off campus access. This is not ideal: it confuses off-campus users who are used to seamless on-campus access, and it requires that we create help guides—I name and shame thee, Elsevier ScienceDirect—to lead people through often terribly confusing login procedures.
There’s another complication: some journal providers, upon Athens-esque authentication from A, don’t send the user to A′. Instead, they redirect to a generic post-authentication page, D′.
This = Bad. If you do this, I… just… can’t speak to you right now.
If we don’t (or can’t) apply a URL-rewriting mask in the A-to-Z for a journal package which exhibits this awful behaviour, then we’re relegating off-campus users to a third-class service; further widening the gap between on- and off-campus behaviour. If we do apply a mask, we relegate all users to the same lack of functionality. Which compromise do we choose? We’re damaging the user experience in both cases. [Click the diagram below to embiggen.]
Finally, and for the sake of completeness, I think that this [below] would be the equivalent flowchart for EZProxy. (You can see why some libraries—and apparently their users—find it attractively simple. It also has the advantage that the ’masking’ is consistent across all or most journals, the configuration for each e-journal provider being done within EZProxy itself.)
Last word – here’s a useful page from Eduserv of Athens-authentication deep links for various e-resource providers. It may be helpful in creating masked URLs for Athens-authenticated journals.