Paul Stainthorp Schrödinger's cataloguer

Recently Elif and I gave a workshop for our e-Library Services colleagues on EZproxy: what it is, how it works, and how we’re using it at Lincoln. Here are our workshop notes.

1. EZproxy is e-resource authentication software, provided by OCLC, which we host on a server here at Lincoln. It’s very cheap (small annual subscription cost + maintenance of the server). Our EZproxy service is at: http://proxy.library.lincoln.ac.uk/
2. It works by rewriting the URLs of e-resources, so that they go through a *.lincoln.ac.uk domain – see examples of this below. This ‘tricks’ the e-resource provider into thinking that the user is on campus (i.e. that they are within the University’s IP range). So, it only works with e-resources that are IP-authenticated.
3. EZproxy has nothing to do with OpenAthens or other kinds of federated authentication. It’s an entirely separate method of access, useful when it’s difficult or impossible to make OpenAthens work properly and consistently (e.g. via the Electronic Journals A-to-Z). However it doesn’t offer the same flexibility/personalisation as federated authentication.
4. Our EZproxy service is protected by a University secure sign-in screen. Currently this piggybacks off Blackboard authentication. It can also inherit authentication from the University Portal, as well as its own local login screen, which we’re not using. Users sign in with their standard University of Lincoln accountID and password. If the user is already logged in to Blackboard or the Portal, they will be passed through to the resource automatically and won’t have to log in again.
   
5. Once you have signed in to http://proxy.library.lincoln.ac.uk/, you’ll see a list of all the e-resource platforms that are currently set up to use EZproxy. All of these resources currently set up to use IP authentication (solely, or in addition to another method). Users won’t generally see this menu screen as they’ll usually be clicking on a link directly to a specific e-resource.
6. When we update the IP ranges that a resource provider holds on file for us, we need to include the IP address of EZproxy. Before we disclose our IP ranges to a provider, we ask them for written assurance that they will only use our IP ranges for user authentication. These details are held on file in a Portal site shared with ICT services.
7. URLs for authentication via EZproxy (from Blackboard, the A-to-Z, etc.) are generally in the form:
   • http://proxy.library.lincoln.ac.uk/login?url={URL}
8. However there’s a special URL format for links from the University Portal:
   • https://login.proxy.library.lincoln.ac.uk/login?url={URL}
9. Publishers’ URLs to e-resources which are stored in the A-to-Z/LinkSource knowledgebase are rewritten to go through EZproxy using the A-to-Z’s “proxy mask” feature (which is like a template for re-formatting URLs). Find it at Lincoln also re-formats a number of internal URLs so that users are routed via EZproxy.
10. EZproxy resolves the above URL formats into final URLs like these:
    • http://www.jstor.org.proxy.library.lincoln.ac.uk/
    • http://www.sciencedirect.com.proxy.library.lincoln.ac.uk/
    • http://www.theses.com.proxy.library.lincoln.ac.uk/
    • http://dl.acm.org.proxy.library.lincoln.ac.uk/
11. There is an admin site for maintaining EZproxy. Access to this admin site is restricted to only a few people (EV, PS, DM, TS), and the site is available on campus only. To configure EZproxy to work with each additional e-resource, we have to download a configuration text file from the admin site, and edit it to add a new database “stanza” (a short piece of configuration text).
12. There’s a general format for writing stanzas for electronic resources – in addition, some databases have additional weird requirements for stanzas (OCLC maintain a list of oddities). If all else fails, we can ask on an EZproxy mailing list, or on Twitter!
13. Once we’ve added a new stanza (or changed an existing one), we re-upload the config file, and re-start the EZproxy software from within the admin site. Then we test the new resource from off campus before creating links from the A-to-Z, etc. The admin site provides an archive of previous versions of config.txt in case we need to roll back a mistake.
14. EZproxy stores usage data (in the form server logs) – we’re not doing anything with this data at the moment, but we are looking at archiving it off to a ‘Data Warehouse’ and analysing/reporting on it within the Library. RAPTOR is a JISC-funded, free-to-use, open source software toolkit for collecting and reporting on authentication usage – Elif is writing up a report on RAPTOR.
15. Our own JISC-funded Linkey project is looking at streamlining all authentication systems including EZproxy under a joint OAuth-Microsoft UAG (Unified Access Gateway”) framework. Alex Bilbie blogs regularly about how authentication to Library resources could be served in such a framework.
16. If you have any questions about EZproxy please contact Elif or me!