Julien,
Try putting it after an IncludeIP statement. Then it should always require authentication.

Brian A. Helstien, SISD, MLS,
Director, Special Technologies Initiatives,
Library IT, University Libraries, x06913
University of Southern California, (213) 740-6913
Los Angeles, California, 90089 ***@usc.edu<mailto:***@usc.edu>
Information is independent of media or format

From: Julien Savoie <***@usainteanne.ca<mailto:***@usainteanne.ca>>
Reply-To: "***@ls.suny.edu<mailto:***@ls.suny.edu>" <***@ls.suny.edu<mailto:***@ls.suny.edu>>
Date: Thursday, October 9, 2014 at 1:19 PM
To: "***@ls.suny.edu<mailto:***@ls.suny.edu>" <***@ls.suny.edu<mailto:***@ls.suny.edu>>
Subject: Re: [ezproxy] EBL troubles

On 22/03/12 07:09 AM, Peter van Rees wrote:
We have the same stanza, it works here. It is important that this
stanza is above any ExcludeIP and Autologin lines in your config.txt.
This forces your users to log in to ezproxy even when they're
on-campus, which is what EBL expects.
On the issue of EBL, is simply putting the stanza above the Autologin
lines sufficient or do you have to implement selective Autologin? What
if someone visits another resource first?

Does anyone know if placing a stanza above Autologin is sufficient for
requiring authentication if the person has already been auth'ed by
Autologin?


---
You are currently subscribed to ezproxy as: ***@usc.edu<mailto:***@usc.edu>.
To unsubscribe, send request to ***@itec.suny.edu<mailto:***@itec.suny.edu>



---
You are currently subscribed to ezproxy as: gee-***@m.gmane.org.
To unsubscribe, send request to ***@itec.suny.edu

We don't define IncludeIP, and as such have an implicit IncludeIP
0.0.0.0-255.255.255.255. We are using AutoLogin, and we do not make use
of ExcludeIP since we must proxy ALL of our clients (we have multiple
campuses with different egress IP addresses).

What I'm wondering if whether or not I'm going to have to do
SelectiveAutoLogin, or if I can just put EBL above my AutoLogin lines.
At issue is if someone uses ANOTHER resource first and then tries to use
EBL. I suspect they'll be considered "logged in", and EBL will not
prompt for authentication.

Anyone have any insight into this issue? Really the proper solution
would be for EBL to not require ezproxy to individual users login, but
I'm told this is a hard requirement.



---
You are currently subscribed to ezproxy as: gee-***@m.gmane.org.
To unsubscribe, send request to ***@itec.suny.edu

Julien,

I also read OCLC's documentation on Selective AutoLoginIP
<http://oclc.org/support/services/ezproxy/documentation/example/selectiveautologinip.en.html>,
and it made me believe that this was the correct way to handle EBL. I wish
that I had first tested the simpler method of just controlling the sequence
of IncludeIP statements, so I could be certain as to whether or not it
worked, but the "Selective AutoLoginIP" method isn't terribly difficult to
implement, and after reading OCLC's docs, I believed that it was the only
way to make things work the way we needed for EBL. I can confirm that it
works as expected. We IncludeIP and AutoLoginIP our on-campus users, and
even if a user first follows one (or more) of our other proxied resource
links they are still forced to authenticate in order to later follow our
proxied EBL link.

I agree with your expectation that, without using Groups, once a user has
authenticated to any resource, they'd have a cookie that would prevent
EZproxy from prompting them to re-authenticate, regardless of the use of an
IncludeIP directive operating on the EBL stanza.

OCLC's AutoLoginIP
<http://oclc.org/support/services/ezproxy/documentation/cfg/autologinip.en.html>
documentation appears to indicate (at the very bottom of the page) that
Selective AutoLoginIP needs to be accomplished with Groups.

Sorry I can't confirm whether the non-Groups method will work or not.

Scott


Scott Salzman
Web Discovery Librarian
Furman University
---
You are currently subscribed to ezproxy as: gee-***@m.gmane.org.
To unsubscribe, send request to ***@itec.suny.edu