RemoteAuth: Transitioning to the SAML Module from EZproxy

Print Friendly and PDF Follow

Testing Instructions

When a site is transitioning from using EZproxy to using the SAML module for remote authentication, the following steps should be completed by the site and hosting provider to successfully test the module during the configuration process:

  1. When configuring the RemoteAuthValidation table (RAV table) prior to configuring the SAML module, the site should create entries for all ILLiad fields that will be used with the module except for the Username field: 
    • The existing Username entry in this table that is configured for EZproxy should be kept until ready to enable the SAML module and conduct testing (Note: This entry will have an ILLiadFieldName of Username and a RemoteFieldName of HTTP_REMOTE_USER
    • Set the InvalidAction to ignore for the newly added fields so as not to interfere with EZproxy while the RAV table is configured. See example below:

    EZProxy_Username_and_SAML_Module_attributes.png

  2. Hosting provider and local staff work to complete the rest of the necessary steps to configure the SAML Module according to the documentation
  3. Once the SAML module is configured and the hosting provider and site are ready to fully enable the module for testing, write down the settings for ILLiad Username field entry in the RAV table that is used with EZproxy so that it can be readded later if needed, then delete this entry from the table 
  4. Create a new entry for the ILLiad Username field in the RAV table that will be used with the SAML module (note that the RemoteFieldName value for this entry may very based on IdP), see example below:

    IDP_Username.png

  5. Enable the SAML module and conduct testing
  6. After testing, if the site is not ready to go live with the SAML module, delete the entry for the ILLiad Username in the RAV table that was added for use with the module in step 4
    • Additionally, make sure other ILLiad fields entered into the RAV Table have the InvalidAction set to ignore as setting the InvalidAction to reject will interfere with EZproxy authentication
  7. Recreate the RAV table entry for the ILLiad Username field that was used with EZproxy and that was deleted in step 3. See example below:

    SAML_Module_attributes_with_EZProxy_Username.png

  8. Disable the SAML module until the site is ready to go live
  9. When ready to go live, delete the entry in the RAV table for ILLiad Username field used with EZproxy and recreate the entry for this field that will be used with the SAML module
  10. Follow the usual process for enabling the SAML module 

Additional Changes

The following settings/configurations will also need to be changed when transitioning from EZproxy to the SAML module for remote authentication:

Customization Keys

The UserLegacyRemoteAuthHandling customization key in the ILLiad Customization Manager should be set to Yes for EZproxy and set to No for the SAML module. Ensure that this key is set properly when toggling between EZproxy and SAML module authentication during testing/going live.

Catalog and OpenURL Links

Once ready to go live, the site will need to change all URLs containing the EZproxy prefix to the URL that is used with the new SAML module. This change can usually be made simply by removing the EZproxy prefix from the existing URL in all instances where it is used (for example, OpenURL links and links within the library catalog). 

Questions?

If this article didn’t resolve your issue, please contact Atlas Support for assistance:

Contact Support