Advanced PDS Topics. Andrew Walsh Team Lead, NA Primo Support Teams

Similar documents
Normalization Rules 1

Primo Best Practices. Andrew Walsh Team Lead, NA Primo Support Teams

Voyager Server Administration. Jesse Jensen Voyager Technical Team Lead

System Administration: Cause and Effect: Cataloging. Donna Smith Training & Implementation Consultant

Patron Directory Services Guide. Versions 1.3 & 2.x

Opening Your Content to Metasearch Services: The Bepress and Ex Libris Experience. Karen Groves MetaLib Product Manager

MetaLib+ Configuration Guide. Version 1.0

Rosetta 5.4 Service Pack Installation Guide

Dawson Shelf Ready Best Practices

SMS Proxy User s Guide

CA Single Sign-On and LDAP/AD integration

Requirements for Rosetta Installation. Version 5.x

Staff User s Guide Task Manager. Version 22

Voyager ILL 6.5 Release Notes

Requirements To complete this exercise, you will need to have a Super Admin or Admin level password to your configured Primo Sandbox Environment.

How to Install Oracle Database 10g

AppScaler SSO Active Directory Guide

System Librarian s Guide Task Manager. Version 23

How to Convert Aleph GUI Help Files from WinHelp to HTMLHelp

Requirements for ALEPH 500 Installation

Server Installation Guide

Oracle Utilities Opower Solution Extension Partner SSO

What You Need to Know About Addressing GDPR Data Subject Rights in Pivot

Primo Product Working Group Q&A Session. IGeLU 2011 Haifa

How to Configure SSL VPN Portal for Forcepoint NGFW TECHNICAL DOCUMENT

Requirements for Aleph Installation. Version 23

TIPS AND TRICKS. Johan Olivier SECURITY

Open Source in Real Life

Nimsoft Service Desk. Single Sign-On Configuration Guide. [assign the version number for your book]

Avoka Transact Reference Architectures. Version 4.0

Global Data Change. Version 8.2

METALIB VERSION 4 How to Remove MetaLib Version 3

Supporting Your Voyager Server. Managing your Voyager System Series

Oracle Utilities Opower Energy Efficiency Web Portal - Classic Single Sign-On

SecureAware Technical Whitepaper

The specifications and information in this document are subject to change without notice. Companies, names, and data used

Quick Start for Coders and Approvers

CA CloudMinder. SSO Partnership Federation Guide 1.51

Using Your Own Authentication System with ArcGIS Online. Cameron Kroeker and Gary Lee

CA SSO. Agent for Oracle PeopleSoft Release Notes. r12.51

Getting Started with VMware View View 3.1

StorageGRID Webscale NAS Bridge Management API Guide

Access Manager 3.2 Service Pack 2 IR1 resolves several previous issues.

Installation Instructions: Oracle XML DB XFILES Demonstration. An Oracle White Paper: November 2011

Oracle Learn Cloud. What s New in Release 15B

October 14, SAML 2 Quick Start Guide

CA SiteMinder Federation

Polycom RealPresence Media Manager

Oracle Hospitality MICROS Commerce Platform Release Notes Release Part Number: E December 2015

Contains the Linux Identity Server, the Linux Administration Console, the ESP-enabled SSL VPN Server, and the Traditional SSL VPN Server.

Mitel MiContact Center Enterprise WEB APPLICATIONS CONFIGURATION GUIDE. Release 9.2

Desktop Installation Guide

CA CloudMinder. SSO Partnership Federation Guide 1.53

vfire Officer App Server Installation Guide Version 1.3

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Sharepoint 2007

Primo VE - Configuration Overview. 1. Primo VE Configuration Overview. 1.1 Primo VE Overview. Notes:

April Understanding Federated Single Sign-On (SSO) Process

New Features in Primavera Professional 15.2

Oracle Communications Services Gatekeeper

Desktop Installation Guide

Ex Libris Security Incident Response Policy

One Identity Manager Administration Guide for Connecting to SharePoint

Upgrading MYOB BankLink Notes (desktop)

Web Applications Installation. version

Slack Cloud App SSO. Configuration Guide. Product Release Document Revisions Published Date

NetIQ Access Gateway for Cloud 1.0 Release Notes. 1 System Requirements. April 2012

UC for Enterprise (UCE) NEC Centralized Authentication Service (NEC CAS)

Oracle Fusion Middleware

User Scripting April 14, 2018

CA File Master Plus. Release Notes. Version

VeriSign Managed PKI for SSL and Symantec Protection Center Integration Guide

VMware AirWatch Certificate Authentication for Cisco IPSec VPN

Polycom RealConnect for Microsoft Teams

CA SiteMinder Federation Security Services

Resource Management Guide. Version 4.x

IBM Worklight V5.0.6 Getting Started

OAM Integration Kit. Version 3.0. User Guide

Best Practice Guide for Implementing VMware vcenter Site Recovery Manager 4.x with Oracle ZFS Storage Appliance

vfire 9.9 Prerequisites Guide Version 1.1

Intel Setup and Configuration Service. (Lightweight)

What s New for Cloud at Customer What's New for the Cloud Services on Oracle Cloud at Customer New Documentation for Oracle Cloud at Customer

HTTP 1.1 Web Server and Client

VSP16. Venafi Security Professional 16 Course 04 April 2016

Quest vworkspace. What s New. Version 7.5

CA SiteMinder. Federation in Your Enterprise 12.51

Cluster Server Generic Application Agent Configuration Guide - AIX, Linux, Solaris

JCo 3.0 in Web Channel 7.54

Message Manager Administrator Guide

SAML SSO Okta Identity Provider 2

bx-sfx Configuration Guide bx Version 1.0

JabberNow Release Notes

Web Applications Installation. version 12.17

Moodle. Moodle. Deployment Guide

Security Guide Release 4.0

UPGRADE TO CA PRODUCTIVITY ACCELERATOR V12

Symantec Validation & ID Protection Service. Integration Guide for Microsoft Outlook Web App

CA IdentityMinder. Glossary

opensap How-to Guide for Exercise Instructor-Led Walkthrough of SAML2 Configuration (Week 4 Unit 5)

Configuring SAML-based Single Sign-on for Informatica Web Applications

Cisco IOS HTTP Services Command Reference

Transcription:

Advanced PDS Topics Andrew Walsh Team Lead, NA Primo Support Teams andrew.walsh@exlibrisgroup.com 1

Copyright Statement All of the information and material inclusive of text, images, logos, product names is either the property of, or used with permission by Ex Libris Ltd. The information may not be distributed, modified, displayed, reproduced in whole or in part without the prior written permission of Ex Libris Ltd. TRADEMARKS Ex Libris, the Ex Libris logo, Aleph, Alma, SFX, SFXIT, MetaLib, DigiTool, Verde, Primo, Voyager, MetaSearch, MetaIndex and other Ex Libris products and services referenced herein are trademarks of Ex Libris, and may be registered in certain jurisdictions. All other product names, company names, marks and logos referenced may be trademarks of their respective owners. DISCLAIMER The information contained in this document is compiled from various sources and provided on an "AS IS" basis for general information purposes only without any representations, conditions or warranties whether express or implied, including any implied warranties of satisfactory quality, completeness, accuracy or fitness for a particular purpose. Ex Libris, its subsidiaries and related corporations ("Ex Libris Group") disclaim any and all liability for all use of this information, including losses, damages, claims or expenses any person may incur as a result of the use of this information, even if advised of the possibility of such loss or damage. Ex Libris Ltd., 2014 2

Agenda 3

Introduction Who am I? 4

A Quote 5

Agenda 6

General Notes It s Just Perl If you can do it in Perl All responses are in XML PDS does not decide It only provides information Applications use the information to decide Sessions Application Sessions PDS Sessions Any connection is done by the Application R.T.F.M. Constant improvements to the documentation For example, the diagram on page 15 (January 2015) 7

PDS Versioning Application PDS 1.3 PDS 2.0 PDS 2.1 Primo All 3.0.2+ 3.1.1+ Aleph 18.01+ 20.2.2+ 21.1+ Voyager * 8.0+ 8.1+ MetaLib 3+ 4.4+ 4.4.3+ Rosetta All 2.1.1+ 2.2+ DigiTool - 3.3+ 3.3+* 8

Agenda 9

General Notes on CAS Remote Login Only PDS redirects the user to an external system The external system is a CAS protected version of PDS Only uses [LOAD_LOGIN] (i.e. the send away service) Patron Information must come from another source CAS handled by Apache ExLibris provides an Apache Perl Module The Apache Perl Module restricts access unless provided CAS tickets Sessions Application Sessions PDS Sessions PDS Sessions CAS Sessions CAS sessions are kept in an Oracle table Logout CAS sessions can only be removed by Apache After logout from CAS you must return to PDS 10

PDS Flow CAS High Level New Application Session Send user to PDS for SSO check <<SSO>> User returns from SSO check User returns from PDS with a PDS Session <<LOAD_LOGIN>> User sent to PDS for Login User clicks Login Application requests Patron Information from PDS <<BOR_INFO>> Application gets Patron Information Authenticated Application Session with Patron Information 11

PDS Flow CAS Login CAS data from Apache? Apache CAS session in Oracle? YES NO YES NO Create PDS Session Redirect to CAS protected PDS Add ID to Apache data Direct user to CAS Pass request to PDS Save CAS session in Oracle Save ID from Apache Apache CAS session in Oracle? Add ID to Apache data Return PDS_HANDLE Pass request to PDS 12

PDS Flow CAS SSO CAS data from Apache? Direct user to CAS for SSO YES NO Signed in to CAS? Create PDS Session Redirect to CAS protected PDS NO YES Save ID from Apache Apache CAS session in Oracle? Return PDS_HANDLE YES NO Pass request to PDS Save CAS session in Oracle Add ID to Apache data Direct user to CAS for SSO Return as Guest Add ID to Apache data Pass request to PDS Pass request to PDS 13

PDS Flow CAS Logout Logout Request Redirect to [REMOTE_LOGOUT] Destroy CAS cookie CAS completes logout Apache passes the logout request to PDS Apache removes the CAS session from Oracle CAS redirects back to CAS protected PDS PDS destroys the PDS session User redirected back to calling application / [REDIRECT_LOGOUT] 14

Agenda 15

General Notes on Shibboleth Remote Login AND Patron Information PDS redirects the user to an external system The external system is a Shibboleth protected version of PDS Only uses [LOAD_LOGIN] (i.e. the send away service) Handled by Apache & Shibboleth Shibboleth software must be installed on the server The Shibboleth software restricts access unless authenticated Sessions Application Sessions PDS Sessions PDS Sessions Shibboleth Sessions Logout Shibboleth sessions can only be removed by Apache After logout from Shibboleth you must return to PDS 16

PDS Flow Shibboleth High Level New Application Session Send user to PDS for SSO check <<SSO>> User returns from SSO check User returns from PDS with a PDS Session <<LOAD_LOGIN>> User sent to PDS for Login User clicks Login Application requests Patron Information from PDS <<BOR_INFO>> Application gets Patron Information Authenticated Application Session with Patron Information 17

PDS Flow Shibboleth Login Shibboleth data from Apache? Apache Shibboleth session? YES NO YES NO Create PDS Session Redirect to Shibboleth protected PDS Add Patron Data to Apache Pass request to PDS Direct user to Shibboleth Save Shibboleth session Save Patron Data from Apache Apache Shibboleth session? Add Patron Data to Apache Return PDS_HANDLE Pass request to PDS 18

PDS Flow Shibboleth SSO Shibboleth data from Apache? Direct user to Shibboleth for SSO YES NO Signed in to Shibboleth? Create PDS Session Redirect to Shibboleth protected PDS YES NO Save Patron Data from Apache Apache Shibboleth session? Return PDS_HANDLE YES NO Pass request to PDS Save Shibboleth session Add Patron Data to Apache Direct user to Shibboleth for SSO Return as Guest Add Patron Data to Apache Pass request to PDS Pass request to PDS 19

PDS Flow Shibboleth Logout Logout Request Redirect to [REMOTE_LOGOUT] Destroy Shibboleth cookie Shibboleth completes logout Apache passes the logout request to PDS Shibboleth session removed Shibboleth redirects back to protected PDS PDS destroys the PDS session User redirected back to calling application / [REDIRECT_LOGOUT] 20

Agenda 21

PDS on Port 80 & Port 443 Not recommended Apache must be reconfigured to run as root Start/stop requires root-level access Solution Use ports 8991 and 1443 Map 80 and 443 to these high ports IP Tables Network Firewall or Load Balancer Double check how PDS and your Application call PDS 22

Port Collision One process = One port Port 80 cannot be shared Ports are specific to an IP Address Solutions SSL Second IP address (with DNS name) Layer-7 aware device 23

Port Collision Solutions SSL Application uses port 80 (mapped to its port) PDS uses port 443 (mapped to port 1443) Second IP address (with DNS name) Application uses 1.1.1.1:80 PDS uses 2.2.2.2:80 Update PDS & Application with the new DNS name Layer-7 aware device Examines HTTP request Routes request based on incoming URL Approved but not Supported 24

A word on mod-jk, Primo, & PDS History Originally setup & recommended mod-jk Ran Apache on port 80 Redirected requests to Primo or PDS based on URL Problems Poor Performance Unusual errors Down Systems 25

mod-jk is NOT approved & NOT supported 26

Agenda 27

Traditional Setup (PDS 1.3) Overview PDS runs on a single machine All Applications point to that machine Benefits Supported for all versions of PDS Centralized customization Can be configured manually (i.e. no PDS Wizard) No Multiple Domain problem Disadvantages Single point of failure Must move PDS to use a new version with an application No High Availability Patrons must re-authenticate following failure 28

PDS 1.3 Topology Rosetta PDS Software PDS Configuration Primo PDS Software PDS Configuration Aleph PDS Software PDS Configuration 29

High Availability Setup (PDS 2.0) Overview PDS runs on each Application machine All PDS configuration is in Oracle All PDS sessions are in Oracle Benefits High Availability Applications use their own version of PDS Simpler Networking Single point of failure move to Oracle Easier integration of new Applications Disadvantages Single point of failure moved to Oracle Must use PDS Configuration Wizard Customizations must be repeated on each server Multiple Domains Issue Collating logs across several servers 30

PDS 2.0 Topology Rosetta Primo PDS Software PDS Configuration PDS Software PDS Configuration Aleph PDS Software PDS Configuration PDS Configuration PDS Sessions Oracle Database 31

Agenda 32

Levels of HTML Customization 33

Customization Tricks Use Multiple Institutes for multiple login methods All HTML pages can be customized This includes those used for redirects Add or remove a cookie Add links to other login methods (i.e. another Institute) All Service Programs can be customized Change how requests are made Alter data received before mapping This is the only way to delete unwanted data Use Mapping to customize the data Mapping never deletes any data New elements can be created conditionally or unconditionally 34

Agenda 35

Additional Notes Upgrades CAS & Shibboleth configurations may not be preserved Redo the CAS or Shibboleth setup following major upgrades Multiple Domains (2.0 Topology) PDS Sessions are tied to the PDS server Therefore they are tied to a domain name SSO across domains requires PDS have a single domain Multiple PDS Institute Codes Define a default institution Ensure a PDS Institute Code exists only once Use Mapping instead of multiple PDS Institute Codes 36

Agenda 37

Resources Patron Directory Services Guide Patron Directory Services Upgrade Guide Application specific documentation 38

Thank You! Thank You! andrew.walsh@exlibrisgroup.com 39

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback