dev:proposal:openathens_integration
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
dev:proposal:openathens_integration [2019/08/30 07:25] – oajulianc | dev:proposal:openathens_integration [2022/02/10 13:34] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 30: | Line 30: | ||
There would also be a new OpenAthens logout URL within Evergreen, which would forward the user to the OpenAthens sign-out page. There would be a system-wide setting that determines whether or not this logout URL is called after OPAC logout. OpenAthens in turn can be configured to send users to any URL after logout, so this can be used to return users back to the OPAC home page after their OpenAthens session has been cleared down. | There would also be a new OpenAthens logout URL within Evergreen, which would forward the user to the OpenAthens sign-out page. There would be a system-wide setting that determines whether or not this logout URL is called after OPAC logout. OpenAthens in turn can be configured to send users to any URL after logout, so this can be used to return users back to the OPAC home page after their OpenAthens session has been cleared down. | ||
- | ==== Configuring the connection between | + | ==== Configuring the connection between Evergreen |
- | OpenAthens will provide | + | It is proposed that a connection between Evergreen and OpenAthens can be created at any level in the organisational hierarchy using library settings. This way, a connection could be created |
- | ==== Organisational hierarchy ==== | + | For each OpenAthens domain, an administrator will have access to the OpenAthens admin portal, where they can create an Evergreen connection from the OpenAthens side. This process generates a unique connection ID, access URL and API key. They then create an OpenAthens library configuration at the appropriate level within Evergreen, using these credentials. |
- | In the same way as Evergreen supports a hierarchy of regional library systems and branches, OpenAthens can be configured with an arbitrary hierarchy of virtual organisations within a consortium' | + | The OpenAthens |
- | + | ||
- | The top-level | + | |
==== User attributes and data protection ==== | ==== User attributes and data protection ==== | ||
- | The Evergreen system | + | The library |
OpenAthens requires two user attributes, but by default both would be satisfied by the numerical database id of the user account. | OpenAthens requires two user attributes, but by default both would be satisfied by the numerical database id of the user account. | ||
Line 48: | Line 46: | ||
* Display name - this is used only within the OpenAthens administrator’s portal, where administrators can view virtual accounts that have been created and how they have been used. It is not passed to third party resources. By default, this would also be populated with the numerical database id of the user account, but the system administrator could change it to use the username, or the calculated full name in the same format as displayed in Evergreen. If the chosen attribute of the user is changed in Evergreen it will also change in OpenAthens the next time they sign in, but this will not affect their personalised settings on third party resources. | * Display name - this is used only within the OpenAthens administrator’s portal, where administrators can view virtual accounts that have been created and how they have been used. It is not passed to third party resources. By default, this would also be populated with the numerical database id of the user account, but the system administrator could change it to use the username, or the calculated full name in the same format as displayed in Evergreen. If the chosen attribute of the user is changed in Evergreen it will also change in OpenAthens the next time they sign in, but this will not affect their personalised settings on third party resources. | ||
- | Other user attributes, such as first name, family name, email address, and home library would not be released by default. Each one would have a global configuration setting | + | Other user attributes, such as first name, family name, email address, and home library would not be released by default. Each one would have a flag within the library settings |
Regardless of which attributes are released from Evergreen to OpenAthens, OpenAthens will not release them onwards to third party resources unless it is also configured to do so. | Regardless of which attributes are released from Evergreen to OpenAthens, OpenAthens will not release them onwards to third party resources unless it is also configured to do so. | ||
Line 54: | Line 52: | ||
===== Proposed implementation ===== | ===== Proposed implementation ===== | ||
- | ==== Database updates ==== | + | ==== Database |
- | All OpenAthens-specific configuration settings | + | A new type of library setting |
* disable/ | * disable/ | ||
* OpenAthens API key | * OpenAthens API key | ||
Line 81: | Line 79: | ||
The proposed new URLs are: | The proposed new URLs are: | ||
- | * **/eg/opac/openathens/sso** (protected by OPAC login) - endpoint that establishes OpenAthens session. This would handle both flows (1) and (2) as described above | + | * **/ |
- | * **/ | + | * **/eg/opac/sso/ |
Neither of these would serve any content; they would only ever issue temporary redirects. | Neither of these would serve any content; they would only ever issue temporary redirects. | ||
Line 91: | Line 89: | ||
~/ | ~/ | ||
There would need to be a small set of modifications to the core of EGCatLoader.pm to: | There would need to be a small set of modifications to the core of EGCatLoader.pm to: | ||
- | | + | * route the /eg/opac/sso/ |
- | | + | * intercept the login flow to include a redirect to / |
- | * intercept the login flow to include a redirect to /eg/opac/openathens/sso if configured to do so | + | * intercept the logout flow to include a redirect to /eg/opac/sso/ |
- | * intercept the logout flow to include a redirect to / | + | |
===== Documentation ===== | ===== Documentation ===== |
dev/proposal/openathens_integration.1567164359.txt.gz · Last modified: 2022/02/10 13:34 (external edit)