AUTHENTICATION FOR ALL LIBRARY SYSTEMS
Within the Library Systems, authentication and
authorization are provided for
- borrowing/renewal of books inside the Sirsi system,
- document delivery via the DDS webform,
- the room Booking system,
- EZProxy access to remote databases (including
access controlled by login/password,
- Allectra, and
- document ordering via GODOT (through SFU)
Note: earlier special case remote access programs (dbauth by R. Johnson;
eureka_idcheck.cgi and eureka_valid.cgi by Reshma Moledina) are no
longer in use. Eureka.pl is in use, but does not call up authentication.
- AUTHENTICATION: depends on user having a Sirsi
borrower record, barcode and Pin.
- AUTHORIZATION: depends on user's profile in the Sirsi
borrower record, and an expiry date which has not yet been reached.
The following Sirsi Profiles are passed through the
authentication process:
Academic, Blocknew, Blockrep, Gradstudt, Honours,
Retired, Suppstaff, Disted, Distgrad and Undergrad.
All others are rejected as invalid profiles for purposes
of authentication.
THE MECHANISM
- Within Sirsi the ability to borrow and renew depend
solely on information in the Sirsi borrower record. The record also
defines which level of privileges are given. e.g. HONOURS profiles get term
loans but UNDERGRAD do not.
- The general mechanism is that the application runs a
program called libraryuser which issues a call to a program on the Sirsi
server, called verify_library_user. This passes back either "YES" and
a string that includes the profile, delinquency status, department and expiry
date or "NO" and one of several error messages (Invalid/Missing User ID|
Invalid User Pin|Invalid User Profile|System Error|Invalid Expiry Date|
Expiry Date has been exceeded) to the calling application.
- The DDS form program also calls the Oracle tables
because it needs information to populate the form with user information.
- Allectra runs reserve_auth. After it receives a
valid response from verifyuser, it does a call to Oracle, sending the
barcode, to get the aix username, which is then used to call the LDAP server
to get information about course registrations.
- For remote databases EZProxy is now used to
authenticate off-campus users. (On-campus IP's are passed through without
the need for users to sign on.) Off-campus access is provided by way
of the 856's in Bibliographic Records and through direct links from the
Library web pages.
A file called ezproxy.cfg is maintained by Eric Tull on the server
ezproxy.lib.ucalgary.ca. This file includes the configurations for each vendor's
products. This file can be viewed
here. The EZProxy authentication string
has been appended (by way of a program written by Nella Lall) to the front of every
856 in the catalogue. The string is http://ezproxy.lib.ucalgary.ca:2048/login?url=
THE SIRSI BORROWER DATABASE
- The database is populated whenever a new user gets a
campus ID card and is entered into the campusID system. Within 5
minutes a message is sent to the Sirsi server, and a new borrower record is
created with these fields: UserID#, Name, Addresses (home and local), User
profile of BLOCKNEW, Expiry date of 8/31/yyyy (following year) except
Retired, whose expiry date is NEVER, Dept (faculty), User access PUBLIC,
Environment PUBLIC and PIN = Student ID# without the leading zeroes.
- The new user must go to the circulation desk to have
their User Profile of BLOCKNEW changed to whatever is appropriate after the
staff check that their address is correct. Until that is done they can
not borrow books, BUT they CAN use remote databases, Allectra, room bookings
and DDS forms.
- QUESTION: since users who leave the university do not
routinely have their borrower records removed from the system, we need to
know if EZProxy can block them if the expiry dates on their records have
passed. Students who have WITHDRAWN may be blocked but those who
graduate or fail to register for the next term may not be. Requires
investigation.
AUTHENTICATION ON ALLECTRA
1. FOR ANYONE LOGGING IN TO ALLECTRA WITH THEIR CAMPUS CARD AND PIN:
Whatever the SIRSI User Profile that gets passed through reserve_auth is, the
end result for authentication in Allectra is only either Yes or No:
either you are registered in the course for this reading or you aren’t, and
therefore either you can read the document or you can’t.
It makes NO difference which of these profiles the user has as long as it's
one of them: Academic, Blocknew, Blockrep, Gradstudt, Honours, Libstaff,
Retired, Suppstaff and Undergrad.
No privileges other than reading documents for a course are granted to anyone
who logs in with their campus card ID and PIN.
2. FOR ANYONE LOGGING IN TO ALLECTRA WITH THEIR INTERNAL USERNAME AND
PASSWORD:
There will be four kinds of Allectra Internal Users who have the following
privileges.
Student: Can access documents only for the course that we link this login to. Is meant to be used only for someone who is having
difficulty with their campus card and we need time to sort out their
problem. This internal user record should be deleted once their problem is
solved OR used for all students in a course where the institution has no
central authentication system.
Instructor: Can access documents only for the course(s) that we
link this login to, and also
Can use Reports
This login is needed because instructors are not registered in the
courses they teach.
Reserve staff: Can see all documents (if they login), can use reports, can use the admin page to do all their work. (The internal name
for this is ‘reserve’)
Administrator: Can do all of the above, PLUS use admin2 for more
secure
activities like adding internal users.
All these extra privileges are only available to someone who logs in with an
internal Allectra login and password.
This page maintained by
Linda Pearce. Last updated April 23,2002.