1 Dec. 2004 The Hong Kong Institute of Education Library Integrating Innopac with HKIEd “Portal” Environment Ivan Chan The Hong Kong Institute of Education.

Slides:

Advertisements

Similar presentations

Using EBSCOs Search Box Builder Tool Tutorial. Would you like to promote your EBSCOhost resources by adding an easy-to-use search box to your website?

Advertisements

Cloud PIV Authentication and Authorization Demo PIV Card User Workstation Central Security Server In order to use Cloud Authentication and Authorization.

Central Authentication Service (CAS). What is CAS? JA-SIG Central Authentication Service is an enterprise level, open-source, single sign on solution.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

FI-WARE Testbed Access Control temporary solution.

- 1 - Defense Security Service Background: During the Fall of 2012 Defense Security Service will be integrating ISFD with the Identity Management (IdM)

Remote User Authentication in Digital Libraries

ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.

Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)

Portals within portals Integration of SFX and Metalib with other products Mike Gardner.

1 IAM – End User Training Guide. 2 Identity Access Management (IAM) encapsulates people, processes and products to identify and manage the data used in.

1 Pickup Anywhere overview Based on Alliance Borrowing Day presentation by Pam Mofjeld, III and OhioLINK documentation Some slides courtesy of III and.

Architecture & Integration: CP v x Platforms: Windows NT sp5(6a)/Solaris 2.8 iWS Client(s) Netscape/IE 4.0+ Java Servlet Engine (Java Servlet API)

PKI Single Sign On & Auto Provisioning Frank Siebenlist (ANL) Rachana Ananthakrishnan (ANL) Charles Bacon (ANL)

Copyright 2004 Monash University IMS5401 Web-based Systems Development Topic 2: Elements of the Web (g) Interactivity.

Reference and Instruction Automated Statistics Gathering and Reporting System Members: Patrick Chen (pyc7) Soo-Yung Cho (sc444) Gregg Herlacher (gah24)

Integrating an MLE with Voyager Paul Hudson Learning Technology Development Unit University of Hertfordshire.

Your library record in TAFECAT Using the My Account function in the library catalogue to manage your loans.

1 THE UNIVERSITY OF HONG KONG COMPUTER CENTRE Introduction to Agnes Chau Computer Centre Updated September 3, 2007.

Integration of Library Resources in the Development of the University Portal Eva Wong Run Run Shaw Library City University of Hong Kong HKIUG December.

Use of Smart Card and Patron API in CUHK Libraries

Website Development with PHP and MySQL Introduction.

The portal within the portal: electronic library services within an institutional portal environment Stephen Pinfield & Mike Gardner.

1 Using Account Status Web Service to design value-added services for your online applications Ivan Chan Media & Systems Services 8th Annual HKIUG Meeting.

Authentication Systems and Single Sign-On (SSO) David Orrell, Eduserv Athens 1st EuroCAMP, 2-4 March 2005, Turin, Italy.

Access e-Portal and Your . How to Access e-Portal for My Personal Information?

AGent Demonstration Multi-Tier Solution Presented by Auto-Graphics Pomona, CA December 8-9, 2003 Version 2.0.

Overview What are the provisioning methods used in the Australian registry system? How are these provisioning systems secured?

Smart Card Single Sign On with Access Gateway Enterprise Edition

Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

AJAX Chat Analysis and Design Rui Zhao CS SPG UCCS.

Session 11: Security with ASP.NET

RUG Australia meeting 2012 Feb 6, V Tiers & sequencing suppliers Tiers and sequencing and load balancing  Tiers = groups of suppliers.

INDIVIDUAL ACHIEVEMENT. EDUCATIONAL EXCELLENCE. ADMINISTRATIVE INNOVATION. INSTITUTIONAL PERFORMANCE. 1 Luminis and external Presented by:

Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.

University of Kentucky Proxy Service Presentation By Kelly Vickery

TNC2004 Rhodes 1 Authentication and access control in Sympa mailing list manager Serge Aumont & Olivier Salaün May 2004.

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.

COMP3121 E-Commerce Technologies Richard Henson University of Worcester November 2011.

SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.

This tip sheet focuses on the elements required to access SMART. Total Pages: 5 Accessing SMART Logging In Agency/Facility/Program Access Logging Out IGSR.

Web Authentication at Iowa Ed Hill Software Developer The University of Iowa.

authenticated networked guided environment for learning - secure integration of learning environments with digital libraries - Current.

A Community of Learning SUNGARD SUMMIT 2007 | sungardsummit.com 1 Extending SSO – CAS in Luminis Presented by: Zachary Tirrell Plymouth State University.

Opendap dev - meeting, Boulder, Feb 2007 OPeNDAP infrastructure in European Operational Oceanography T Loubrieu (IFREMER) T Jolibois (CLS)

Module 11: Securing a Microsoft ASP.NET Web Application.

Web Database Programming Week 7 Session Management & Authentication.

Integrating and Troubleshooting Citrix Access Gateway.

DataFlow Diagram – Level 0

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Copyright © 2006, Infinite Campus, Inc. All rights reserved. User Security Administration.

February, TRANSCEND SHIRO-CAS INTEGRATION ANALYSIS.

The Shaw Group Inc. WebVPN - Access Anywhere Users Manual.

How Web Database Architectures Work CPS181s April 8, 2003.

Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.

Unit-6 Handling Sessions and Cookies. Concept of Session Session values are store in server side not in user’s machine. A session is available as long.

Secure Mobile Development with NetIQ Access Manager

CERN IT Department CH-1211 Genève 23 Switzerland t Single Sign On, Identity and Access management at CERN Alex Lossent Emmanuel Ormancey,

Introduction to Terra Dotta Applications Integration with Campus Data Systems for institutions beginning their software implementation.

Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.

SlideSet #20: Input Validation and Cross-site Scripting Attacks (XSS) SY306 Web and Databases for Cyber Operations.

Single Sign-On Led by Terrice McClain, Jen Paulin, & Leighton Wingerd

CAS and Web Single Sign-on at UConn

Welcome to the 20th Anniversary of the IUG

Central Authentication Service

D Guidance 26-Jun: Would like to see a refresh of this title slide

Everything you need to know about implementing AD FS

Presentation transcript:

1 Dec The Hong Kong Institute of Education Library Integrating Innopac with HKIEd “Portal” Environment Ivan Chan The Hong Kong Institute of Education Library 1 Dec 2004 HKIUG 5, CityU

The Hong Kong Institute of Education Library 2 Agenda Project Outline Quick Snapshots Portal Integration –Single Sign On (SSO) Connector –PatronAPI Enhancements Technical Information Future Plan

The Hong Kong Institute of Education Library 3 Project Outline This project aims at: –providing Single Sign On (SSO) for HKIEd “portal” and Innopac’s patron verification –integrating patron loan information with the campus “portal” Phase 1 (July/2004) –Library PINs sync. with campus passwords Phase 2 (Dec/2004) –Patron loan records integrated with the campus “portal”

1 Dec The Hong Kong Institute of Education Library 4 Quick Snapshots

The Hong Kong Institute of Education Library 5 HKIEd “Portal” Login

The Hong Kong Institute of Education Library 6 HKIEd “Portal” Homepage Click “MyLibrary” to view loan record

The Hong Kong Institute of Education Library 7 Viewing Library Loan Records Items checked out Items on hold

The Hong Kong Institute of Education Library 8 Patron Record Integration Click on “Renew Item” to logon Innopac “View Circulation Record” automatically

1 Dec The Hong Kong Institute of Education Library 9 Portal Integration

The Hong Kong Institute of Education Library 10 Single Sign-On (SSO) Lack of interoperable standard –Examples of SSO standards Shibboleth-Architecture Draft v05 - drafted in 2002, is a “secure exchange of interoperable authorization information that can be used in access control decision making” [ shibboleth-arch-v05.html] [ shibboleth-arch-v05.html] Central Authentication Service (CAS) of Yale University - “SunGard SCT's Luminis includes in its latest version as an integrated version of the CAS server” [ SunGard SCTLuminisSunGard SCTLuminis Portal such as Luminis CPIP (campus pipeline integration protocol) technology by SCT

The Hong Kong Institute of Education Library 11 It is difficult to build the SSO solution across different legacies of WEB applications. In the project, two major tasks have been completed: –SSO Connector for patron verification –PatronAPI Enhancements to work with SSO Connector: Online Reset of PIN View Circulation Records Interface Auto-logon to Patron Circulation Records

The Hong Kong Institute of Education Library 12 Single Sign-On Connector SSO-Connector developed by IT department of the Institute It converts cookies information to library logon identity and POST the web-form to Innopac automatically LOGIN and LOGOUT are managed by the connector

The Hong Kong Institute of Education Library 13 Client Browser Username / Password Cookie Information Web Application Server LOGIN Web Page Request Cookie Normal Authentication

The Hong Kong Institute of Education Library 14 Client Browser Username / Password Cookie Information “Portal” with SSO Feature SSO Connector LOGIN Request for Circulation Record Cookie Login Identity: Name / Barcode / PIN Enhanced PatronAPI SSO-Connector Authentication Target URL Syntax: SSO Object + Target URL Circulation Record Innopac System

The Hong Kong Institute of Education Library 15 SSO Connector Syntax SSO Object Target URL EXAMPLE: The SSO syntax comprises 2 components, namely SSO Object and Target URL: SSO Object will validate the logon identity SSO Object will reject the Target URL if the portal is already logged out or timed out

1 Dec The Hong Kong Institute of Education Library 16 PatronAPI Enhancements

The Hong Kong Institute of Education Library 17 Campus “Portal” Innopac System User Enhanced PatronAPI Library Applications e.g. BI class registration 3. Patron API Enhancements A.Reset PIN online B.View circulation record C.Logon “patron” record 2. SSO Connector 1. User login (indirect access) Data Paths of Portal Integration Direct Access

The Hong Kong Institute of Education Library Reset PIN online –Interface: use secure HTTP (i.e. https) FORM posting –Processing: two phases, i.e. delete PIN and create new PIN –Campus password is synchronized with Library PIN –Same password can be used to logon Innopac patron record

The Hong Kong Institute of Education Library 19 PIN Reset Diagram HTTPS request Delete PIN Create New PIN TELNET (delete PIN) HTTP (assign new PIN) Queue DONE Innopac System OK FAIL

The Hong Kong Institute of Education Library 20 # Sample EXPECT script for deleting PIN while {1} { expect timeout { expect timeout { send_user "\nWARNING: Barcode does not exist.\n" send_user "\nWARNING: Barcode does not exist.\n" exit exit } "Choose one (I,R)*" { } "Choose one (I,R)*" { send_user "\nPIN not set.\n" send_user "\nPIN not set.\n" exit exit } "Choose one*" { } "Choose one*" { send "D" send "D" send_user "\n Remove PIN in progress.\n" send_user "\n Remove PIN in progress.\n" } "Are you sure? (y/n)*" { } "Are you sure? (y/n)*" { send "y" send "y" send_user "\n PIN removed.\n" send_user "\n PIN removed.\n" break break } "Press to continue*" { } "Press to continue*" { send_user "\n WARNING: Patron record in use.\n" send_user "\n WARNING: Patron record in use.\n" exit exit } eof { } eof { send_user "\n WARNING: Cannot delete PIN.\n" send_user "\n WARNING: Cannot delete PIN.\n" exit exit }}

The Hong Kong Institute of Education Library View circulation record Retrieve the checkout and hold records from the following URLs. - Checked out items /patroninfo/ /items /patroninfo/ /items - Item on hold /patroninfo/ /holds /patroninfo/ /holds Re-format the above pages to fit into the campus “portal” display.

The Hong Kong Institute of Education Library 22 Patron circulation records

The Hong Kong Institute of Education Library Logon patron record Extract logon identifications from the SSO Connector Redirect to Innopac “View Circulation Record”, i.e. /patroninfo/ POST the web-form automatically to Innopac

The Hong Kong Institute of Education Library 24 Patron record integration Click on “Renew Item”, SSO_Connector

1 Dec The Hong Kong Institute of Education Library 25 Technical Information

The Hong Kong Institute of Education Library 26 III PatronAPI (URL) (code: 317URL-I) Local programming required such as SSO Connector and PatronAPI Enhancements –Programming include JAVA, PHP, PERL and EXPECT scripts –MYSQL database, which is used to limit the number of concurrent TELNET connections for EXPECT script

The Hong Kong Institute of Education Library 27 Depends mainly on the campus IT infrastructure and the portal technology used

1 Dec The Hong Kong Institute of Education Library 28 Future Plan

The Hong Kong Institute of Education Library 29 Consider using ready-made SSO standards, but depends on the development trend of the campus portal Consider using Innopac’s External Patron Verification (code: 201LDAP) for LDAP authentication Improve security level of using secure HTTP (https) with PatronAPI, pending for Innopacs’ enhancement

The Hong Kong Institute of Education Library 30 Future Plans (Con’t) Integrate with other library services such as BI class registration and library materials online recommendation Utilise MyMillenninum options in supporting WAM access e.g. in wwwoptions, set “no_reverify=wam”

The Hong Kong Institute of Education Library 31 Reference From IUG 11, in San Jose, about Portal integration: III and campus pipeline, April, 2003