10 months of my life I won’t get back : SSO implementation at the University of Melbourne… Bruce Eames AIUG 2013 • • • • Tentative discussion of SSO in the past IT political imperative Aug 2012IT funded Implementation • Aimed for Dec 2012 / Jan 2013 • Millennium SSO live July 2013 Library Systems authentication pre-SSO • • • • • Millennium webpac – name & barcode Ezproxy Ebsco Discovery Metalib / SFX / Digitool Relais – name & barcode Millennium SSO • SSO server set up on VM • Integrates with local Oracle Access Manager Lessons for IT staff • Project documentation complete & accurate • Can we write our own SSO for use with Millennium? • 2 VMs for production & testing – but only one SSO • Set up VM according to the III specs • Open ports as recommended by III • Software Only support on VM • Root access Host names • SSO server given name of Millennium server cat.lib.unimelb.edu.au • Millennium server renamed as cat2.lib.unimelb.edu.au (same IP) • New alias for Airpac • Impacts Patron authentication in webpac • http://cat.lib.unimelb.edu.au → SSO login screen • http://cat2.lib.unimelb.edu.au → native name & barcode login screen • text BONUS+ (InnReach) • Alias for SSO BONUS+ • bonus.lib.unimelb.edu.au • bonus.newcastle.edu.au Local setup in Millennium • Toplogo & other screens • Wwwoptions – – – – – LOGOUT_REMOTE INNREACH_REMOTE INNREACH_REMOTE_SSL SSO_VALID_HOSTS PSTARTOVER, XSTARTOVER, TIMEOUT Other lessons / impacts? Match point in Millennium • Student & staff id • Padded out with **S • Missing id numbers • Truncated id numbers Webpac Staff View - use non-SSO URL Apache logs Questions? Bruce Eames [email protected] (613) 8344 4236 © Copyright The University of Melbourne 2013