10 months of my life I won’t get back :

10 months of my life
I won’t get back :
SSO implementation at
the University of
Melbourne…
Bruce Eames
AIUG 2013
•
•
•
•
Tentative discussion of SSO in the past
IT political imperative Aug 2012IT funded
Implementation
• Aimed for Dec 2012 / Jan 2013
• Millennium SSO live July 2013
Library Systems authentication pre-SSO
•
•
•
•
•
Millennium webpac – name & barcode
Ezproxy
Ebsco Discovery
Metalib / SFX / Digitool
Relais – name & barcode
Millennium SSO
• SSO server set up on VM
• Integrates with local Oracle Access Manager
Lessons for IT staff
• Project documentation complete & accurate
• Can we write our own SSO for use with
Millennium?
• 2 VMs for production & testing – but only one
SSO
• Set up VM according to the III specs
• Open ports as recommended by III
• Software Only support on VM
• Root access
Host names
• SSO server given name of Millennium server
cat.lib.unimelb.edu.au
• Millennium server renamed as
cat2.lib.unimelb.edu.au (same IP)
• New alias for Airpac
• Impacts
Patron authentication in webpac
• http://cat.lib.unimelb.edu.au
→ SSO login screen
• http://cat2.lib.unimelb.edu.au
→ native name & barcode login screen
• text
BONUS+ (InnReach)
• Alias for SSO BONUS+
• bonus.lib.unimelb.edu.au
• bonus.newcastle.edu.au
Local setup in Millennium
• Toplogo & other screens
• Wwwoptions
–
–
–
–
–
LOGOUT_REMOTE
INNREACH_REMOTE
INNREACH_REMOTE_SSL
SSO_VALID_HOSTS
PSTARTOVER, XSTARTOVER, TIMEOUT
Other lessons / impacts?
Match point in Millennium
• Student & staff id
• Padded out with **S
• Missing id numbers
• Truncated id numbers
Webpac Staff View
- use non-SSO URL
Apache logs
Questions?
Bruce Eames
[email protected]
(613) 8344 4236
© Copyright The University of Melbourne 2013