EZProxy + openidp

103 views
Skip to first unread message

Edu Hackenitz

unread,
Feb 3, 2012, 8:39:01 AM2/3/12
to simpleSAMLphp
Hi,

Does somebody has tried to connect the OCLC product EZProxy on Feide
OpenIdP just for testpurpose ?
I think it should be possible but I'm not sure.
I just followed the instructions on http://www.oclc.org/support/documentation/ezproxy/usr/shibboleth.htm
and I have already passed the screen where you must agree with the
release of attributes. Unfortunately the ezproxy says 'Inter-
institutional access failure. Please contact your system administrator
for assistance."
I will contact OCLC on this issue but if there's a succesfull demo of
ezproxy+feide openidp it would like to know.

Peter Schober

unread,
Feb 3, 2012, 10:27:09 AM2/3/12
to simpleSAMLphp
* Edu Hackenitz <e.hac...@uu.nl> [2012-02-03 14:39]:

> I just followed the instructions on
> http://www.oclc.org/support/documentation/ezproxy/usr/shibboleth.htm
> and I have already passed the screen where you must agree with the
> release of attributes. Unfortunately the ezproxy says 'Inter-
> institutional access failure. Please contact your system
> administrator for assistance."

Did you look at your ezproxy log files?
What's the relevant configuration from config.txt and user.txt you
tried?
-peter

Fog

unread,
Feb 3, 2012, 10:36:10 AM2/3/12
to simpleSAMLphp
There's only one crypted error in the (very verbose) ezproxy log :
2012-02-03 16:30:19 000008D8 0000000F xmlsec start node not found

This is the config relevant part
ShibbolethDisable 1.3
ShibbolethMetadata \
-EntityID=https://proxy-dev.library.uu.nl \
-File=ubu-metadata.xml \
-Cert=1 \
-URL=https://openidp.feide.no/simplesaml/saml2/idp/metadata.php

And the relevant user part
::Shibboleth
If login:auth eq "shibboleth";
IDP20 https://openidp.feide.no
/Shibboleth


On Feb 3, 4:27 pm, Peter Schober <peter.scho...@univie.ac.at> wrote:
> * Edu Hackenitz <e.hacken...@uu.nl> [2012-02-03 14:39]:

Peter Schober

unread,
Feb 3, 2012, 10:42:12 AM2/3/12
to simpleSAMLphp
* Fog <fogwa...@gmail.com> [2012-02-03 16:36]:

> There's only one crypted error in the (very verbose) ezproxy log :
> 2012-02-03 16:30:19 000008D8 0000000F xmlsec start node not found

Well, if you have a rather specific error message then it's probably
best to ask OCLC about it (which you did, AIUI).
You did search for the exact error message, did you?
I'm asking because there are a couple of results, some even from this
list.
-peter

Peter Schober

unread,
Feb 3, 2012, 10:46:57 AM2/3/12
to simpleSAMLphp
* Peter Schober <peter....@univie.ac.at> [2012-02-03 16:42]:

> You did search for the exact error message, did you?

One of those mentions "ezProxy only accepts signed responses and
encrypted assertions" (which may or may not be correct today), so that
might be worth checking (not that you'd be able to change
openidp.feide.no's behaviour).
https://lists.internet2.edu/sympa/arc/shibboleth-users/2010-08/msg00171.html
-peter

Edu Hackenitz

unread,
Feb 3, 2012, 11:07:06 AM2/3/12
to simpleSAMLphp
I did notice several other issues on the net with this exact
errormessage.
One that comes very close is
http://shibboleth.1660669.n2.nabble.com/redirect-from-IdP-back-to-ezproxy-fails-inter-institutional-access-failure-td5389230.html
But that would lead to a situation where one should alter the feide
openidp which is not possible.
So perhaps it is not possible at all to use Ezproxy with feide openidp
in a demo setup....







On 3 feb, 16:46, Peter Schober <peter.scho...@univie.ac.at> wrote:
> * Peter Schober <peter.scho...@univie.ac.at> [2012-02-03 16:42]:
> openidp.feide.no's behaviour).https://lists.internet2.edu/sympa/arc/shibboleth-users/2010-08/msg001...
> -peter

Peter Schober

unread,
Feb 4, 2012, 1:36:59 PM2/4/12
to simpleSAMLphp
* Edu Hackenitz <e.hac...@uu.nl> [2012-02-03 17:07]:

> I did notice several other issues on the net with this exact
> errormessage.
> One that comes very close is
> http://shibboleth.1660669.n2.nabble.com/redirect-from-IdP-back-to-ezproxy-fails-inter-institutional-access-failure-td5389230.html
> But that would lead to a situation where one should alter the feide
> openidp which is not possible.
> So perhaps it is not possible at all to use Ezproxy with feide openidp
> in a demo setup....

Well, without knowing the exact reason for the error (i.e., something
you must discuss with the vendor) this is all just speculation.
-peter

Peter Schober

unread,
Feb 4, 2012, 3:58:10 PM2/4/12
to simpleSAMLphp
* Edu Hackenitz <e.hac...@uu.nl> [2012-02-03 17:07]:

> So perhaps it is not possible at all to use Ezproxy with feide
> openidp in a demo setup....

Also it should go without saying that you can always install your own
and configure it any way you like it.
-peter

Reply all
Reply to author
Forward
0 new messages