EZProxy and DSpace IP auth

259 views
Skip to first unread message

Hill,Ed

unread,
Nov 13, 2023, 1:24:44 PM11/13/23
to DSpace Technical Support
Hi folks,

Pre-amble: we are running DSpace 7.5, pretty standard configurations.

We have some collections that have IP auth configured in that we assign a group based on IP address and that group gets READ access to certain things Anonymous users don't. This works as expected when the user is physically present on the campus network.

We also have a very basic EZProxy stanza for our DSpace that only proxies the front end because we just get 500 errors when trying to proxy the backend, and best I can tell that's mostly CORS errors.

The group permissions are not being applied as expected so authorized users are not being allowed to view content. From looking at the network calls, it looks like the calls for authorization are happening client-side and coming from the client's IP rather than the EZProxy IP since it's hitting the backend.

Does anybody have a working EZProxy stanza that works for IP-based group assignment, or an idea otherwise that might allow for off-campus access to IP-bound items?

I'm happy to provide more specific information, but logs have not been super helpful here either and have very little in them I have found pointing to this situation.

Thanks,

Ed Hill 

Pronouns: He/Him  (pronoun statement) 

Developer and Applications Administrator 

(970) 491-3197 

Colorado State University Libraries 

 


DSpace Technical Support

unread,
Nov 16, 2023, 12:23:04 PM11/16/23
to DSpace Technical Support
Hi Ed,

While I'm not 100% certain, this *might* be related to some issues with Proxies (in general) that we've seen in this ticket: https://github.com/DSpace/DSpace/issues/8603 

The DSpace 7 backend is *supposed* to be handling proxies properly...but we've had similar issues reported in different features. We have a service provider looking into this (Arvo Consultores).  

I'm not certain though if this is the same thing happening on the IPAuth side or not yet. So, I'm hoping that others using EZProxy can report back here to let us know if they are seeing similar behavior or not.

Tim
 

Fitchett, Deborah

unread,
Nov 19, 2023, 10:22:31 PM11/19/23
to DSpace Technical Support

Kia ora,

 

We attempted using EZproxy in combination with IPAuth on DSpace 7.6 a couple of months back and it didn’t work. A very quick test today though did seem to work – not sure what changed!

 

In my quick test I did get a 500 error when downloading a bitstream – but it also went ahead and downloaded the bitstream, so not sure what that was about.

 

Happy to do a bit more testing but as we’re hosted we may not be able to provide a lot of detail from logs etc.

 

Deborah

 

From: DSpace Technical Support <dspac...@googlegroups.com>
Sent: Friday, November 17, 2023 6:23 AM
To: DSpace Technical Support <dspac...@googlegroups.com>
Subject: [dspace-tech] Re: EZProxy and DSpace IP auth

 

Caution: This email originated from outside our organisation. Do not click links or open attachments unless you recognize the sender and know the content is safe.

 

--
All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
---
You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/3fd5faf9-42ea-4701-8412-e112e9a0db22n%40googlegroups.com.



"The contents of this e-mail (including any attachments) may be confidential and/or subject to copyright. Any unauthorised use, distribution, or copying of the contents is expressly prohibited. If you have received this e-mail in error, please advise the sender by return e-mail or telephone and then delete this e-mail together with all attachments from your system."

Tom Misilo

unread,
Mar 7, 2024, 7:39:56 PM3/7/24
to DSpace Technical Support
Deborah, just curious what your ezproxy stanza looks like and if you had to make any changes on the DSpace side of things?

Fitchett, Deborah

unread,
Mar 20, 2024, 5:42:54 PM3/20/24
to Tom Misilo, DSpace Technical Support

Okay so for a fun wrinkle:

If I load a restricted item via EZproxy in an incognito browser window, then the bitstream initially appears without the ‘padlock’ icon. If I click the bitstream link in that time then the file downloads.

 

But if I instead wait for 5-10 seconds (or if I did the above and then hit the browser back button to get back to the item page) now the ‘padlock’ appears. Then if I click the bitstream link, it takes me to the login page instead.

 

(The length of time may be shorter for you – we’ve been having speed/performance issues ever since moving to v7.4.)

 

We never made any changes on the DSpace side except to allow the IP address for the EZproxy server.

 

Our stanza is just a basic title/url/dj one. Because I don’t know what’s causing the problem, I haven’t been able to identify what (if anything) would solve it.

 

My bet is something-something-API-shenanigans. To be honest, there are days I miss DSpace 5. But ultimately this particular functionality is low priority for me, I was originally only poking at it in the hope of troubleshooting something else.

 

Deborah

 

 

From: dspac...@googlegroups.com <dspac...@googlegroups.com> On Behalf Of Tom Misilo


Sent: Friday, March 8, 2024 1:40 PM
To: DSpace Technical Support <dspac...@googlegroups.com>

Subject: Re: [dspace-tech] Re: EZProxy and DSpace IP auth

 

You don't often get email from tmi...@gmail.com. Learn why this is important
Reply all
Reply to author
Forward
0 new messages