IP based authentication step
Nada Abo Eita
Dear support team,
We have a record where we need to restrict its access to be only on campus. I have read that in this scenario we have to enable IP Authentication. However, this plugin is based on authentication first to assign logged-in user to the group assigned the ip ranges. Is there a way to check the ip ranges and grant access without the need for the authentication step?
Fitchett, Deborah
I did notice that the "Login" option in the top menu still appeared instead of showing as logged in - but that made sense because the user isn't actually 'logged in' per se, only granted access for the moment based on current IP address.
Deborah
(*) In December last year - I can't remember which version of DSpace we were on at the time but it was 7.something.
-----Original Message-----
From: dspac...@googlegroups.com <dspac...@googlegroups.com> On Behalf Of Nada Abo Eita
Sent: Monday, September 2, 2024 3:07 AM
To: DSpace Technical Support <dspac...@googlegroups.com>
Subject: [dspace-tech] IP based authentication step
[You don't often get email from naboe...@gmail.com. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]
Caution: This email originated from outside our organisation. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Dear support team,
We have a record where we need to restrict its access to be only on campus. I have read that in this scenario we have to enable IP Authentication. However, this plugin is based on authentication first to assign logged-in user to the group assigned the ip ranges. Is there a way to check the ip ranges and grant access without the need for the authentication step?
All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
---
You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/7B39E157-9553-4363-893B-26879FCF117E%40gmail.com.
________________________________
"The contents of this e-mail (including any attachments) may be confidential and/or subject to copyright. Any unauthorised use, distribution, or copying of the contents is expressly prohibited. If you have received this e-mail in error, please advise the sender by return e-mail or telephone and then delete this e-mail together with all attachments from your system."
Jayachristrayar S
hello guys,
I'm also looking for same guidance or documentation on how to restrict access to DSpace documents. Specifically, I need to:
- Make bitstream files accessible only via IP-based authentication (so only users from certain IPs can access them).
- For non-IP users, restrict access and provide a "Request a Copy" option.
If you found or anyone has experience setting this up or any documentation on how to do it, please share.
Would really appreciate any help!
Technologiczny Informator
Everything is described here: https://wiki.lyrasis.org/display/DSDOC7x/Authentication+Plugins#AuthenticationPlugins-IPAuthentication
In a nutshell – add these settings to local.cfg. The authentication order is important:
plugin.sequence.org.dspace.authenticate.AuthenticationMethod = org.dspace.authenticate.PasswordAuthentication
Where MY_UNIVERSITY is the group name you can change here. You must create the same group in your repository and then set READ access for the bitstream only to this group.
The example IP addresses provided later should be replaced with your own.
And that’s basically the entire configuration on the DSpace side. However, it’s also important to check whether the client’s IP address actually reaches DSpace—make sure it’s not the address of a proxy server instead of the direct client.
Regards,
Mariusz