跳至主要內容
OCLC Support

Set up a SAML connection

  1. Last updated
  2. Save as PDF
Learn how to set up a connection from the EZproxy server to a SAML server in EZproxy configuration.

EZproxy configuration provides an interface to configure SAML authentication. See SAML Authentication (including Shibboleth V1/2/3, ADFS, Microsoft Entra ID (Azure), OpenAthens) for additional details about SAML authentication integration with EZproxy. 

To set up a connection in the configuration UI from the EZproxy server to a SAML server:

  1. Select Authentication from the left navigation.
  2. Click Add authentication type on the Authentication screen.
  3. Select SAML from the Select authentication type drop-down menu. a SAML configuration screen opens.
  4. From the SAML configuration screen:
    1. Enter the corresponding EntityID of the IDP in the Host Identifier field.
    2. Enter a unique name for this authentication in the Tag text field.
    3. (Optional) Select the Use auth tag checkbox if you want to require this function.
    4. Enter the SAML configuration block in the User options text field.
      SAML configuration block - Example
      ::Shibboleth 
      IDP20 IDPEntityID 
      /Shibboleth
      Completed SAML screen example - Image
      Example of a completed SAML screen in EZproxy Configuration
  5. Select the method that metadata from the SAML IDP will be provided to EZproxy from the Metadata input type drop-down menu.
    • Provide metadata URL - If selected, enter the URL in the Metadata URL text field. EZproxy retrieves the metadata provided at the URL and stores it in an XML file in the EZproxy directory.
    • Upload metadata file - If selected, click Choose File, select the metadata file from your computer, and click Open. Once the file is uploaded, the contents will appear in the Metadata content text field. Click Save to create the metadata file in the EZproxy directory.
    • Copy/paste metadata file content - If selected, paste the contents of the metadata file into the Metadata content text field. Click Save to create the metadata file in the EZproxy directory.
  6. Enter the configuration directives for the Shibboleth Metadata configuration in the Config options text field. See config.txt Directives for more information.
    config.txt directives - Example

    ShibbolethMetadata \  

       -EntityID=EZproxyEntityID \  

       -File=MetadataFile \  

       -SignResponse=false -SignAssertion=true -EncryptAssertion=false \  

       [-Cert=EZproxyCertNumber \]  

       [-SignAuthnRequest \]  

       [-SLO \]   

       [-URL=MetadataURL \]  

       [-URLValidate=URLValidateFile \]  

      [-AuthnContextClassRef=AuthnContext]

     Note: The values for -SignResponse=false -SignAssertion=true -EncryptAssertion=false \ are dependent on configuration of your SAML server.

  7. Enter the Shibboleth directives for the Shibboleth configuration in the Shibboleth user text field. These directives will create the shibuser.txt file on the EZproxy server. See shibuser.txt for more information.
    Shibboleth directives - Example
    Set login:loguser = auth:urn:mace:dir:attribute-def:eduPersonTargetedID
  8. Click Save. To apply the SAML connection, deploy it to both Pre-production and Production.