PDS Authentication for OvP to LDAP/Voyager
The Patron Directory Service (PDS) is a back-end Web component that facilitates user authentication and logon to a calling application. The PDS is part of the standard calling application package, but it is a distinct and separate component. Most of the information you will need to configure PDS is documented in the Patron Directory Services Guide.
This section contains additional information that may be needed to configure PDS for your site.
Authentication Process
The authentication process requires the following stages:
-
Authenticate
-
User information (bor_info)
In order for OPAC via Primo (OvP) functionality to work, Primo must get the user information (bor_info) from Voyager, which is an issue if the authenticate stage comes from another system (such as LDAP). To resolve this issue, you can use any of the following options to support authentication for OvP-Voyager configurations:
Authenticate to Voyager
Use the Voyager credentials to log on to the system. PDS will use Voyager for the authenticate and the bor_info stages, using the credentials the user has entered.
This option requires you to open your firewall to Voyager.
Authenticate to LDAP and bor_info to Voyager
Use LDAP credentials to authenticate and generate a call to Voyager to log on to the system. This requires the Voyager credentials (barcode and last name) to be stored on LDAP so that they can be used rather than the credentials the user has entered.
This option requires the following:
-
Your firewall must be open to Voyager and LDAP.
-
LDAP must include Voyager barcodes per user.
Authenticate to LDAP and bor_info from Web Service
Use LDAP credentials to authenticate and send a request for information (using the credentials the user has entered) to a Web service you have written to query Voyager for user information.
This option requires the following:
-
Your firewall must be open to LDAP.
-
You must create a script to retrieve user information from Voyager. For more information on setting up a remote CGI hook, see the Patron Directory Services Guide.
For the bor_info stage, PDS will send a POST request to the Web service via a URL such as:
http://10.1.235.39:8997/our-script-location/our-remote.pl?BOR_ID=mike&VERIFICATION=mike&institute=RMIT
For example:
http://<server>:<port>/<location>/<script name>?BOR_ID=<user>&VERIFICATION=<password>&INSTITUTE=<Institution code>
The expected bor_info reply should be an XML response similar to the following:
<?xml version="1.0" encoding="UTF-8"?>
<bor-info><id>122470</id>
<institute>RMIT</institute>
<group>Undergraduate - full time</group>
<group_id>26</group_id>
<ubid>2@RMITDB20081018054906</ubid>
<password>1039614</password>
<passwordType>B</passwordType>
<name>Mike</name>
<lastname>Jacobson</lastname>
<email_address>mike@hotmail.com</email_address>
</bor-info>
Voyager allows you to use the following query to retrieve user information without having to query the vger database:
http://<server_name>:<VXWS port>/vpdsinfo?bor_id=<user_lastname>&verification=<user_barcode>
This request returns an XML response that includes the user information needed for Primo.
Authenticate and bor_info from Web Service
This option allows sites that do not want to open their firewall to Primo to access LDAP. In this case, you authenticate to a Web service that returns the authentication confirmation and then use the credentials the user has entered to query a Web service to retrieve the user information from Voyager.
This option requires you to create a script to authenticate to LDAP and retrieve user information from Voyager. For more information on setting up a remote CGI hook, see the Patron Directory Services Guide.
For the authentication stage, PDS sends a POST request to a Web service via a URL such as the following:
http://10.1.235.39:8997/our-script-location/our-remote.pl?BOR_ID=mike&VERIFICATION=mike&institute=ABC
For example:
http://<server>:<port>/<location>/<location>/<script name>?BOR_ID=<user>&VERIFICATION=<password>&INSTITUTE=<Institution code>?BOR_ID=<user>&VERIFICATION=<password>&INSTITUTE=<Institution code>
The authentication reply needs to be an XML response similar to the following:
<?xml version="1.0" encoding="UTF-8"?>
<bor_authentication> <auth>Y</auth> </bor_authentication>
Or:
<?xml version="1.0" encoding="UTF-8"?>
<bor_authentication> <auth>N</auth> </bor_authentication>
<bor_authentication> <auth>Y</auth> </bor_authentication>
Or:
<?xml version="1.0" encoding="UTF-8"?>
<bor_authentication> <auth>N</auth> </bor_authentication>
For the bor_info stage, PDS will send a POST request to the Web service via a URL such as:
http://10.1.235.39:8997/our-script-location/our-remote.pl?BOR_ID=mike&VERIFICATION=mike&institute=RMIT
For example:
http://<server>:<port>/<location>/<script name>?BOR_ID=<user>&VERIFICATION=<password>&INSTITUTE=<Institution code>
The expected bor_info reply should be an XML response similar to the following:
<?xml version="1.0" encoding="UTF-8"?>
<bor-info>
<id>122470</id>
<institute>RMIT</institute>
<group>Undergraduate - full time</group>
<group_id>26</group_id>
<ubid>2@RMITDB20081018054906</ubid>
<password>1039614</password>
<passwordType>B</passwordType>
<name>Mike</name>
<lastname>Jacobson</lastname>
<email_address>mike@hotmail.com</email_address>
</bor-info>
<bor-info>
<id>122470</id>
<institute>RMIT</institute>
<group>Undergraduate - full time</group>
<group_id>26</group_id>
<ubid>2@RMITDB20081018054906</ubid>
<password>1039614</password>
<passwordType>B</passwordType>
<name>Mike</name>
<lastname>Jacobson</lastname>
<email_address>mike@hotmail.com</email_address>
</bor-info>
Authenticate and bor_info from Web Service – Customer Login Page
This option allows sites that do not want to open their LDAP to Primo’s PDS to provide their own login page.
In this case, you direct the authentication to a Web service that provides a login page that authenticates the user’s credentials. After the authentication service has authenticated the user, it will send a confirmation containing the information the user has entered. You will need to use this information to query another Web service to retrieve the user information from Voyager.
This option requires you to create a script to allow sign in, authenticate to LDAP, and retrieve user information from Voyager. For more information on creating a remote login page, refer to the Patron Directory Services Guide.
For the authentication stage, Primo will redirect the user to sign in through the login page provided by the authentication Web service you created. The redirection URL will look like this:
http://opac.abc.ac.au/our-script/auth/primologin.jsp? pds_handle=&calling_system=primo&institute=ABD&url=http://primoapac02.hosted.exlibrisgroup.com:1701/primo/...
For example:
http://<server>:<port>/<location>/<location>/<script name>?pds_handle=&calling_system=primo&institute=<institution code>&url=<Primo reply URL>
The backlink (the URL from which the user originated) must be the last parameter ("url").
The reply to PDS is in URL form and should look similar to the following:
http://<pds server>:<pds port>/pds?func=remote-login&calling_system=primo&institute=<institution code>&id=<user ID>&url=<original URL>
For example:
http://primoapac02.hosted.exlibrisgroup.com:8991/pds?func=remote-login&calling_system=primo&institute=RMIT&id=john1&url=http://primoapac02.hosted.exlibrisgroup.com:1701/primo/...
-
The script adds the id field in the reply.
-
The backlink (the URL from which the user originated) must be the last parameter ("url").
For the bor_info stage, PDS will send a POST request to the Web service via URL such as:
http://10.1.235.39:8997/our-script-location/our-remote.pl?BOR_ID=mike&VERIFICATION=mike&institute=RMIT
For example:
http://<server>:<port>/<location>/<script name>?BOR_ID=<user>&VERIFICATION=<password>&INSTITUTE=<Institution code>
The expected bor_info reply should be an XML response similar to the following:
<?xml version="1.0" encoding="UTF-8"?>
<bor-info>
<id>122470</id>
<institute>RMIT</institute>
<group>Undergraduate - full time</group>
<group_id>26</group_id>
<ubid>2@RMITDB20081018054906</ubid>
<password>1039614</password>
<passwordType>B</passwordType>
<name>Mike</name>
<lastname>Jacobson</lastname>
<email_address>mike@hotmail.com</email_address>
</bor-info>
<bor-info>
<id>122470</id>
<institute>RMIT</institute>
<group>Undergraduate - full time</group>
<group_id>26</group_id>
<ubid>2@RMITDB20081018054906</ubid>
<password>1039614</password>
<passwordType>B</passwordType>
<name>Mike</name>
<lastname>Jacobson</lastname>
<email_address>mike@hotmail.com</email_address>
</bor-info>