EZProxy, Generic CPIP Connector, and Custom Authenticator for EZproxy MD5 Ticket
Here is a way to get a Generic CPIP connector on Luminis to work with EZProxy MD5 ticket.
I have been trying to connect Luminis and EZProxy via a built-in CPIP connector in ezproxy for over a month, but we were not able to get it working. We worked directly with usefulutilities, and made sure the SSL certs were right, the configuration was right, but no matter what we tried, it kept failing. The fact that it was not working, and the fact that the connector actually resides on EZProxy was not making me feel comfortable. After all, the credentials were being sent to someone else's cpip connector...
There is a working solution on usefulutilites that describes "ticket" authentication for EZProxy, and that has been working for people, as reported on LDN. So, you can write a custom CPIP connector from scratch, using the "wonderful SDK and complete documentation and training" you received from SCT, right? Well... if you are an SCT Consultant, then maybe... but why should I create a custom cpip if I have/bought the generic framework?! Well, because I have a hard time generating an MD5 hash required by EZproxy using the XML file in GCF. <i>If you know how to generate MD5 hashes in XML, please let me know </i>:)
So, here is a way to get a Generic CPIP connector on Luminis working with EZProxy MD5 ticket. This has been tested on Luminis III.3 and should work as long as you have java 1.3 on your Luminis instance. The steps assume you have the Generic Framework installed, with TSGC.jar set in servlet.cpipconnector.classpath
- I. Configure EZproxy to use ticket authentication and specify a complex key
- II. Configure GCF to use ezproxy.class: Add the ezproxy.class to GCF CPIP classpath
- III. Create new EZProxy connector on Luminis
- IV. Create XML file with a CALL to ezproxy.class
- V. Build a channel (link) to a library database that uses EZProxy cpip
I. CONFIGURE EZProxy
Please visit http://www.usefulutilities.com/support/usr/ticket/ and consult with your EZProxy Administrator
II. CONFIGURE GCF to use ezproxy.class
mkdir backup/sso
mkdir ~/temp/TSGC
cp $CP_ROOT/products/sso/lib/TSGC.jar backup/sso
cd ~/temp/TSGC
cp $CP_ROOT/products/sso/lib/TSGC.jar .
jar xvf TSGC.jar
jar xvf ezproxy.jar
rm *.jar;
cd ~/temp/TSGC
jar cvf TSGC.jar *
cp TSGC.jar $CP_ROOT/products/sso/lib
rm TSGC.jar
$CP_ROOT/installdir/products/ws/https-cpipconnector/stop and start
III. CREATE NEW GCF CPIP CONNECTOR name ezproxy to use attached ezproxy.xml and ezproxy.properties files.
I will not cover the steps how to create a new connector, but this information can be found in Luminis Documentation or GCF Training. Make sure to add a userid filter for ezproxy (password not needed here), and to import ezproxy ssl certificates.
IV. CREATE XML file with a CALL to ezproxy.class
Take a look at the attached ezproxy.xml file.
1) The file must have a call to com.unf.sso.authenticator.custom.ezproxy and have 4 parameters.
2) The parameters can be named anything, but there must be 5 (FIVE) of them.
3) The resulting MD5 key is insterted into PARAM a:value="KeyDigest" in this example.
4) Make sure to restart the Luminis CPIP Connector web server anytime you change the .properties or .xml file.
V. BUILD a CHANNEL (link) to ezproxy
Now you have the MD5 key required by EZProxy in the ezproxy cpip connector.
The url format is described here. You can create a url to any database in Luminis as follows:
http://your.luminis.edu/cp/ip/login?sys=ezproxy&url=https://your.ezproxy.edu/login?user=${_CPUSERNAME}&ticket=${ezproxy.key}&url=http://www.somerestricteddatabase.com
Note: the url must be URLEncoded, so the real url in the channel will be:
http://your.luminis.edu/cp/ip/login?sys=ezproxy&url=https%3A%2F%2Fyour%2Eezproxy%2Eedu%2Flogin%3Fuser%3D%24%7B%5FCPUSERNAME%7D%26ticket%3D%24%7Bezproxy%2Ekey%7D%26url%3Dhttp%3A%2F%2Fwww%2Esomerestricteddatabase%2Ecom
- dbondare's blog
- Login or register to post comments
Hack Your Knowledge
Recent blog posts
- Portal for Prospects - facilitation of user accounts from Banner
- receiving error while installing on Solaris
- PermGen space on Windows
- Luminis IV integration with Lotus applications
- Anyone do a complete SunONE migration to Exchange?
- SAF: Is it required if using ILM and Active Directory
- Calendar Migration: SunOne to Exchange 2007
- IMAP on Luminis IV
- cptool list sessions via JSP
- server.policy
Developer Links
Poll
- Login or register to post comments
- Older polls
Syndicate
Comments
Class Not Found Exception.
Hi,
I'm implementing the Luminis to Ezproxy CPIP connector and the cp.log file shows that the CPIP connector is throwing a ClassNotFoundException.
Stack Trace:(ExternalSystemMana
[2006-03-22 12:11:30,314] [ERROR] WebServlet [com.pipeline.system.LuminisServlet
]: ################ System starting ###############
[2006-03-22 12:11:30,849] [ERROR] WebServlet [com.pipeline.gist.ExternalSystemMa
nagerImpl]: failed to set blocked execution handler com.pipeline.gist.ExternalSy
stemManagerImpl$DiscardWhenBlocked
java.lang.ClassNotFoundException: com.pipeline.gist.ExternalSystemManagerImpl$Di
scardWhenBlocked
at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:183)
at java.lang.ClassLoader.loadClass(ClassLoader.java:294)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:288)
at java.lang.ClassLoader.loadClass(ClassLoader.java:250)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:310)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:115)
at com.pipeline.gist.ExternalSystemManagerImpl.
gerImpl.java:181)
at com.pipeline.gist.ExternalSystemManagerImpl.getInstance(ExternalSyste
mManagerImpl.java:155)
at com.pipeline.system.LuminisServlet.init(LuminisServlet.java:205)
at com.iplanet.server.http.servlet.WServletEntity.loadAndInitServlet(WSe
rvletEntity.java:98)
at com.iplanet.server.http.servlet.WebApplication.init(WebApplication.ja
va:317)
at com.iplanet.server.http.servlet.VirtualServer.init(VirtualServer.java
:181)
at com.iplanet.server.http.servlet.NSServletRunner.VSInit(NSServletRunne
r.java:726)
I know that the cp-xerces-2.6.2.jar file contains the ExternalSystemManagerImpl class but it does not appear to contain the DiscardWhenBlocked internal class. Am I using the wrong cp-xerces version?
Other ideas?
Thanks,
Dan Brydges
Programmer/Analyst
Langara College
Vancouver, BC
dbrydges@langara.bc.ca
Class Not Found Exception
Dan,
Did you get this resolved? Are you implementing the connector by following the instructions in this blog? Did you create an external system entry for this connector in the Luminis LDAP and restarted luminis?
I'm not sure why you're seeing this error.
Thanks,
Dmitriy
Class Not Found Exception.
This error appears to be caused when the cpip-connector service is started before the web server.
One problems still remains. I am not getting ${_CPUSERNAME} and ${ezproxy.key} to be substituted with values in the call to the ezproxy server. Instead ${_CPUSERNAME} and ${ezproxy.key} are being sent just as they are in the http request to the ezproxy server.
Suggestions?
Missing JAR?
The ezproxy.jar.zip attachment seems to only contain a META-INF directory, with nothing inside of it. Am I missing something, or could you perhaps email this jar file?
Thanks.