1 dec. 2004 the hong kong institute of education library integrating innopac with hkied “portal”...
Post on 20-Dec-2015
215 views
TRANSCRIPT
1 Dec. 20041 Dec. 2004 The Hong Kong Institute of Education The Hong Kong Institute of Education
LibraryLibrary
Integrating Innopac with Integrating Innopac with HKIEd “Portal” EnvironmentHKIEd “Portal” Environment
Ivan ChanIvan ChanThe Hong Kong Institute of Education LibraryThe Hong Kong Institute of Education Library
1 Dec 20041 Dec 2004HKIUG 5, CityUHKIUG 5, CityU
The Hong Kong Institute of Education LibrarThe Hong Kong Institute of Education Librar
yy 22
AgendaAgenda
Project OutlineProject Outline
Quick SnapshotsQuick Snapshots
Portal IntegrationPortal Integration– Single Sign On (SSO) ConnectorSingle Sign On (SSO) Connector– PatronAPI EnhancementsPatronAPI Enhancements
Technical InformationTechnical Information
Future PlanFuture Plan
The Hong Kong Institute of Education LibrarThe Hong Kong Institute of Education Librar
yy 33
Project OutlineProject Outline
This project aims at:This project aims at:– providing Single Sign On (SSO) for HKIEd “portal” and providing Single Sign On (SSO) for HKIEd “portal” and
Innopac’s patron verificationInnopac’s patron verification– integrating patron loan information with the campus integrating patron loan information with the campus
“portal”“portal”
Phase 1 (July/2004)Phase 1 (July/2004)– Library PINs sync. with campus passwordsLibrary PINs sync. with campus passwords
Phase 2 (Dec/2004)Phase 2 (Dec/2004)– Patron loan records integrated with the campus “portal”Patron loan records integrated with the campus “portal”
1 Dec. 20041 Dec. 2004 The Hong Kong Institute of Education The Hong Kong Institute of Education
LibraryLibrary 44
Quick SnapshotsQuick Snapshots
The Hong Kong Institute of Education LibrarThe Hong Kong Institute of Education Librar
yy 55
HKIEd “Portal” Login
The Hong Kong Institute of Education LibrarThe Hong Kong Institute of Education Librar
yy 66
HKIEd “Portal” Homepage
Click “MyLibrary” to view Click “MyLibrary” to view loan recordloan record
The Hong Kong Institute of Education LibrarThe Hong Kong Institute of Education Librar
yy 77
Viewing Library Loan Records
Items checked outItems checked out
Items on holdItems on hold
The Hong Kong Institute of Education LibrarThe Hong Kong Institute of Education Librar
yy 88
Patron Record Integration
Click on “Renew Item” to logon Innopac Click on “Renew Item” to logon Innopac ““View Circulation Record” View Circulation Record” automaticallyautomatically
1 Dec. 20041 Dec. 2004 The Hong Kong Institute of Education The Hong Kong Institute of Education
LibraryLibrary 99
Portal IntegrationPortal Integration
The Hong Kong Institute of Education LibrarThe Hong Kong Institute of Education Librar
yy 1010
Single Sign-On (SSO)Single Sign-On (SSO)Lack of interoperable standardLack of interoperable standard– Examples of SSO standardsExamples of SSO standards
Shibboleth-Architecture Draft v05 Shibboleth-Architecture Draft v05 - drafted in 2002, is a “secu- drafted in 2002, is a “secure exchange of interoperable authorization information that cre exchange of interoperable authorization information that can be used in access control decision making”an be used in access control decision making”
[http://shibboleth.internet2.edu/draft-internet2-[http://shibboleth.internet2.edu/draft-internet2- shibboleth-arch-v05.html] shibboleth-arch-v05.html]
Central Authentication Service (CAS)Central Authentication Service (CAS) of Yale University - “ of Yale University - “SunGardSunGard SCTSCT's 's LuminisLuminis includes in its latest version as an inincludes in its latest version as an integrated version of the CAS server”tegrated version of the CAS server”[http://www.yale.edu/tp/auth/cas10.html][http://www.yale.edu/tp/auth/cas10.html]
Portal such as Portal such as Luminis CPIPLuminis CPIP (campus pipeline integration pr (campus pipeline integration protocol) technology by SCTotocol) technology by SCT
The Hong Kong Institute of Education LibrarThe Hong Kong Institute of Education Librar
yy 1111
It is difficult to build the SSO solution acrosIt is difficult to build the SSO solution across different legacies of WEB applications.s different legacies of WEB applications.In the project, two major tasks have been In the project, two major tasks have been completed:completed:– SSO ConnectorSSO Connector for patron verification for patron verification– PatronAPI EnhancementsPatronAPI Enhancements to work with SSO to work with SSO
Connector:Connector:Online Reset of PINOnline Reset of PINView Circulation Records Interface View Circulation Records Interface Auto-logon to Patron Circulation RecordsAuto-logon to Patron Circulation Records
The Hong Kong Institute of Education LibrarThe Hong Kong Institute of Education Librar
yy 1212
Single Sign-On ConnectorSingle Sign-On Connector
SSO-Connector developed by IT departmeSSO-Connector developed by IT department of the Institutent of the Institute
It converts cookies information to library loIt converts cookies information to library logon identity and POST the web-form to Inngon identity and POST the web-form to Innopac automaticallyopac automatically
LOGIN and LOGOUT are managed by the LOGIN and LOGOUT are managed by the connectorconnector
The Hong Kong Institute of Education LibrarThe Hong Kong Institute of Education Librar
yy 1313
Client Browser Username / Password
Cookie InformationWeb
Application Server
LOGIN
Web Page Request
Cookie
Normal AuthenticationNormal Authentication
The Hong Kong Institute of Education LibrarThe Hong Kong Institute of Education Librar
yy 1414
Client Browser Username / Password
Cookie Information “Portal” withSSO Feature
SSO
Connector
LOGIN
Request forCirculationRecord
Cookie
Login Identity:Name / Barcode / PIN
Enhanced PatronAPI
SSO-Connector AuthenticationSSO-Connector Authentication
Target URL
Syntax: SSO Object + Target URL
CirculationRecord Innopac
System
The Hong Kong Institute of Education LibrarThe Hong Kong Institute of Education Librar
yy 1515
SSO Connector SyntaxSSO Connector Syntax
https://[SSO_connector]xurl=https://innopacapi/API/circ_record.php
SSO Object Target URL
EXAMPLE:
The SSO syntax comprises 2 components, The SSO syntax comprises 2 components, namely namely SSO ObjectSSO Object and and Target URLTarget URL::
SSO Object will validate the logon identitySSO Object will validate the logon identity
SSO Object will reject the Target URL if the SSO Object will reject the Target URL if the portal is already logged out or timed outportal is already logged out or timed out
1 Dec. 20041 Dec. 2004 The Hong Kong Institute of Education The Hong Kong Institute of Education
LibraryLibrary 1616
PatronAPI EnhancementsPatronAPI Enhancements
The Hong Kong Institute of Education LibrarThe Hong Kong Institute of Education Librar
yy 1717
Campus“Portal”
Innopac System
UserEnhanced PatronAPI
LibraryApplications e.g.
BI class registration3. Patron API Enhancements3. Patron API EnhancementsA. Reset PIN onlineB. View circulation recordC. Logon “patron” record
2. SSO Connector2. SSO Connector1. User login1. User login
(indirect access)
Data Paths of Portal Integration
Direct Access
The Hong Kong Institute of Education LibrarThe Hong Kong Institute of Education Librar
yy 1818
1. Reset PIN online1. Reset PIN online– Interface: use secure HTTP (i.e. https) FORM Interface: use secure HTTP (i.e. https) FORM
postingposting– Processing: two phases, i.e. delete PIN and Processing: two phases, i.e. delete PIN and
create new PINcreate new PIN– Campus password is synchronized with Campus password is synchronized with
Library PINLibrary PIN– Same password can be used to logon Same password can be used to logon
Innopac patron recordInnopac patron record
The Hong Kong Institute of Education LibrarThe Hong Kong Institute of Education Librar
yy 1919
PIN Reset DiagramPIN Reset Diagram
HTTPS request
Delete PIN
Create New PIN
TELNET (delete PIN)
HTTP (assign new PIN)
Queue
DONE
InnopacSystem
OK
FAIL
The Hong Kong Institute of Education LibrarThe Hong Kong Institute of Education Librar
yy 2020
# Sample EXPECT script for deleting PIN# Sample EXPECT script for deleting PINwhile {1} {while {1} { expect timeout {expect timeout { send_user "\nWARNING: Barcode does not exist.\n"send_user "\nWARNING: Barcode does not exist.\n" exitexit } "Choose one (I,R)*" {} "Choose one (I,R)*" { send_user "\nPIN not set.\n"send_user "\nPIN not set.\n" exitexit } "Choose one*" {} "Choose one*" { send "D"send "D" send_user "\n Remove PIN in progress.\n"send_user "\n Remove PIN in progress.\n" } "Are you sure? (y/n)*" {} "Are you sure? (y/n)*" { send "y"send "y" send_user "\n PIN removed.\n"send_user "\n PIN removed.\n" breakbreak } "Press <SPACE> to continue*" {} "Press <SPACE> to continue*" { send_user "\n WARNING: Patron record in use.\n"send_user "\n WARNING: Patron record in use.\n" exitexit } eof {} eof { send_user "\n WARNING: Cannot delete PIN.\n"send_user "\n WARNING: Cannot delete PIN.\n" exitexit }}}}
The Hong Kong Institute of Education LibrarThe Hong Kong Institute of Education Librar
yy 2121
2. View circulation record2. View circulation record
Retrieve the checkout and hold records froRetrieve the checkout and hold records from the following URLs.m the following URLs.
- Checked out items- Checked out items http://<innopac>/patroninfo/<patronid>/itemshttp://<innopac>/patroninfo/<patronid>/items
- Item on hold - Item on hold
http://<innopac>/patroninfo/<patronid>/holdshttp://<innopac>/patroninfo/<patronid>/holds
Re-format the above pages to fit into the cRe-format the above pages to fit into the campus “portal” display.ampus “portal” display.
The Hong Kong Institute of Education LibrarThe Hong Kong Institute of Education Librar
yy 2222
Patron circulation records
http://<innopac>/patroninfo/<patronid>/itemshttp://<innopac>/patroninfo/<patronid>/items
http://<innopac>/patroninfo/<patronid>/holdshttp://<innopac>/patroninfo/<patronid>/holds
The Hong Kong Institute of Education LibrarThe Hong Kong Institute of Education Librar
yy 2323
3. Logon patron record3. Logon patron record
Extract logon identifications from the SSExtract logon identifications from the SSO ConnectorO Connector
Redirect to Innopac “View Circulation ReRedirect to Innopac “View Circulation Record”, i.e. http://<Innopac>/patroninfo/cord”, i.e. http://<Innopac>/patroninfo/
POST the web-form automatically to InnoPOST the web-form automatically to Innopacpac
The Hong Kong Institute of Education LibrarThe Hong Kong Institute of Education Librar
yy 2424
Patron record integration
Click on “Renew Item”,Click on “Renew Item”,https://[SSO_connector]xurl=https://[SSO_connector]xurl= https://[server]/InnoAPI/circ_recordrec2.phphttps://[server]/InnoAPI/circ_recordrec2.php
https://[server]/InnoAPI/circ_recordrec2.phphttps://[server]/InnoAPI/circ_recordrec2.php
SSO_ConnectorSSO_Connector
1 Dec. 20041 Dec. 2004 The Hong Kong Institute of Education The Hong Kong Institute of Education
LibraryLibrary 2525
Technical InformationTechnical Information
The Hong Kong Institute of Education LibrarThe Hong Kong Institute of Education Librar
yy 2626
III PatronAPI (URL) (code: 317URL-I)III PatronAPI (URL) (code: 317URL-I)
Local programming required such as SSO Local programming required such as SSO Connector and PatronAPI EnhancementsConnector and PatronAPI Enhancements– Programming include JAVA, PHP, PERL and Programming include JAVA, PHP, PERL and
EXPECT scriptsEXPECT scripts– MYSQL database, which is used to limit the nMYSQL database, which is used to limit the n
umber of concurrent TELNET connections for umber of concurrent TELNET connections for EXPECT scriptEXPECT script
The Hong Kong Institute of Education LibrarThe Hong Kong Institute of Education Librar
yy 2727
Depends mainly on the campus IT infrastrDepends mainly on the campus IT infrastructure and the portal technology useducture and the portal technology used
1 Dec. 20041 Dec. 2004 The Hong Kong Institute of Education The Hong Kong Institute of Education
LibraryLibrary 2828
Future PlanFuture Plan
The Hong Kong Institute of Education LibrarThe Hong Kong Institute of Education Librar
yy 2929
Consider using ready-made SSO standardConsider using ready-made SSO standards, but depends on the development trend s, but depends on the development trend of the campus portalof the campus portal
Consider using Innopac’s External Patron Consider using Innopac’s External Patron Verification (code: 201LDAP) for LDAP autVerification (code: 201LDAP) for LDAP authenticationhentication
Improve security level of using secure HTTImprove security level of using secure HTTP (https) with PatronAPI, pending for InnoP (https) with PatronAPI, pending for Innopacs’ enhancementpacs’ enhancement
The Hong Kong Institute of Education LibrarThe Hong Kong Institute of Education Librar
yy 3030
Future Plans (Con’t)Future Plans (Con’t)
Integrate with other library services such aIntegrate with other library services such as BI class registration and library materials s BI class registration and library materials online recommendationonline recommendation
Utilise MyMillenninum options in supportinUtilise MyMillenninum options in supporting WAM accessg WAM access
e.g. in wwwoptions, set “no_reverify=wam”e.g. in wwwoptions, set “no_reverify=wam”
The Hong Kong Institute of Education LibrarThe Hong Kong Institute of Education Librar
yy 3131
ReferenceReference
From IUG 11, in San Jose, about Portal From IUG 11, in San Jose, about Portal integration: III and campus pipeline, April, integration: III and campus pipeline, April, 20032003