TEW = Technical Evaluation Worksheet
Below are instructions for enabling new customers' web access to ITWeb, SearchBank or LifeCenter. It is broken into sections, and the instructions in each can be executed independantly (except when setting up a new library which requires the Library and Location records be created in sequence). A separate section discusses enabling access for multiple ITWeb locations on a single config UI (Library ID).
Related Topics: RLIS Authentication ITWeb Conversions
1. From the main menu, select Library | Library - IP
Address
2. Create and enter a Library ID (lower case); record the Library
ID on the TEW
3. Enter library Name
4. Adjust the Service level as needed (ITCustom | SearchBank |
LifeCenter)
5. Under IP Address and Mask, enter the TGG IP address, plus any
additional IPs listed on the TEW, pt 2; enter the library name in the Description
field
6. Use Ctrl-R | Add | Library to add the library record; RLIS will automatically
create a new location record
1. Create and enter a Location ID; record
the Location ID on the TEW
2. Enter the library Name, City and State
3. Change Web Enable to 1
4. In Privileges, enable PDF and/or EMAIL as requested on TEW, pt
3.b & 3.c
5. Enter Contact Name First, Phone, Fax
and Email (use technical contact on TEW, pt 1., if available)
6. Enter Home Page URL (TEW, pt 3.d)
7. Verify that Logo Text matches text on TEW, pt 3.e
8. Move to Product field below and enter product code; tab to Display
Order and enter a number
(repeat on subsequent Product rows as needed)
9. Use Ctrl-R | Add | Location to add the location record; RLIS will display the
library record again
C. Creating a Library Usage Report profile (skip this step if no email address is present on TEW, pt 7.c)
1. From the main menu, select URep!
2. Enter the location ID in the ID field
3. Move to Content and enable Sessions-by-Hour
4. Enter one or more email address(es) in the Delivery field (TEW,
pt 7.c)
5. Use Ctrl-R | Add | Report Profile to add the report profile
Note that each location ID (ITWeb URL) can have only one associated dialup or RPA profile. The dialup protocol is intended to work as a substitute for IP authentication for on campus access points; it is not implemented for remote access. An RPA profile is used for remote and, if IP authentication is not available, on campus access. If a location requires both dialup and RPA profiles, separate location records (i.e., separate URLs) must be created.
From TGG's perspective, RPA has three different implementation paths: (1) 'classic' RPA; authentication server and script are on the customer's network, (2) local RPA; authentication server is on TGG's network and script(s) maintained by TGG staff, and (3) local password RPA. Each of these are visited here; assessing authentication strategies is also discussed further below.
D. Creating a "dialup" cookie profile
1. Select Location | Remote Patron Profile from the main
menu
2. Enter the location ID in the Location ID field
3. Enter Method as D; skip Host and Port
4. Create and enter a password in Description; record the password
on the TEW
5. Use Ctrl-R | Add | Location only to add the profile
E. Creating a 'classic' RPA profile
1. Select Location | Remote Patron Profile from the main
menu
2. Enter the location ID in the Location ID field
3. Enter Method as H
4. Enter the site's authentication server address in Host field
(FQDN required, no IP #s)
5. Enter the port number being used by the authentication server in the Port
field
6. Enter the full path to the script in Description; include %i
variable as either PATH_INFO or QUERY_STRING data
7. Use Ctrl-R | Add | Location only to add the profile
F. Creating a 'local' RPA profile
1. Select Location | Remote Patron Profile from the main
menu
2. Enter the location ID in the Location ID field
3. Enter Method as H
4. Enter TGG's authentication server address in Host field;
sales.iacenter.com
5. Enter 1800 in the Port field
6. Enter the path in Description;
/cgi-bin/<location_directory>/rpascript.pl/%i
7. Use Ctrl-R | Add | Location only to add the profile
The script and, if used, patron file must be created in a subdirectory of /cgi-bin/ on ias9. The script name should be named 'rpascript.pl' for consistency. Patron ID files typically take names of the form: <site>ID.lst; e.g., cuyahogaID.lst. If the script performs logging, the RPA profile cache variable should be set to 1.
G. Creating a local 'password' RPA profile
This is a two step process; the first uses a web form to populate a password database, the second creates an RPA profile record in RLIS. Use this procedure when setting up an RPA password for schools that requires remote access (this method is also used to validate pre-authenticated users).
Step I
1. Point a web browser to http://sales.iacenter.com:1800/k12form.html
2. Enter the name of location in the Name field; include the state designation
(e.g., CA)
3. Enter the location ID and a password in the location ID and password fields
4. Enter the subscription end date, if known, or -1 to indicate no expiration
5. Submit the form
Step II (in RLIS)
1. Select Location | Remote Patron Profile from the main
menu
2. Enter the location ID in the Location ID field
3. Enter Method as H
4. Enter TGG's authentication server address in Host field;
sales.iacenter.com
5. Enter 1800 in the Port field
6. Enter the path in Description;
/cgi-bin/k12/rpascript.pl/%i/%a%h%l
7. Set Cache to 1
8. Use Ctrl-R | Add | Location only to add the profile
H. Creating a config UI username and password
1. Using a browser, go to
www.infotrac-custom.com/itconfig/<libraryID>
username:
iac_support
password:
my_antonia
2. Click on the Administration link (lower
left frame)
3. Click on Create new user
4. Create and input Username and Password
(twice); record the username and password on the TEW
5. Assign access rights as appropriate*
6. Click Save
* Most new accounts will require a superuser account, i.e., all access privileges should be assigned here. In some instances, a new administrator account should only have access to the profiles and preferences for one or a few locations, where multiple locations are involved (see Multiple ITWeb Locations).
Choosing Authentication Methods
TGG's online product distribution systems offer three authentication methods
The first two methods allow a campus or library patron anonymous access to TGG databases; the third requires the patron to submit a credential, such as student ID, library card number, or shared password. This method is frequently associated with the requirement to provide remote (outside the library, off campus) access to TGG databases, and is referred to in most circles as RPAS (Remote Patron Authentication Service).
A library may then request one, two or all three authentication methods, or some combination thereof. This leads to six possible scenarios:
| A | B | C | D | E | F |
| Host/Network IP | Host/Network IP Dialup Cookie |
Host/Network IP Dialup Cookie RPA |
Dialup Cookie RPA |
RPA | RPA Host/Network IP |
Some examples and guidelines for setting up authentication for each of these scenarios are shown below. It should be noted here that TGG's fulfiillment system (RLIS) uses the same record space for implementation of both dialup cookie and remote patron profiles. It is therefore not possible to set up both methods on the same location ID (read: URL). As discussed below, if both methods are required (scenario D), separate URLs must be created and one of the two profiles assigned to each. See sections D-F above for instructions on setting up these profiles.
Scenario A: Typical of most public and academic libraries, some K12 sites. Simply add IP numbers to the registry in the RLIS Library record (section A).
Scenario B: This is rare, but some libraries operate hosts on dialup lines, in addition to hosts connected directly to a LAN/WAN. Add IP numbers to the registry in the Library record (section A), and create a dialup profile (section D).
Scenario C: Like B, with remote access requirement. Add IP numbers to library registry(section A); create two location records (URLs; section B), assign the dialup profile to one URL for on campus use (section D), assign a second profile to the other URL for remote access (sections E - G).
Scenario D: A few libraries, especially in the K12 market, still use dialup access in the library and require remote access. This can be handled as in C, creating two URLs and separate authentication profiles. However, it may be acceptable to the site administrator to use a single URL, and use just the RPA access method (section E - G) for all access points, on campus and remote (Scenario E). This is, in fact, the default protocol when working with schools (section G only).
Scenario E: It is possible that a campus or library may implement policies that prohibit the use of cookies on browser hosts. This, combined with a lack of stable IPs for authentication, forces the library to require patrons enter a credential each time they access TGG's databases, both on campus and off. Set up a Remote Patron profile (sections E - G) for each of the URLs affected.
Scenario F: This will be the most typical scenario as remote access requirements become the norm. Add IP numbers to the RLIS Library record's IP registry (section A), and set up a RPA profile (sections E - G) for each URL.
Remote access for K12 institutions is a common requirement. However, most schools lack the technical resources to implement classic RPA; still others do not have access to a database of credentials (e.g., student IDs), making it impossible to implement local RPA. These constraints, combined with the administrator's expectation that remote access should require nothing more than a single shared password, has forced TGG's PDS group to implement a solution that uses our local RPA server and a password database. Instructions for implementing a local RPA password are included as section G in this document.
The RPA profile (in RLIS) for each location using local RPA password authentication is the same. Each profile directs the IT servers to request authentication from the script at sales.iacenter.com/cgi-bin/k12/rpascript.pl, and includes all four CGI variables (user ID, location ID, IP address, host name) used by the protocol. The form (k12form.html) used to populate the password database contains an example of the RPA profile. Each record in the password database contains the site's password, location ID, full name and subscription expiration date. The script uses a single pass to match the submitted password to one in the password database. It also checks the location ID and disallows access if a user attempts to reach a URL for which the password was not assigned.
In addition to 'standard' database products, a library may purchase one or more custom databases to add to their online collection. With a custom database, the library collections staff is able to choose the journal titles that will be available to users who search this database. Custom databases are sold in increments, typically 50, 100, 250, 500, 1000 and 2000 titles (although the RLIS application does not validate this number against business rules; i.e., it is possible to assign a custom database using any number of titles). The process of populating a custom database is covered in a separate section of this document set (see Requirements for InfoTrac Web Administrators).
In RLIS, a custom database can be added to the library's collection once the Library record has been created (i.e., it is possible to add a custom database before a location record has been created; although this is hardly useful to the installation process). The custom database is assigned to the Library ID and is therefore available to any of the Location records also assigned to that Library ID. The InfoTrac Web configuration UI is used to assign the custom database to specific locations; a practical application of this involves the creation of multiple custom databases for different user communities, then assigning one each to a specific RLIS Location record corresponding to the access points (e.g., different libraries or PCs within a library).
To add a custom database
A. Add the custom database in RLIS
1. Select Library | Custom Database from the main menu
2. Enter the library ID in the Library ID field
3. Skip the Name field, and enter the [Days before next update] value -- typically
1 (one)
4. Enter a [Database Name] (recommend: "<LocationName> - <#>
titles"
5. Use Ctrl-R | Add to add the database
Note that multiple custom databases can be added here; with or without modifications to the title count or name, simply use Crtl-R | Add to add another database.
B. (Optional) Assign the custom database to a location
in ITWeb's Config UI
1. Log onto the library's config UI as iac_support/my_antonia
2. Select Locations on the left nav bar
3. Select Modify location (for the location to which the custom database will be
assigned)
4. Click the check box next to the custom database title to be assigned to this
location
5. Click the Save button