FacebookTwitterLinkedIn
Login / Register

Login / Register

IUG FORUM

Stay always connected!
  1. Jennifer Faist
  2. Sierra/ Millennium/ Encore
  3. Monday, July 31 2017, 08:54 PM
  4.  Subscribe via email
We are in the process of evaluating EZproxy and are seriously considering replacing WAM, but have the opportunity to turn on the wam_sslhost_replace option in the mean time. I'm trying to determine if it is worth our time to move to the wam_sslhost_replace method, even though it might be short-lived. Can anyone who is using wam_sslhost_replace answer the following questions? Or if you've skipped it and just gone to EZproxy, I'd like to hear that too.

Which resources are not working with wam_slhost_replace? (I've seen mention on the forum of Facitva, Sage, Refworks and Alexander Street Press embed codes.)
Is it a fairly painless process, or is there work to do? I notice that you only have to change starting URLs that are https to begin with. Did you spend a lot of time changing bib record links?
When did you implement the option? Was it quick and easy enough to do during the semester, or did you wait for a break to switch?
Besides not having to constantly add entries to a SAN certificate and saving money with a more economical wildcard cert, are there any other benefits that you are seeing?
Are there any other problems you have run into?
Do you still wish you had EZproxy options that aren't in WAM?

Thanks in advance,

Jennifer Faist
Library Systems & Digital Collections Administrator
ArtCenter College of Design

jennifer.faist@artcenter.edu

jennifer.faist@artcenter.edu
Comment
There are no comments made yet.
Add Comment
Bee Bornheimer Accepted Answer
0
Votes
Undo
Hi Jennifer, we are in the same boat as you, considering our options. Here is what Bob Duncan told me at the end of May. Not sure if anything has changed since then. I am also interested in hearing what other people are considering, as well as how much effort it has been to transition to the wam replace method or to EZproxy.


"Hi Bee,

The Westlaw problem was fixed; we are aware of problems with Factiva, Intelliconnect, psychiatrist.com journals, and the personalized data feature of RefUSA.

Please let me know if you have any questions.

Regards,

Bob"

bbornheimer@sandiego.edu
Comment
There are no comments made yet.
Add Comment
Jennifer Faist Accepted Answer
0
Votes
Undo
I also got a reply from Bob Duncan. Here’s the list of known problem resources:

The resources that we know are problematic with wam_sslhost_replace are Factiva, Intelliconnect, psychiatrist.com journals, Nielsen(Kantar) SRDS, and the personalized data feature of RefUSA for sites running current releases of Millennium and Sierra. Prior to Millennium 2014-SP3, there were problems with Scifinder and Value Line, and probably others that were never reported due to the approach not being widely implemented.

If a resource doesn't work with wam_sslhost_replace, there is usually no workaround.

We also have SSO, and the problem with patrons being asked to authenticate even when on campus for https links will not change with this option.

jennifer.faist@artcenter.edu
Comment
There are no comments made yet.
Add Comment
Jennifer Faist Accepted Answer
0
Votes
Undo
I was hoping some of the forum users who have responded to other threads on the same topic might be able to chime in as well. I noticed that Brandon Walker, Jacob Yardley, Beth Juhl and Caroline Checkley have all mentioned implementing this option, and it would be great to hear about your experiences.

Jennifer

jennifer.faist@artcenter.edu
Comment
There are no comments made yet.
Add Comment
Beth Juhl Accepted Answer
0
Votes
Undo
Hi Jennifer, Bee, and friends. Have been trying to get to a repsonse all day and... it just hasn't been a cooperative day. Sorry to take so long.

We do not use SSO; we do use LDAP authentication with the proxy. We've been really pleasd with the wam_sslhost_replace method. It's been so nice not to be generating a new SANs certificate every month or so! We migrated in December and since then our only problem children have been CCH/Intelliconnect (in Software Engineering) and Kantar/SRDS/Neilsen (weird port 9031). We do have a campus VPN and both these resources are specialized enough that we can direct those Law and Business users to connect via VPN if they really need them from off-campus.

We do not have Factiva; we do have SciFinder and have not been able to generate any errors or had any reported to us.

From our point of view - we were willing in 2016 to give WAM one more year before switching to EZ Proxy and then by the end of 2016 Innovative released the wam_sslhost_replace for general uptake. We got lots of good advice from Maurine McCourry at Hillsdale on the project to switch. I can send the details of our process if they would be helpful. It took about 20 hours the last week of the fall semester to review and update our links to be ready.

The advantage, to me, of going to EZ Proxy is that there is such a large user community and publishers seem to "get" it. It's tiresome having to explain that WAM has a prefix and suffix blah blah blah. If we continue to see new issues with wam_sslhost_replace we'll probably look at EZ Proxy again but, with 700+ entries in our WAM forwarding table, I dread it! Plus Bonnie Knight and Bob Duncan are so helpful - good support counts a lot in my book.

Hope that helps and good luck with your decision!
/beth juhl

bjuhl@uark.edu
Comment
Thank you, Beth, for your reply. I would like to see the details of the process if you could send those to me. -Jennifer

jennifer.faist@artcenter.edu
  1. Jennifer Faist
  2. 2 weeks ago
I, too, would be interested in the details of the process as well if possible, Beth (thanks also for the information). We are currently using a SAN cert, but are rapidly running out of entries.

Rebecca

rbeale@lsuhsc.edu

rbeale@lsuhsc.edu
  1. Rebecca Bealer
  2. 2 weeks ago
Hi Beth - I and other folks here would be very interested in your notes too. We have a SAN cert and we are now out of new entries. We've been also been wondering about a SAN + wildcard cert., and or if it is finally time to switch to EZ Proxy. Thanks for any info on the wam_sslhost_replace option.

John

jdillon@anselm.edu


jdillon@anselm.edu
  1. John Dillon
  2. 2 weeks ago
There are no comments made yet.
Add Comment
Jacob Yardley Accepted Answer
0
Votes
Undo
We never made the leap (cannot because old Millennium), so still on a SAN cert. Have space for about 5 more entries, so when one resource insists on multiple https additions because of reasons it does not make me happy.
On the plus side, I am really good at creating SAN certs now.

j.yardley@londonmet.ac.uk
Comment
There are no comments made yet.
Add Comment
Jennifer Faist Accepted Answer
0
Votes
Undo
More information from Bob Duncan: You only have to edit starting URLs if https is required to make the initial connection and you’re using https in your link URL for the resource.

There is no way to test before committing – once the wildcard cert is installed and wam_sslhost_replace is enabled, it is live. Enabling wam_sslhost_replace is easy; disabling it is just as easy (it's just a setting that's either true or false).

The main reward for the wildcard cert approach is that the SAN cert approach is not sustainable going forward.

jennifer.faist@artcenter.edu
Comment
There are no comments made yet.
Add Comment
Beth Juhl Accepted Answer
1
Votes
Undo
Hi Jennifer, Bee, and hey John - hello!

Remember that you are just looking for any existing https addresses to see if they can redirect successfully if you have the http protocol instead. As Jennifer notes - if the site will only take https you need to actually edit the URL itself after you make the switch.

Here is our procedure to get ready for the wam_sslhost_replace switch. Your mileage may vary!

1. Ordered the new wildcard cert with entries for your.libraryserver.edu and *.libraryserver.edu to have it ready.
2. Checked existing proxied https addresses to see if they could redirect from http to https successfully. If yes, then updated them.
For us that was in 4 places:
a. For ejournals: we use Serials Solutions for our Knowledge Base so we exported a spreadsheet of all our ejournal holdings and sorted the list by URL to examine any https sites. Found only a handful, tested them with http, that worked, updated URLs in SS and in ERM Coverage Database.
b. For ebooks and other items with URLs in the 856 field, ran a list on the system for https with proxied URLs. Found one big gob of them in HathiTrust records and updated them with Global Update to http. There were only a handful of others.
c. For databases, we have a local "database of databases" and checked that for https addresses.
Found one that would not successfully redirect from http to https: ValueLine. Flagged that to be updated to https://0-research-valueline-com.library.uark.edu/secure/dashboard.
d. We also have LibGuides, LibAnswers, LibEverything it seems, and so I did a search for any https URLs on those sites just to be sure. Found and corrected a few.
3. Alerted everyone in Technical Services to the https + proxy issue. Wrote up a procedure for testing new URLs/ domains that is mainly used by Serials staff, who work most often with new vendor sites.(see for example http://uark.libguides.com/electronicserials/proxy)
Made a special note about the procedure / load profile for Hathitrust records to remove the https on load.

4. Put in the ticket to make the switch - boom!

Since that time, I do an every-so-often routine (probably not often enough) to check for https proxied links that have crept in to our various systems and updated them.

hope that helps and sorry it took me all day to get back to this.

/beth juhl

bjuhl@uark.edu
Comment
There are no comments made yet.
Add Comment
Caroline Checkley Accepted Answer
0
Votes
Undo
HI all

Sorry for not replying sooner but I have been away.

I don't think I can add much more to Beth's thorough guide and explanation, which is very useful!

We have been using the wam_sslhost_replace method and wildcard + SAN cert for about 3 or 4 years (we are on our 3rd wildcard SAN cert and we have the same entries as Beth your.libraryserver.edu and *.libraryserver.edu), we are also not using SSO but LDAP & proxy and it's generally fine. I still have reservations about WAM, mostly for reasons mentioned (vendors understand EZ and the rewrite is confusing to staff and vendors) but we only have one issue outstanding (relating to Encore Duet pdf articles not displaying) any other issues that have arisen have been sort by either Bob Duncan or Bonnie Knight.

Westlaw Next (which is the U.S. version, we have our own WL UK which is different) is the main bugbear for me, it causes issues periodically and I have found the Thomson helpdesk fairly useless. It's working now but I had trouble getting it working with EZ proxy as well as we do not have an up to date version of EZ proxy - our IT services have EZ proxy which is very useful as I can test things with EZ! A couple of times I have thought I may have to use it for Westlaw but am still using WAM for everything.

We do also use Shibboleth, which is probably used as much as EZ in the UK, we offer both proxy and shibboleth access where possible, some resources we have chosen to use shibboleth only for patron personalisation (EBook central, Lexis).

Hope this helps, let me know if you have any more questions
all the best
Caroline.

checkc@essex.ac.uk
Comment
There are no comments made yet.
Add Comment
Beth Juhl Accepted Answer
0
Votes
Undo
I went back to check our project Trello board and I forgot one other place we looked for https links... that was in our campus LMS, Blackboard. I had the Blackboard admin run a search for me and we found a few https proxied links that we updated.

/ beth juhl

bjuhl@uark.edu
Comment
There are no comments made yet.
Add Comment
Brandon Walker Accepted Answer
0
Votes
Undo
I really advocated for giving the WAM proxy another chance on our campus and for the most part it's been easy for us to finally be able to start dealing with HTTPS resources. Given that wildcard certs are not prohibitively expensive it is an easy move to make. For those with expensive SAN certificates this is actually something of a money-saver.

But I do have concerns about the future of the WAM proxy. III has been aware of Factiva for some time and we have no ETA at all. It is an expensive and important resource and it is a real issue when I go to my boss and say, "No, I have no ETA on a Factiva fix. Yes, EZ Proxy does Factiva just fine." I don't want the WAM proxy to go the way of the WebPAC: still around but basically stagnant. The more of us jump away from the WAM proxy, the harder it gets to convince III to take that WAM proxy and its dwindling user base seriously. But EZ Proxy is the big fish in this space, and OCLC has been good about keeping it compatible.

bwalker@jcu.edu
Comment
I absolutely agree with this we have Encore Duet so the proxy fits nicely with the patron login and I want to see the product continue. It is good to see something on the roadmap but it definitely needs ongoing development and investment.

checkc@essex.ac.uk
  1. Caroline Checkley
  2. 1 week ago
There are no comments made yet.
Add Comment
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
Guest
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,pdf,ppt,pptx,doc,docx,xls,xlsx,,txt,rtf,jrxml
• Remove Upload Files (Maximum File Size: 2 MB)
You may insert polls into your post. The poll would then appear in the post.
Vote Options
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.