[ List Archives Home ] [ Thread index for 2008 ]
[ Date index for 2008 ]
[ Author index for 2008 ]
[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
At 09:14 AM 01/10/2008, Margaret wrote:
Stephen, be careful about thinking that LDAP=Single Signon. This is not
always the case. The iii LDAP client simply uses the LDAP server to
verify against. Thus, it is possible that a student could login to your
college portal and still have to reverify to download electronic
reserves. Of course, the username and password would be the same as
their college username and password. There are lots of variable and
you may want to have your IT people talk with iii.
Stephen I. Klein wrote:
> We would like to integrate Course Reserves into our Portal. We are chewing
> on the concept of purchasing the External Patron Verification
Tool (LDAP) so
> our patrons do not have to login to the campus portal twice. If we do not
> purchase the LDAP tool, our patrons will need to use there name and barcode
> to access My Millennium and download reserve documents. Are
there any other
> variables I need to consider in terms of integrating our OPAC/Coruse
> Reserves into the campus Portal?
To add to what Margaret said, my understanding of III and LDAP and
single sign-on is this (corrections/clarifications welcomed):
III offers an external verification product (201LDAP) and a single
sign-on support product (201SS). The two are distinct products with
distinct functionality and which one(s) you choose depends on what
you want to do. Either product on its own might suffice; you might want both.
The external verification product, aka the LDAP product, allows you
to do one thing: your patrons can authenticate to the Innovative
system using LDAP credentials. Although having the LDAP product will
allow campus patrons to include the library system in the list of
campus services they can access using a single set of credentials,
the product on its own will not facilitate true single sign on, i.e.,
logging on once to get access to a variety of services without having
to reauthenticate for each one.
The SSO product allows you to do one thing: it allows the Innovative
system to participate in a single sign on system. Or put another
way, it allows your users to authenticate via your single sign on
server (your campus portal), then access III services that require
authentication without having to reaunthenticate. The SSO product on
its own will not allow users to authenticate directly to the library
system using their LDAP credentials.
So if you want your users to be able to authenticate directly to the
Innovative system using their LDAP credentials, you need the LDAP
(external verification) product. If you want them to be able to
authenticate through your single sign on server and not have to
reauthenticate to the Innovative server, then you need the SSO
product. If you want them to be able to do both, then you need both
products---if you were to purchase only the SSO product, campus
patrons would be able to authenticate to the library system using
their LDAP credentials via the portal, but would still have to use
their name/barcode to authenticate if they don't go through the
portal; if you purchase only the LDAP product, campus patrons would
be able to use their LDAP credentials to authenticate to the
Innovative system, but they would still need to do so even after
authenticating to the campus portal (as Margaret points out).
Bob Duncan
~!~!~!~!~!~!~!~!~!~!~!~!~
Robert E. Duncan
Systems Librarian
Editor of IT Communications
Lafayette College
Easton, PA 18042
duncanr at lafayette dot edu
http://www.library.lafayette.edu/
Home
Mailing list