Versions Compared

Old Version 7

changes.mady.by.user James English

Saved on

compared with

New Version 8

changes.mady.by.user James English

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info
titlePlace Holder

Needs documentation review

When content is locally hosted in S3 there will be no need for SAML cookies because the Circulation Manager won’t need to pass cookies from the client and  via redirects to get access to content (Circulation Manager will have direct access to the S3 buckets).

The workflow will contain the following steps:

  • SimplyE Client application initiates a SAML workflow using a link from the CM’s authentication document
  • The Circulation Manager redirects a patron to the IdP
  • IdP asks the patron to enter their credentials
  • IdP checks credentials and if they’re correct sends a SAML assertion to CM
  • The Circulation Manager verifies the SAML assertion, extracts a unique ID of the patron and generates a bearer token based on this
  • The Circulation Manager redirects the client application to the callback URL specified in the authentication request
  • SimplyE Client application receives the bearer token and understand that the patron has been successfully authentication
  • The patron tries to borrow a book
  • The SimplyE Client application calls the Circulation Manager's fulfill method and passes the bearer token in the HTTP Authorization header (it also passes SAML cookies but they’re not required in this case because of the reasons described above)
  • The Circulation Manager fulfills a book link to S3 URL, then signs it using the expiration time setting set up by an administrator and redirects to it
  • The SimplyE Client application receives a book accessible via a expirable pre-signed S3 URL

Anonymous access

Even if your OPDS server allows anonymous access, you can't join the SimplyE library registry without an Authentication For OPDS document. There are two reasons for this. First, you need to explicitly state that your OPDS server allows anonymous access, and the Authentication For OPDS document is the place to do that. Second, the library registry needs all that extension information–your colleciton's description, audiences and languages, and so on–and that stuff goes in the Authentication for OPDS document.
Static generation In most cases the Authentication For OPDS document can be a static document. You only need to regenerate it if something about your server's code or configuration changes.

...