Most Popular

The .cpb file describes the search capabilities of a source. The .pmf is the pre-mapping file that allows administrators to map search/index attributes that apply before the Muse ISR stylesheet is used to format the search for the source (thus “Pre”-mapping). The .cpb file lists all the search indexes and Boolean operators which are supported by the Source (whatever the actual, native syntax of the attribute). It is also a place where other source capabilities could be added later for easy import into the Muse InfoBase. The search limiter sets are one example. The .pmf file provides a mapping from one attribute in ISR to one attribute in translator. The .pmf mapping is TO an attribute which is handled into the ISR translator. All of the attributes handled (supported) in the ISR translator have been automatically extracted and recorded into the appropriate section in .cpb file. By default, the PMF files map unsupported attributes to keyword.

MuseGlobal provides three methods for search and retrieval of EBSCOhost content.

  • Z39.50
  • HTTP
  • EBSCO Integration Toolkit (EIT)

Where applicable, the preferred method of access is via EIT. This is a SOAP-based Web Service approach which provides the optimal combination of performance and completeness. You can find the EIT Source Packages by searching in your Muse Console’s “Add Sources” section in the “IDs Containing” field for the term EIT. EIT SPs have Source IDs which start with the string EBSCOEIT.


The HTTP Source Packages for EBSCO search on the URL
http://search.ebscohost.com/. The EIT Source Packages use
http://eit.ebscohost.com/Services/SearchService.asmx as the Home URL and Search URL.

Authentication for the EBSCOEIT Source Packages is two-fold.

1) Authentication for search and retrieval can done by user/pw (with the USER_NAME and USER_PASSWORD fields of the profile) or IP (with the CUSTOM_PARAMETERS field of the profile).

For search/retrieval authentication by IP, a value must be placed in the CUSTOM_PARAMETERS tag from the EBSCOEIT* source profile. Again, this is used to connect to and search a certain database. Using this IP authentication, you may be authenticated to a number of databases.

Example :

where : IP_ADDRESS=your IP which authenticates to EIT.

Please note that your EBSCO account must be specifically enabled in order to use of EIT. The user/pw used for connecting to http://search.ebscohost.com/ will not work for EIT. Also note that the IP_PROFILE will be either eitor eitws; — this string matches the 3rd section of your 3-part EIT authentication string (ex. s123456.main.eit or s123456.main.eitws). Please check with EBSCO if you are not sure which it is.

2) The aforementioned authentication by IP or user/pw gives us access to the EBSCOEIT API, but it does not provide successful link navigation on the record links obtained.

For this, the PROXY_HOST and PROXY_PORT in the profile must be configured. IMPORTANT: authentication to EBSCO for link navigation is only done by IP.

Example :

So, in conclusion, 2 IP authentication settings are needed: one (user/pw or IP) for accessing and searching the EBSCOEIT database desired and the other one (proxy IP) to successfully navigate on the record links obtained.

Questions about your EIT account status should be referred to Gregory Julien [GregoryJulien@ebscohost.com].

Categories: Muse Search, Sources

The instructions and code provided below are based on the following assumptions:

  • MuseProxyFoundationHMAC is the Muse Proxy application configured with HMAC authentication;
  • quiet is the value of the secret;
  • userName and timestamp are the signature parameters;
  • SHA256 is the algorithm;
  • the separator between the signature parameters is . .

Integrate the following code into your ASPX page:

<%@ Page Language="C#" %>
<%@ Import Namespace="System" %>
<%@ Import Namespace="System.Linq" %>
<%@ Import Namespace="System.Security.Cryptography" %>
<%@ Import Namespace="System.Text" %>
<%@ Import Namespace="System.IO" %>
<%@ Import Namespace="System.Collections.Generic" %>

<script runat=server>
public String getHmacURL(String museProxyURL, String applicationID, String generatedHmacDigest, String parametersToSend) {
return museProxyURL + "/" + applicationID + "?sig=" + generatedHmacDigest + parametersToSend;
public String getParametersToCreateURL(Dictionary usedParameters){
String parametersToSend = "";
foreach( KeyValuePair param in usedParameters )
String key = param.Key;
if (!key.Equals ("userAddress") && !key.Equals ("userAgent") && !key.Equals ("referer")) {
parametersToSend += "&" + key + "=" + param.Value;
return parametersToSend;
public String getValueForGenerateDigest(Dictionary usedParameters, String separator){
String value = "";
int length = usedParameters.Count;
for (int i = 0; i < length; i++) { if (i < length - 1) { value += usedParameters.Values.ElementAt(i) + separator; } else { value += usedParameters.Values.ElementAt(i); } } return value; } public String generateHmacDigest(String algorithm, String secret, String value){ byte[] key = System.Text.ASCIIEncoding.Default.GetBytes(secret); byte[] byteArray = Encoding.ASCII.GetBytes(value); MemoryStream stream = new MemoryStream(byteArray); String digest = null; if (algorithm.Equals ("sha1")) { HMACSHA1 hmacSHA1 = new HMACSHA1 (key); digest = hmacSHA1.ComputeHash (stream).Aggregate ("", (s, e) => s + String.Format ("{0:x2}", e), s => s);
} else if (algorithm.Equals ("md5")) {
HMACMD5 hmacMD5 = new HMACMD5 (key);
digest = hmacMD5.ComputeHash (stream).Aggregate ("", (s, e) => s + String.Format ("{0:x2}", e), s => s);
} else if (algorithm.Equals ("sha256")) {
HMACSHA256 hmacSHA256 = new HMACSHA256 (key);
digest = hmacSHA256.ComputeHash (stream).Aggregate ("", (s, e) => s + String.Format ("{0:x2}", e), s => s);
} else if (algorithm.Equals ("sha384")) {
HMACSHA384 hmacSHA384 = new HMACSHA384 (key);
digest = hmacSHA384.ComputeHash (stream).Aggregate ("", (s, e) => s + String.Format ("{0:x2}", e), s => s);
} else if(algorithm.Equals ("sha512")){
HMACSHA512 hmacSHA512 = new HMACSHA512 (key);
digest = hmacSHA512.ComputeHash (stream).Aggregate ("", (s, e) => s + String.Format ("{0:x2}", e), s => s);
return digest;
public Dictionary initUsedParameters(){
// timestamp represent the current UNIX timestamp
long ticks = DateTime.UtcNow.Ticks - DateTime.Parse("01/01/1970 00:00:00").Ticks;
ticks /= 10000000; //Convert windows ticks to seconds
String timestamp = ticks.ToString();
// referer is the referer from request
String referer = Request.Url.GetLeftPart(UriPartial.Authority);
// userAddres is IP adress for user from request
String userAddress = GetIP();
// userAgent is userAgent from request header
String userAgent = HttpContext.Current.Request.UserAgent;

Dictionary parameters = new Dictionary();
parameters.Add ("userName", "username");
parameters.Add ("ts", timestamp);
//parameters.Add("referer", referer);
//parameters.Add("userAddress", userAddress);
//parameters.Add("userAgent", userAgent);
return parameters;

String algorithm = "sha256";
String secret = "quiet";
String proxyURL = "http://MUSE_PROXY_HOST:PORT";
String applicationID = "MuseProxyFoundationHMAC";
String separator = ".";

public String getDigest(){
String value = getValueForGenerateDigest(initUsedParameters(), separator);
return generateHmacDigest(algorithm,secret,value);

public String getURL(){
return getHmacURL(proxyURL, applicationID, getDigest(), getParametersToCreateURL(initUsedParameters()));

public static String GetIP()
String ip = HttpContext.Current.Request.ServerVariables["HTTP_X_FORWARDED_FOR"];

if (string.IsNullOrEmpty(ip))
ip = HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"];
return ip;


where replace MUSE_PROXY_HOST:PORT with your actual Muse Proxy host and port.

The aditional file MuseProxyHMAC.cs that needs to be integrated into your project can be dowloaded from here.
The commented lines are for the cases when you want to use in the signature the userAgent/referer/userAddress values.
Note that they must be specified in the Muse Proxy as well (in the $MUSE_HOME\proxy\webcontexts\Applications\MuseProxyFoundationHMAC
\profiles\login\ProxyLoginModuleHMAC.xml file).

Categories: Muse Proxy, Usage

The instructions and code provided below are based on the following assumptions:
– MuseProxyFoundationHMAC is the Muse Proxy application configured with HMAC authentication;
– quiet is the value of the secret;
– userName and timestamp are the signature parameters;
– SHA256 is the algorithm;
– the separator between the signature parameters is . .

Integrate the following code into your Java project:

package com.edulib.muse.proxy.samples;

import java.io.IOException;
import java.io.PrintWriter;
import java.util.LinkedHashMap;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class Index extends HttpServlet {
private static final long serialVersionUID = 1L;

* Default constructor.
public Index() {
// TODO Auto-generated constructor stub

* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

String algorithm = "HmacSHA256";
String secret = "quiet";
String proxyURL = "http://MUSE_PROXY_HOST:PORT";
String applicationID = "MuseProxyFoundationHMAC";
String separator = ".";
// timestamp represent the current UNIX timestamp
String timestamp = "" + System.currentTimeMillis() / 1000L;
// referer is the referer from request
String referer = request.getRequestURL().toString();
// userAddres is IP adress for user from request
String userAddress = request.getRemoteAddr();
// userAgent is userAgent from request header
String userAgent = request.getHeader("user-agent");

LinkedHashMap parameters = new LinkedHashMap();
parameters.put("userName", "test");
parameters.put("ts", timestamp);
parameters.put("referer", referer);
parameters.put("userAddress", userAddress);
parameters.put("userAgent", userAgent);

MuseProxyHMAC museProxyHMAC = new MuseProxyHMAC(proxyURL, applicationID, secret, algorithm, separator, parameters);

PrintWriter out = response.getWriter();
out.print(""<a href=\"" + museProxyHMAC.generatedURL + "\" target=\"_blank\">" + museProxyHMAC.generatedURL + "</a>"");

where replace MUSE_PROXY_HOST:PORT with your actual Muse Proxy host and port.
The aditional file MuseProxyHMAC.java that needs to be integrated into your Java project can be downloaded from here.

Categories: Muse Proxy, Usage

The overall steps would be:
1) Create the new application as copy of the MuseProxyFoundation template, the ID of the new application to be MuseProxyFoundationHMAC for example.
2) Edit the file



and do the following:
– Locate the


node and remove its content, thus obtaining an empty node:

– Edit the value of the node

to be:
HMAC Authentication

– Add the following sequence under the node



(make sure that after pasting the content the XML file is still valid)

3) Refresh the applications properties via the Muse Proxy Administrator Console -> Advanced left menu section -> Operations item -> Refresh Applications button.
Now the HMAC is set with HMAC authentication.

4) Establish and configure the parameters for the HMAC authentication. For this edit the file:
and make changes according to your requirements. E.g. you may want to change the secret value (default is quiet) and the parameters that you want to hash as part of the signature. By default only the userName (Application ID) and timestamp are used, however you can add the userAgent and/or referer and/or userAddress to be hashed.

We assume for the examples purposes that all defaults remain (e.g. the quiet secret and userName.timestamp as message to sign with HmacSHA1).

Assuming that you want to proxify an URL (ex. http://www.amazon.com/) for the MuseProxyFoundationHMAC Muse Proxy application, the generated HMAC URL will look like:


where MUSE_PROXY_HOST:PORT are the Muse Proxy server details.

Note that by default the validity of this URL is 30 seconds.

For more detailed information on enabling and configuring HMAC authentication refer to the Muse Proxy Advanced Configuration.pdf manual, ProxyLoginModuleHMAC chapter.

5) Create your server side implementation that will generate dynamically the HMAC link(s).


1) The generated HMAC URL will work only for 30 seconds (configurable in the value of the TS_EXPIRY field in

2) The server generating the HMAC links and the Muse Proxy server must be time synchronized. This is a must, otherwise if the 2 machines are not synchronized with regard to the time, the HMAC links will not work due to the validity value of the signature.
3) If you create proxified links, the destination URL (e.g the value of the qurl parameter) must be URL encoded.

Categories: Muse Proxy, Usage

Load More


In the $MUSE_HOME/tomcat/docs/Apache Tomcat embedded within Muse.pdf manual, chapter “ Secured Connections” you can find all details about securing the access to the Muse Embedded Tomcat server using SSL certificates.

Basically you need to generate a keystore from the private key and certificate, and enable it into the Tomcat’s configuration file: $MUSE_HOME/tomcat/conf/server.xml by uncommenting or adding if not already existing the connector:

Make sure the keystore name is correct and its password. Also inbound access on port 443 must be opened in the firewall.

Alternatively, for creating the keystore file, you can use EduLib’s CERTivity® KeyStores Manager tool. Get the free license, download and install it and follow the steps below for creating the keystore:

  1. File menu –> New KeyStore
    File name: keystore
    New KeyStore Type: jks
    Click on Save.
  2. KeyStore menu –> Import Key Pair
    – select PKCS #8
    – uncheck Private Key Encrypted
    – Private Key File: browse to your (.KEY) private key file
    – Certificate(s) File: browse to your (.CRT) certificates file
    – then OK
    – Alias should remain as suggested –> then OK
    – enter pass “changeit” without quotes (as it is default into the ${MUSE_HOME}/tomcat/conf/server.xml file) –> then OK
  3. File menu –> Save
  4. KeyStore menu –> Change Keystore Password
    – enter pass “changeit” without quotes (as it is configured into the ${MUSE_HOME}/tomcat/conf/server.xml file) –> then OK
  5. File –> Save
  6. Rename the resulted file from “keystore.jks” to “keystore” and place it into the ${MUSE_HOME}/tomcat/conf/ directory.

The access into the Muse Administration Consoles such as the MCAA (Muse Console for Applications Administration) is secured by IP authentication, besides Username/Password.

The access point for the MCAA console is:


There are 2 methods for adding a new IP as an allowed IP address from where the MCAA console can be accessed:

1. From the MCAA console (reommmended). Login into the MCAA console from an already allowed IP address and follow the below steps:

  • Access the Users top menu;
  • From the Users page access the left menu item – Muse Authentication and Authorization Users;
  • In the new page select the mcaa user (or the desired administrator user from the list) and click the left menu item – Edit Access Rules;
  • In the Edit Access Rules pop-up page, click an Insert link corresponding to the last entry from the list;
  • For the new item that was added, edit the IP value and add the desired IP address. When done click the Update button.
2. Manually by editing the IP rules file on disk.
  • Access the Muse server remotely, the access method differs, depending on the Operating System (RDP/VNC/TeamViewer, etc. for Windows based systems, SSH/VNC, etc. for Linux based systems);
  • Edit the file ${MUSE_HOME}/aas/hosts.xml file.
  • Locate the USER_RULE section corresponding to the mcaa user (or the desired administrator). It should look like: mcaa
  • Add next to the existing IP rules a new entry as following: Your_IP_Address, where replace Your_IP_Address with the actual IP address value.
Before saving the changes, the file must be double checked for not breaking it, since it is a XML file.

The correct ways to use a proxy URL are listed below:
1) By source ID:

2) By proxy prefix:

Using a followup rewritten URL which contain session information:
ex: https://0d102vm5x-y-https-search-proquest-com.your_proxy_domain/databases
is not recommended.

Categories: Muse Proxy, Usage

We found the following bug reports:



JDK-8181199 : JRE crashes when JFileChooser.showOpenDialog() is called and the “Godmode” folder is on the Desktop


They all describe the same issue for java 1.8.0_131 in certain conditions, like the existence of a “Godmode” folder or mapped network drive issues.

Since this is a bug for the java version –  1.8.0_131-b11 embedded within CERTivity, the fix consists in running CERTivity with an external java 8 with a newer build version than 131.

You can specify an external java to use for running CERTivity by editing the configuration file:

“C:\Program Files\EduLib\CERTivity 2.0\etc\certivity.conf”

and changing the value for “jdkhome” with the location of the external java (JDK or JRE). Restart CERTivity after making this change.

An example entry using OpenJDK 8, update 242:

jdkhome=”C:\Program Files\AdoptOpenJDK\jdk-”

Categories: CERTivity, Usage

Below are the steps to enable and configure the “IP on campus/personal account off campus” authentication workflow for a MuseKnowledge Application. Note that they apply for versions starting with 7.6.

1) Configure the login modules.

Edit the ${ICE_HOME}/jaas.config file, locate the application entry for which to make the settings
(refered below ad AppID). It should look like below:
AppID {
com.edulib.ice.security.authentication.ICELoginModuleXML required passwords="${ICE_HOME}/profiles/passwords.xml";

The entry must be modified to look like below:
AppID {
com.edulib.ice.security.authentication.ICELoginModuleXML required passwords="${ICE_HOME}/profiles/passwords.xml" justUser="true";
com.edulib.ice.security.authentication.ICELoginModuleIP sufficient hosts="${ICE_HOME}/profiles/hosts.xml";
com.edulib.ice.security.authentication.ICELoginModulePPMS required xmldbLocation="xmldb:exist:http://admin:@localhost:8000/xmldb/exist/xmlrpc";

(the 8000 port must be adjusted accordingly as per the Tomcat’s installation port)

2) Add the allowed IP(s) for the IP authentication

Login into the MCAA console, select the application from the list (AppID) and click on the “Login Modules” left menu. In the login modules listing click the “Edit” link corresponding to the ICELoginModuleXML module. In the new panel click the “Insert” link and start adding the IP(s). Consult the available help details to see the accepted format entries.

3) Make the end-user interface changes

Login into the MCAA console, select the application from the list (AppID) and click on the “Application General Settings->Interface Options” left menu link. In the Branding tab, “Login Page” section, press the “Load remap U/P Form”, then click the Update button from the bottom of the page.

4) Enable the “My Account” functionality

Login into the MCAA console, select the application from the list (AppID) and click on the “Application General Settings->Interface Options” left menu link. In the Functionality tab, locate the My Account” section and enable the “Enable Account:”, “Enable Saved Searches” and “Enable WorkRoom” features.

From this moment the “IP on campus/personal account off campus” authentication workflow should work, the access URL to use is:


Load More