Most Popular

The .cpb file describes the search capabilities of a source. The .pmf is the pre-mapping file that allows administrators to map search/index attributes that apply before the Muse ISR stylesheet is used to format the search for the source (thus “Pre”-mapping). The .cpb file lists all the search indexes and Boolean operators which are supported by the Source (whatever the actual, native syntax of the attribute). It is also a place where other source capabilities could be added later for easy import into the Muse InfoBase. The search limiter sets are one example. The .pmf file provides a mapping from one attribute in ISR to one attribute in translator. The .pmf mapping is TO an attribute which is handled into the ISR translator. All of the attributes handled (supported) in the ISR translator have been automatically extracted and recorded into the appropriate section in .cpb file. By default, the PMF files map unsupported attributes to keyword.

MuseGlobal provides the following method for search and retrieval of EBSCOhost content: EBSCO Integration Toolkit (EIT)

This is a SOAP-based Web Service approach which provides the optimal combination of performance and completeness. You can find the EIT Source Packages by searching in your Muse Console’s “Add Sources” section in the “IDs Containing” field for the term EIT. EIT SPs have Source IDs which start with the string EBSCOEIT.


The HTTP Source Packages for EBSCO search on the URL
http://search.ebscohost.com/. The EIT Source Packages use
http://eit.ebscohost.com/Services/SearchService.asmx as the Home URL and Search URL.

Authentication for the EBSCOEIT Source Packages is two-fold.

1) Authentication for search and retrieval can done by user/pw (with the USER_NAME and USER_PASSWORD fields of the profile) or IP (with the CUSTOM_PARAMETERS field of the profile).

For search/retrieval authentication by IP, a value must be placed in the CUSTOM_PARAMETERS tag from the EBSCOEIT* source profile. Again, this is used to connect to and search a certain database. Using this IP authentication, you may be authenticated to a number of databases.

Example :
where : IP_ADDRESS=your IP which authenticates to EIT.

Please note that your EBSCO account must be specifically enabled in order to use of EIT. The user/pw used for connecting to http://search.ebscohost.com/ will not work for EIT. Also note that the IP_PROFILE will be either eit or eitws; — this string matches the 3rd section of your 3-part EIT authentication string (ex. s123456.main.eit or s123456.main.eitws). Please check with EBSCO if you are not sure which it is.

2) The aforementioned authentication by IP or user/pw gives us access to the EBSCOEIT API, but it does not provide successful link navigation on the record links obtained.

For this, the PROXY_HOST and PROXY_PORT in the profile must be configured. IMPORTANT: authentication to EBSCO for link navigation is only done by IP.

Example :

So, in conclusion, 2 IP authentication settings are needed: one (user/pw or IP) for accessing and searching the EBSCOEIT database desired and the other one (proxy IP) to successfully navigate on the record links obtained.

Questions about your EIT account status should be referred to Gregory Julien [GregoryJulien@ebscohost.com].

Categories: Muse Search, Sources

You can configure LDAP authentication as a single authentication method. The steps are:
– copy the ${MUSE_HOME}/use/ice/profiles/ICELoginModuleLDAP.xml file into the application which is to be configured, into the ${MUSE_HOME}/home/ApplicationID/profiles/ folder, where replace ApplicationID with the exact application ID you wish to configure with LDAP authentication.
– configure the necessary Muse login modules for the application. Below is their list in the correct order along with the correct flag values:
– ICELoginModuleXML – required;
– ICELoginModuleParametersRemap – required;
– ICELoginModuleLDAP – requisite.
The configuration of the login modules is done through the Muse Console for Applications Administration as follows: select the desired application from the list of applications and click on the left menu – “Login Modules”; from this location manage the login modules: add, delete or edit them. The ICELoginModuleParametersRemap login module must have the following attributes and values: ldapUserPwd=”wwwAuthPwd” ldapUserID=”wwwAuthID” .
– Configure the properties of the ICELoginModuleLDAP login module:
– in the MCAA console select the desired application from the list of applications and click on the left menu – “Login Modules” and in the “Login Modules” panel click on the “Edit” link from next to the ICELoginModuleLDAP entry;
– in the editor page change the value for the “config” field from the default "${ICE_HOME}/profiles/ICELoginModuleLDAP.xml" to
where replace ApplicationID with the exact application ID you wish to configure with LDAP authentication.
– click the “Update” button;
– click the “Edit Config File” and configure the elements specific to the LDAP server, such as LDAP-URL, BASE-DN…etc.
– Create a login page where the enduser will enter his/hers LDAP credentials to login into the application:
– create a backup copy of the ${MUSE_HOME}/web/www/logon/ApplicationID/index.html file, where replace ApplicationID with the exact application ID you wish to configure with LDAP authentication.
– edit the ${MUSE_HOME}/web/www/logon/ApplicationID/index.html file, locate the line:

and replace the content from below that line until the line


User Name:

where replace the 2 ApplicationID occurrences with the exact application ID you wish to configure with LDAP authentication and ApplicationPassword with the right password.
– the access URL for authenticating with LDAP credentials in this application is:
where replace ApplicationID with the exact application ID you wish to configure with LDAP authentication

Under $ICE_HOME/, there is a script called “version”. Running this script will allow you to see what version of ICE you are running. The version of the ICE server also tells you the Muse version.
This can be run as a normal script on a Unix based Operating Systems ($ICE_HOME/version) or from a Command Prompt window under Windows Operating Systems (%ICE_HOME%/version.bat).

There is a more comprehensive script in Muse which prints out the version of all installed Muse components and tools called startSystemInformation. This script is available only if the “Muse Admin Bridge” product is licensed. It can be run as a normal script on a Unix based Operating Systems ($USE_HOME/tools/startSystemInformation) or from a Command Prompt window under Windows Operating Systems (%USE_HOME%/tools/startSystemInformation.bat).

Categories: Muse Search, Tools

Load More


Follow the instructions from bellow for configuring the authentication for the Muse Search Application with Microsoft’s Azure Active Directory, using SAML.
In this scenario, the Muse Search Application is the Service Provider (SP), while Azure AD is the Identity Provider (IDP).

  1. Generate the Service Provider Metadata

    Access the administration end point for SAML at an URL of the form:
    where replace your_domain with the actual domain of the Muse installation.
    Use admin as the username and the configured password.

    In the Muse SSO Metadata Administration page click on the Generate new service provider button to access the metadata generation page.
    In the Metadata Generation page, make sure the Signing key and Encryption key values are the proper ones. Fill in an alias value in the Entity alias input. The rest of configurations should be left with the default values. When done click the Generate metadata button.

    In the Metadata Details page follow the steps listed in section “In order to permanently store the metadata follow these instructions:“.
    After the restart of the Muse web service, access again the Muse SSO Metadata Administration page, the metadata details for the newly added entity and click the Download entity metadata button to download it.

  2. Setup a new application in the Azure Portal

    Access the Azure Portal at: https://portal.azure.com/ and navigate to Azure Active Directory -> Enterprise applications from the menu and click New Application. Add the custom application by accessing Create your own application link and add the name of the application (e.g. Muse Search), making sure the option Integrate any other application you don’t find in the gallery (Non-gallery) is selected. Then chose the application created and select Setup single sign-on from the Manage menu, and then click the “SAML” button to access the configuration guide.

    In the new page click the Upload metadata file and select the metadata file which was downloaded at the previous step. All necessary values will be loaded in the Basic SAML Configuration, click the Save button to store them.

    From the Set up Single Sign-On with SAML page, copy the value of App Federation Metadata Url to be used at the next step.

    Make sure that the necessary user groups and users are configured to access the newly created Azure application. See the below instructions for doing this:

  3. Generate a new IDP

    Access the Muse SSO Metadata Administration pages (as described at #1) and click the Add new identity provider metadata button.
    In the Add New IDP Metadata files page, enter the URL copied from the Azure Portal in the Take metadata from URL: input and click the Test IDP metadata button.

    Next follow the instructions listed in the page to finalize the setup of the new IDP entity.

  4. Wire the Muse Search Application for SAML authentication

    Follow the instruction from below to finalize the setup of SAML authentication with Microsoft Azure AD.

    – Edit the ${MUSE_HOME}/aas/jaas.config file and add at the end of the file the below entry:

    MuseKnowledge.Azure {
    com.edulib.ice.security.authentication.ICELoginModulePropertiesExtractor requisite config="${ICE_HOME}/profiles/ICELoginModulePropertiesExtractor.Azure.xml";
    com.edulib.ice.security.authentication.ICELoginModule requisite ;

    – Download this file and place it in the following location ${USE_HOME}/profiles/ . Edit the downloaded file, locate the following placeholders: PLACE_HERE_THE_IDP_ENTITY_ID, MuseSearchApplicationID and MuseSearchApplicationPassword and replace them with the appropriate values.
    – Test the integration using an URL of the form:
    where replace your_domain, ALIAS and IDP_ENTITY_ID with the appropriate values.

In the $MUSE_HOME/tomcat/docs/Apache Tomcat embedded within Muse.pdf manual, chapter “ Secured Connections” you can find all details about securing the access to the Muse Embedded Tomcat server using SSL certificates.

Basically you need to generate a keystore from the private key and certificate, and enable it into the Tomcat’s configuration file: $MUSE_HOME/tomcat/conf/server.xml by uncommenting or adding if not already existing the connector:

Make sure the keystore name is correct and its password. Also inbound access on port 443 must be opened in the firewall.

Alternatively, for creating the keystore file, you can use EduLib’s CERTivity® KeyStores Manager tool. Get the free license, download and install it and follow the steps below for creating the keystore:

  1. File menu –> New KeyStore
    File name: keystore
    New KeyStore Type: jks
    Click on Save.
  2. KeyStore menu –> Import Key Pair
    – select PKCS #8
    – uncheck Private Key Encrypted
    – Private Key File: browse to your (.KEY) private key file
    – Certificate(s) File: browse to your (.CRT) certificates file
    – then OK
    – Alias should remain as suggested –> then OK
    – enter pass “changeit” without quotes (as it is default into the ${MUSE_HOME}/tomcat/conf/server.xml file) –> then OK
  3. File menu –> Save
  4. KeyStore menu –> Change Keystore Password
    – enter pass “changeit” without quotes (as it is configured into the ${MUSE_HOME}/tomcat/conf/server.xml file) –> then OK
  5. File –> Save
  6. Rename the resulted file from “keystore.jks” to “keystore” and place it into the ${MUSE_HOME}/tomcat/conf/ directory.

The access into the Muse Administration Consoles such as the MCAA (Muse Console for Applications Administration) is secured by IP authentication, besides Username/Password.

The access point for the MCAA console is:


There are 2 methods for adding a new IP as an allowed IP address from where the MCAA console can be accessed:

1. From the MCAA console (reommmended). Login into the MCAA console from an already allowed IP address and follow the below steps:

  • Access the Users top menu;
  • From the Users page access the left menu item – Muse Authentication and Authorization Users;
  • In the new page select the mcaa user (or the desired administrator user from the list) and click the left menu item – Edit Access Rules;
  • In the Edit Access Rules pop-up page, click an Insert link corresponding to the last entry from the list;
  • For the new item that was added, edit the IP value and add the desired IP address. When done click the Update button.
2. Manually by editing the IP rules file on disk.
  • Access the Muse server remotely, the access method differs, depending on the Operating System (RDP/VNC/TeamViewer, etc. for Windows based systems, SSH/VNC, etc. for Linux based systems);
  • Edit the file ${MUSE_HOME}/aas/hosts.xml file.
  • Locate the USER_RULE section corresponding to the mcaa user (or the desired administrator). It should look like: mcaa
  • Add next to the existing IP rules a new entry as following: Your_IP_Address, where replace Your_IP_Address with the actual IP address value.
Before saving the changes, the file must be double checked for not breaking it, since it is a XML file.

Below are the steps to enable and configure the “IP on campus/personal account off campus” authentication workflow for a MuseKnowledge Application. Note that they apply for versions starting with 7.6.

1) Configure the login modules.

Edit the ${ICE_HOME}/jaas.config file, locate the application entry for which to make the settings
(refered below ad AppID). It should look like below:
AppID {
com.edulib.ice.security.authentication.ICELoginModuleXML required passwords="${ICE_HOME}/profiles/passwords.xml";

The entry must be modified to look like below:
AppID {
com.edulib.ice.security.authentication.ICELoginModuleXML required passwords="${ICE_HOME}/profiles/passwords.xml" justUser="true";
com.edulib.ice.security.authentication.ICELoginModuleIP sufficient hosts="${ICE_HOME}/profiles/hosts.xml";
com.edulib.ice.security.authentication.ICELoginModulePPMS required xmldbLocation="xmldb:exist:http://admin:@localhost:8000/xmldb/exist/xmlrpc";

(the 8000 port must be adjusted accordingly as per the Tomcat’s installation port)

2) Add the allowed IP(s) for the IP authentication

Login into the MCAA console, select the application from the list (AppID) and click on the “Login Modules” left menu. In the login modules listing click the “Edit” link corresponding to the ICELoginModuleXML module. In the new panel click the “Insert” link and start adding the IP(s). Consult the available help details to see the accepted format entries.

3) Make the end-user interface changes

Login into the MCAA console, select the application from the list (AppID) and click on the “Application General Settings->Interface Options” left menu link. In the Branding tab, “Login Page” section, press the “Load remap U/P Form”, then click the Update button from the bottom of the page.

4) Enable the “My Account” functionality

Login into the MCAA console, select the application from the list (AppID) and click on the “Application General Settings->Interface Options” left menu link. In the Functionality tab, locate the My Account” section and enable the “Enable Account:”, “Enable Saved Searches” and “Enable WorkRoom” features.

From this moment the “IP on campus/personal account off campus” authentication workflow should work, the access URL to use is:


For searching IEEE content we provide Source Packages based on API, currently two are available for download in Muse Source Factory:

1) IEEEXploreAPIXML. This is a generic Source Package retrieving content without any filtering.

2) IEEEASPPXploreAPIXML. This is a Source Package specifically built to retrieve content from IEEE All-Society Periodicals Package. More exactly it has pre-configured the following filters:

To use any of the above SPs you need an API key from IEEE, to get it follow the steps below:

1) Register for an account on the IEEE Developer website: https://developer.ieee.org/

2) Apply for an API key.

Once you have the API key you must configure it through the Muse Console for Applications Administration (MCAA) in the “Custom Parameters” section, as value for the API_KEY parameter.

Categories: Muse Search, Sources

Load More