FAQ
FAQ by Product
Most Popular
- Z39.50
- HTTP
- EBSCO Integration Toolkit (EIT)
USER_NAME and USER_PASSWORD fields of the profile) or IP (with the CUSTOM_PARAMETERS field of the profile).
For search/retrieval authentication by IP, a value must be placed in the CUSTOM_PARAMETERS tag from the EBSCOEIT* source profile. Again, this is used to connect to and search a certain database. Using this IP authentication, you may be authenticated to a number of databases.
Example :
<CUSTOM_PARAMETERS>AUTH_TYPE=ip;IP_PROFILE=eit;
IP_ADDRESS=1.2.3.4</CUSTOM_PARAMETERS>
where : IP_ADDRESS=your IP which authenticates to EIT.
Please note that your EBSCO account must be specifically enabled in order to use of EIT. The user/pw used for connecting to http://search.ebscohost.com/ will not work for EIT. Also note that the IP_PROFILE will be either eitor eitws; — this string matches the 3rd section of your 3-part EIT authentication string (ex. s123456.main.eit or s123456.main.eitws). Please check with EBSCO if you are not sure which it is.
2) The aforementioned authentication by IP or user/pw gives us access to the EBSCOEIT API, but it does not provide successful link navigation on the record links obtained.
For this, the PROXY_HOST and PROXY_PORT in the profile must be configured. IMPORTANT: authentication to EBSCO for link navigation is only done by IP.
Example :
<PROXY_HOST>proxy.you.com</PROXY_HOST>
<PROXY_PORT>9797</PROXY_PORT>
So, in conclusion, 2 IP authentication settings are needed: one (user/pw or IP) for accessing and searching the EBSCOEIT database desired and the other one (proxy IP) to successfully navigate on the record links obtained.
Questions about your EIT account status should be referred to Gregory Julien [GregoryJulien@ebscohost.com].The instructions and code provided below are based on the following assumptions:
- MuseProxyFoundation
HMACis the Muse Proxy application configured withHMACauthentication; - quiet is the value of the secret;
- userName and timestamp are the signature parameters;
- SHA256 is the algorithm;
- the separator between the signature parameters is . .
Integrate the following code into your ASPX page:
<%@ Page Language="C#" %>
<%@ Import Namespace="System" %>
<%@ Import Namespace="System.Linq" %>
<%@ Import Namespace="System.Security.Cryptography" %>
<%@ Import Namespace="System.Text" %>
<%@ Import Namespace="System.IO" %>
<%@ Import Namespace="System.Collections.Generic" %>
<script runat=server>
public String getHmacURL(String museProxyURL, String applicationID, String generatedHmacDigest, String parametersToSend) {
return museProxyURL + "/" + applicationID + "?sig=" + generatedHmacDigest + parametersToSend;
}
public String getParametersToCreateURL(Dictionary
String parametersToSend = "";
foreach( KeyValuePair
{
String key = param.Key;
if (!key.Equals ("userAddress") && !key.Equals ("userAgent") && !key.Equals ("referer")) {
parametersToSend += "&" + key + "=" + param.Value;
}
}
return parametersToSend;
}
public String getValueForGenerateDigest(Dictionary
String value = "";
int length = usedParameters.Count;
for (int i = 0; i < length; i++) {
if (i < length - 1) { value += usedParameters.Values.ElementAt(i) + separator; } else { value += usedParameters.Values.ElementAt(i); } } return value; } public String generateHmacDigest(String algorithm, String secret, String value){ byte[] key = System.Text.ASCIIEncoding.Default.GetBytes(secret); byte[] byteArray = Encoding.ASCII.GetBytes(value); MemoryStream stream = new MemoryStream(byteArray); String digest = null; if (algorithm.Equals ("sha1")) { HMACSHA1 hmacSHA1 = new HMACSHA1 (key); digest = hmacSHA1.ComputeHash (stream).Aggregate ("", (s, e) => s + String.Format ("{0:x2}", e), s => s);
} else if (algorithm.Equals ("md5")) {
HMACMD5 hmacMD5 = new HMACMD5 (key);
digest = hmacMD5.ComputeHash (stream).Aggregate ("", (s, e) => s + String.Format ("{0:x2}", e), s => s);
} else if (algorithm.Equals ("sha256")) {
HMACSHA256 hmacSHA256 = new HMACSHA256 (key);
digest = hmacSHA256.ComputeHash (stream).Aggregate ("", (s, e) => s + String.Format ("{0:x2}", e), s => s);
} else if (algorithm.Equals ("sha384")) {
HMACSHA384 hmacSHA384 = new HMACSHA384 (key);
digest = hmacSHA384.ComputeHash (stream).Aggregate ("", (s, e) => s + String.Format ("{0:x2}", e), s => s);
} else if(algorithm.Equals ("sha512")){
HMACSHA512 hmacSHA512 = new HMACSHA512 (key);
digest = hmacSHA512.ComputeHash (stream).Aggregate ("", (s, e) => s + String.Format ("{0:x2}", e), s => s);
}
return digest;
}
public Dictionary
// timestamp represent the current UNIX timestamp
long ticks = DateTime.UtcNow.Ticks - DateTime.Parse("01/01/1970 00:00:00").Ticks;
ticks /= 10000000; //Convert windows ticks to seconds
String timestamp = ticks.ToString();
// referer is the referer from request
String referer = Request.Url.GetLeftPart(UriPartial.Authority);
// userAddres is IP adress for user from request
String userAddress = GetIP();
// userAgent is userAgent from request header
String userAgent = HttpContext.Current.Request.UserAgent;
Dictionary
parameters.Add ("userName", "username");
parameters.Add ("ts", timestamp);
//parameters.Add("referer", referer);
//parameters.Add("userAddress", userAddress);
//parameters.Add("userAgent", userAgent);
return parameters;
}
String algorithm = "sha256";
String secret = "quiet";
String proxyURL = "http://MUSE_PROXY_HOST:PORT";
String applicationID = "MuseProxyFoundationHMAC";
String separator = ".";
public String getDigest(){
String value = getValueForGenerateDigest(initUsedParameters(), separator);
return generateHmacDigest(algorithm,secret,value);
}
public String getURL(){
return getHmacURL(proxyURL, applicationID, getDigest(), getParametersToCreateURL(initUsedParameters()));
}
public static String GetIP()
{
String ip = HttpContext.Current.Request.ServerVariables["HTTP_X_FORWARDED_FOR"];
if (string.IsNullOrEmpty(ip))
{
ip = HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"];
}
return ip;
}
where replace MUSE_PROXY_HOST:PORT with your actual Muse Proxy host and port.
The aditional file MuseProxyHMAC.cs that needs to be integrated into your project can be dowloaded from here.
The commented lines are for the cases when you want to use in the signature the userAgent/referer/userAddress values.
Note that they must be specified in the Muse Proxy as well (in the $MUSE_HOME\proxy\webcontexts\Applications\MuseProxyFoundationHMAC
\profiles\login\ProxyLoginModuleHMAC.xml file).
The instructions and code provided below are based on the following assumptions:
– MuseProxyFoundationHMAC is the Muse Proxy application configured with HMAC authentication;
– quiet is the value of the secret;
– userName and timestamp are the signature parameters;
– SHA256 is the algorithm;
– the separator between the signature parameters is . .
Integrate the following code into your Java project:
package com.edulib.muse.proxy.samples;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.LinkedHashMap;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@WebServlet("/index")
public class Index extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* Default constructor.
*/
public Index() {
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html");
String algorithm = "HmacSHA256";
String secret = "quiet";
String proxyURL = "http://MUSE_PROXY_HOST:PORT";
String applicationID = "MuseProxyFoundationHMAC";
String separator = ".";
// timestamp represent the current UNIX timestamp
String timestamp = "" + System.currentTimeMillis() / 1000L;
// referer is the referer from request
String referer = request.getRequestURL().toString();
// userAddres is IP adress for user from request
String userAddress = request.getRemoteAddr();
// userAgent is userAgent from request header
String userAgent = request.getHeader("user-agent");
LinkedHashMap
parameters.put("userName", "test");
parameters.put("ts", timestamp);
parameters.put("referer", referer);
parameters.put("userAddress", userAddress);
parameters.put("userAgent", userAgent);
MuseProxyHMAC museProxyHMAC = new MuseProxyHMAC(proxyURL, applicationID, secret, algorithm, separator, parameters);
PrintWriter out = response.getWriter();
out.print(""<a href=\"" + museProxyHMAC.generatedURL + "\" target=\"_blank\">" + museProxyHMAC.generatedURL + "</a>"");
}
}
where replace MUSE_PROXY_HOST:PORT with your actual Muse Proxy host and port.
The aditional file MuseProxyHMAC.java that needs to be integrated into your Java project can be downloaded from here.
The overall steps would be:
1) Create the new application as copy of the MuseProxyFoundation template, the ID of the new application to be MuseProxyFoundationHMAC for example.
2) Edit the file
$MUSE_HOME\proxy\webcontexts\Applications\MuseProxyFoundationHMAC\
profiles\AuthenticationGroups.xml
and do the following:
– Locate the
/ICE-CONFIG/AUTHENTICATION_GROUPS/AUTHENTICATION_GROUP/AUTHENTICATIONS
node and remove its content, thus obtaining an empty node:
<AUTHENTICATIONS>
</AUTHENTICATIONS>
– Edit the value of the node
/ICE-CONFIG/AUTHENTICATION_GROUPS/AUTHENTICATION_GROUP/NAME
to be:
HMAC Authentication
– Add the following sequence under the node
/ICE-CONFIG/AUTHENTICATION_GROUPS/AUTHENTICATION_GROUP/AUTHENTICATIONS
<AUTHENTICATION>
<IDENTIFIER>9</IDENTIFIER>
<LEVEL>requisite</LEVEL>
<CLASS>com.edulib.muse.proxy.authentication.modules.ProxyLoginModuleHMAC
</CLASS>
<HANDLER>
<CLASS>com.edulib.muse.proxy.authentication.modules
.ProxyLoginModuleHMACDataHandlerXml</CLASS>
<PARAMETERS>
<CONFIGURATION_FILE>${WEB_CONTEXT_HOME}/profiles/login
/ProxyLoginModuleHMAC.xml</CONFIGURATION_FILE>
</PARAMETERS>
</HANDLER>
</AUTHENTICATION>
(make sure that after pasting the content the XML file is still valid)
3) Refresh the applications properties via the Muse Proxy Administrator Console -> Advanced left menu section -> Operations item -> Refresh Applications button.
Now the HMAC is set with HMAC authentication.
4) Establish and configure the parameters for the HMAC authentication. For this edit the file:
$MUSE_HOME\proxy\webcontexts\Applications\MuseProxyFoundationHMAC
\profiles\login\ProxyLoginModuleHMAC.xml
and make changes according to your requirements. E.g. you may want to change the secret value (default is quiet) and the parameters that you want to hash as part of the signature. By default only the userName (Application ID) and timestamp are used, however you can add the userAgent and/or referer and/or userAddress to be hashed.
We assume for the examples purposes that all defaults remain (e.g. the quiet secret and userName.timestamp as message to sign with HmacSHA1).
Assuming that you want to proxify an URL (ex. http://www.amazon.com/) for the MuseProxyFoundationHMAC Muse Proxy application, the generated HMAC URL will look like:
http://MUSE_PROXY_HOST:PORT/MuseProxyFoundationHMAC?userName=MuseProxyFoundationHMAC
&ts=1469524141&sig=ee5a160dbd37c4867e34e6147a3421d2289bec14
&qurl=http%3A%2F%2Fwww.amazon.com%2F
where MUSE_PROXY_HOST:PORT are the Muse Proxy server details.
Note that by default the validity of this URL is 30 seconds.
For more detailed information on enabling and configuring HMAC authentication refer to the Muse Proxy Advanced Configuration.pdf manual, 6.4.5.8 ProxyLoginModuleHMAC chapter.
5) Create your server side implementation that will generate dynamically the HMAC link(s).
Notes:
1) The generated HMAC URL will work only for 30 seconds (configurable in the value of the TS_EXPIRY field in
$MUSE_HOME\proxy\webcontexts\Applications\MuseProxyFoundationHMAC
\profiles\login\ProxyLoginModuleHMAC.xml)
2) The server generating the HMAC links and the Muse Proxy server must be time synchronized. This is a must, otherwise if the 2 machines are not synchronized with regard to the time, the HMAC links will not work due to the validity value of the signature.
3) If you create proxified links, the destination URL (e.g the value of the qurl parameter) must be URL encoded.
The instructions and code provided below are based on the following assumptions:
– MuseProxyFoundationHMAC is the Muse Proxy application configured with HMAC authentication;
– quiet is the value of the secret;
– userName and timestamp are the signature parameters;
– SHA256 is the algorithm;
– the separator between the signature parameters is . .
Add the following code into your PHP page:
<?php
require_once './MuseProxyHMAC.php';
$museProxyURL = "http://MUSE_PROXY_HOST:PORT";
$applicationID = "MuseProxyFoundationHMAC";
$secret = "quiet";
$algorithm = "sha256";
$separator = ".";
// $timestamp is the current unix timestamp
$timestamp = time();
// $userAgent represent the userAgent from the request
//$userAgent = filter_input(INPUT_SERVER, "HTTP_USER_AGENT");
// $referer represent the referer from the request
//$referer = filter_input(INPUT_SERVER, "REQUEST_SCHEME") . "://" . filter_input(INPUT_SERVER, "HTTP_HOST") . filter_input(INPUT_SERVER, "REQUEST_URI");
// $userAddress represents the remote adress
//$userAddress = gethostbyname(gethostbyaddr(filter_input(INPUT_SERVER, "REMOTE_ADDR")));
//The order from this array must be the same with order and parameters name from the hmac configuration file ${APPLICATION_HOME}/profiles/login/ProxyLoginModuleHMAC.xml.
//$used_params = array("userName" => "MuseProxyFoundation", "ts" => $timestamp, "userAgent" => $userAgent, "referer" => $referer, "userAddress" => $userAddress);
$used_params = array("userName" => $applicationID, "ts" => $timestamp);
$museProxy = new MuseProxyHMAC($museProxyURL, $applicationID, $secret, $algorithm, $separator, $used_params);
echo $museProxy->generatedHmacDigest . "<br/>";
echo "<a href='" . $museProxy->generatedURL . "' target='_blank'>TEST</a>";
?>
where replace MUSE_PROXY_HOST:PORT with your actual Muse Proxy host and port.
The aditional MuseProxyHMAC.php file can be downloaded from here.
The code will generate the HMAC link on the TEST label.
The commented lines are for the cases when you want to use in the signature the userAgent/referer/userAddress values.
Note that they must be specified in the Muse Proxy as well (in the $MUSE_HOME\proxy\webcontexts\Applications\MuseProxyFoundationHMAC
\profiles\login\ProxyLoginModuleHMAC.xml file).
Load More
Latest
Such and error may occur in 2 cases:
A. the username and password used to access the Global InfoBase are not correct and/or
B. the Muse communication with Global InfoBase is not successful.
A. The u/p used to access the Global InfoBase are set for each admin user via Designer console or Muse Console for Applications Administration.
Using Muse Console for Applications Administration (starting with Muse 2300), the Global InfoBase u/p can be changed as following:
– log in Muse Console for Applications Administration,
– go to “Users”,
– select a user and click “Edit Properties”,
– in the window that opens, set the “Global InfoBase User Name” and “Global InfoBase User Password”.
Using Designer Admin console (before Muse 2300), the Global InfoBase u/p can be changed as following:
– log in Designer console,
– go to “Users”,
– click “Muse Admin Bridge” ,
– click “Properties” of the admin user that must be checked,
– in the window that opens, set the “Global InfoBase User Name” and “Global InfoBase User Password”.
B. Unsuccessful communication between Muse and Global InfoBase can be caused by a transparent HTTP proxy between the two. The communication with Global InfoBase is based on XML requests and responses over TCP sockets. Many HTTP proxies cannot handle such XML requests and responses because the communication is not over the HTTP protocol and thus a HTTP proxy cannot handle it, because it tries to understand HTTP headers. Because of that, the message presented to the user is (Global InfoBase error: … Wrong user name or password.) since Muse does not get back a message confirming the successful authentication to Global InfoBase.
The best solution for this case is to give full Internet access to the Muse server or at least to factory.museglobal.com:80. If this is not possible due to special security policies, we recommend the following workarounds:
- if the outgoing communication to port 8005 is not passed through the transparent proxy (and if there is no firewall blocking such requests on client side), change the port in the
$MUSE_HOME/factory/SourceFactory.xmlfrom 80 to 8005 (e.g. enter 8005 as value in the"field)." - switch the communication of the Muse server with SourceFactory on SSL. Even if the traffic passes through proxy, being on SSL, the proxy will not interfere and the communication will stand. To do this, change the port in the
$MUSE_HOME/factory/SourceFactory.xmlfrom 80 to 443 (e.g. enter 443 as value in the"field) and also set"
Note: After such a port change, Muse HTTP server/Apache Tomcat must be restarted.
If there is no proxy defined (Proxy Host field) in either the application level or Source Package level, then no proxy will be used, no matter the other proxy related settings (Proxy Port, Proxy PAC also) from either level.
Secondly, if there are proxy settings both at application level and at the Source Package level, then the Source Package ones will have priority over the application level ones.
One can specify an IP address for Muse Proxy to listen on for connections. By default, Muse Proxy listens on all IP addresses, on all interfaces.
This setting can be changed in the ${MUSE_HOME}/proxy/MuseProxy.xml file by specifying an IP address in the " field.
The version of muse proxy can be found via putting in the following URL in an address bar on a browser such as FireFox or Internet Explorer:
http://PROXY_HOST:PROXY_PORT/ProxyInformation
In the above URL, PROXY_HOST is the server that is hosting Muse Proxy. PROXY PORT is the port that is running proxy. The default port for Muse Proxy is 9797.
The response is a XML message which is rendered raw by the browser. To correctly see the proxy version, view the source of the page (this is done differently in each browser) and search for the value of the
Please note that a dialog box may pop-up for entering UN/PW unless the IP where the request is coming from is allowed under the default section of the hosts.xml file under $MUSE_HOME/proxy/hosts.xml .
The Flash and Java Applets resources are binary files which cannot be processed by any re-writing proxy, including Muse Proxy.
Flash and Java Applets may load in pages re-written by Muse Proxy as long as there are no absolute pathnames in URLs inside them or if there is an object parameter of the Flash or Java Applet, accepting its base URL. However, if the Flash or Java Applet contains links inside them, they will not be re-written.
In other words the Flash and Java Applets may display correctly in Muse Proxy re-written pages, but when an end-user clicks a link hidden inside the Flash or Java Applets it is possible it will go straight to the provider and may appear unauthorized.