On Ebook Central, we require that all users sign in with a unique persistent identifier to access certain features. Sometimes there may be an issue with your authentication setup when using Single-Sign-on setups with EZproxy (EZProxy SSO or EZproxy SharedSecret) that will result in all users getting signed in to the same Ebook Central account. This can either happen every time the site is accessed OR only for on-campus users. The two most common scenarios are as follows:
- You are using another authentication system like Shibboleth, SAML, or CAS with EZproxy, but have not configured it to pass unique userIDs through to Ebook Central
Possible symptoms:
- Patrons all see the same bookshelf contents/annotations
- Print or copy allowance is exhausted and the patron has not printed or copied anything yet
- Patron tried to download a book and it says it's already authorized to another user
- The download button is greyed out for all users both on and off campus
- Text Only Mode is on for all users
- If it's due to a recent change, patrons may report not being able to access bookshelf contents that were there previously
Why does this occur?
If you have EZproxy enabled for single sign-on authentication to Ebook Central (whether EZproxy SSO or EZproxy SharedSecret) but your patrons are forwarded to another authentication system to sign in, EZproxy will pass users to Ebook Central under the same generic account if it is not configured to send a unique persistent identifier for each user.
How can I resolve this?
You need to update your configuration so that EZproxy can send unique user information. If you are using Shibboleth or SAML, this is done via the shibuser.txt file . This is the shibuser.txt instruction:
Set login:loguser = auth:urn:mace:dir:attribute-def:eduPersonTargetedID
You may need to use a different attribute in the line above, depending on your shibboleth settings.
For more detailed advice about your specific setup, or if you are using something besides Shibboleth/SAML for user authentication with EZproxy, we recommend contacting EZproxy support for assistance.
If your users are all signing in to one account only when accessing from on-campus, please see scenario #2:
- You have Autologin directives in your EZproxy config
Possible symptoms:
- Patron bookshelf contents disappear/change when they are on vs. off campus
- Print or copy allowance is exhausted and the patron has not printed or copied anything yet
- Patron tried to download a book and it says it's already authorized to another user
- The download button is greyed out on campus
- Text Only Mode is mysteriously on without using a screen reader (only on campus)
Why does this occur?
When a library is using Autologin IP directives in EZproxy with their on-campus IPs, this is signing users into Ebook Central automatically but is not asking them to sign in to EZProxy, so no individual userID is sent. Users get signed in with the same generic account, but only while on campus. If they are coming from outside the autologin ranges, they will be asked to sign in to EZproxy and will be able to access their individual accounts.
How can I resolve this?
AutologinIP is a position-dependent directive in the EZproxy config, so you can move your Ebook Central/EBL stanzas ABOVE the AutologinIP lines. OCLC recommends that customers do not use AutologinIP with EZProxy SSO or EZProxy SharedSecret at all, but we have found that moving the stanzas above the autologin directives is sufficient to resolve the issue.
If you are not sure if the issue you are seeing is due to either of the above scenarios, or if you have any questions about your authentication setup, please contact Ebook Support.
