December 4, 2017

One of our publishing customers recently asked us for help in closing an important public library sale. The library concerned wanted to authenticate users via OpenID Connect (OIDC). The publisher needed a solution quickly, but OIDC wasn’t a technology they were familiar with.

As OIDC is rarely implemented within the publishing world, we thought this was an interesting use case to share, and a chance to introduce OIDC to those unfamiliar with it.

What is OpenID Connect, briefly?

OpenID Connect (OIDC) is an identity layer built on top of the OAuth authentication protocol, enabling an end user identity to be verified and metadata about them obtained in a controlled manner.

Although OIDC is used a lot outside publishing (think Facebook, Google and Paypal), publishers and libraries have traditionally focused on anonymous IP authentication. Where Single Sign-On (SSO) is used, it’s typically Shibboleth – a flavour of SAML authentication designed to simplify access across academia (learn more).

Why use OpenID Connect?

In this example, the library wanted to implement an SSO solution that would work across all their digital services.

In common with many other public libraries, their library management system uses the SIP2 protocol for managing patron authentication of basic circulation operations like holds and renewals. However, SIP2 is an old technology from the 1990s that was primarily designed for use in closed networks within a library. It doesn’t provide the flexibility and security needed to support the wide range of modern authentication workflows.

Shibboleth seemed the obvious choice – it’s a globally-recognized approach supported by open-source software and an increasingly wide variety of publishers. However, after an internal evaluation, the library rejected it as being too complex and a poor fit for their existing infrastructure.

In contrast, OIDC provided the widest set of opportunities for third party integrations due to the large number of OAuth 2.0 and OpenID Connect implementations for popular software systems and environments.

How did we help?

At a technical level, we flipped a switch. Our identity & access platform allows us to give publishers control over the authentication methods they enable globally, or on a per account basis. Now that OIDC is enabled for them, their customer support team can quickly and efficiently support requests for OIDC authentication going forward.

More importantly, we also took on responsibility for managing implementation with the library. We liaised directly with the public library to exchange the technical information to set up the connection, and to test the integration with their external vendor prior to going live with their patrons.

In this case, the library had specific requirements around managing logouts, which is important in a library setting when public terminals are in use. We ensured the publisher had to make minimal changes to their application in order to meet these requirements, and then translated them into a clear set of recommendations for their engineering team.

Need help with OpenID Connect?

We don’t just enable technology – we ensure it’s configured to best meet your needs, and provide the management and communications to ensure it’s implemented effectively.

And, as we work with both publishers and libraries on a daily basis, we have the knowledge and experience to deliver access solutions that help your customers and users be more effective.

Contact us to learn more about how we can help you?