Patron access and authentication
Prior to using Discovery, patrons must be authenticated. Two options for authenticating are:
- Authenticate against an institution system
- Use the Relais Login page
Authenticate against an institution system
For example authentication against a local LDAP server. This process is done outside of Relais. Once the patron is authenticated then the credentials are passed over to Discovery via an OpenURL
If NCIP is enabled:
Relais uses the patron credentials from the OpenURL to do a lookup in the local library system, if NCIP is enabled.
It is critical that If using NCIP the credentials passed through in the OpenURL can be used in the Lookup User message to be sent to the local library system. Options include:
- Any of the above values may be encrypted prior to including them in the OpenURL.
- Alternatively you may use the Relais Authentication service to generate an 'aid' to include in the OpenURL
- See Security in Relais for more information.
If NCIP is not enabled then the patron lookup is done in Relais.
Use the Relais Login page
If authentication against an institution system is not possible, then use the Relais Login page.
If NCIP is enabled, then the Lookup User message is used to confirm the patron exists in the local library system and to retrieve the necessary patron information.
If NCIP is not enabled, then the corresponding patron record is retrieved from the Relais database. This requires that patron records are pre-loaded in Relais.
Aid and session time out
Irrespective of which option is used to authenticate the patron and access Relais D2D, Relais assigns a unique session specific 'aid' (authorization id). This 'aid' is constantly checked by the Relais Authorization service to confirm that the patron's session is still active. If the service determines that the configured timeout period has elapsed with no activity then the patron is 'logged' out and by default the following message displays: PUBRS003: Invalid aid. Each library can specify the preferred page to which the patron should be directed. See Configure Discovery for more information.
Note: By default the session time out is 10 minutes. A different time out length can be configured. Please contact your local Relais D2D Administrator. Please note that the session time out is a system level configuration, i.e., it cannot be configured separately by each member library.
Using ILLiad for request management
For libraries that use ILLiad for request management then authentication is done using a 'dummy' patron record. This patron record is configured as part of your initial Relais D2D implementation and is included in the url that calls Relais Discovery. For example: http://borrow.relaisd2d.com/service-proxy/?command=mkauth&LS=RELAISPATRON&PI=RELAISPATRON