Authentication

Authentication: How To Enable Remote User Access

At Coherent Digital, we support four frictionless options for remote user access:
  1. Username & Password Authentication
  2. IP Authentication
  3. EzProxy 
  4. Shibboleth Authentication

Username & Password Authentication

Individual users or users associated with an insitutional membership can sign up for an account in any of our Commons. 


When they use an institutional email to register (in other words, an email address that matches their institution’s domain), their login will automatically be connected to the membership and give them full access from off-site or off-campus locations.


To sign up, visit: 

Policy Commons: https://policycommons.net/accounts/signup/

Mindscape Commons: https://mindscapecommons.net/login

Canada Commons: https://canadacommons.ca/accounts/signup/

TCP/IP Authentication

To support TCP/IP address range authentication, we use the IP address ranges that are assigned to your institution at The IP Registry. If you should ever need to adjust these, simply edit your information at the registry and our system will automatically receive the update. If your institution wishes to use TCP/IP Address Range Authentication, and you are not currently listed in the IP Registry, you may add your address ranges to this registry for free.

The IP Registry

To use the IP Registry, follow these simple steps:

  1. Register for free with theIPregistry.org

  2. Confirm the IPs currently listed for your institution and affiliated sites.

  3. Communicate IP changes by adding or deleting IP addresses as necessary.

  4. If you are newly adding your institution to the registry, let Coherent Digital know at support@coherentdigital.net.

If you have any questions about using theIPregistry.org please see their FAQs or contact them at info@theIPregistry.org

EzProxy

If you use EzProxy for remote user access, then there is a database stanza you can install on your EzProxy for each Commons from the OCLC EzProxy support site.


Policy Commons Database Stanza

Mindscape Commons Database Stanza (* Mindscape Commons customers, see note below)


South Asia Archive Database Stanza: 

(*) Note: To complete the installation of an EzProxy stanza for Mindscape Commons, there is one additional step.  Coherent Digital needs to configure your proxy URL as an enabled site.  So please send the proxy URL to support@coherentdigital.net.  This will be the URL in the browser location bar after logging into Mindscape Commons via the proxy.  The URL will usually look something like "https://mindscapecommons-net.proxy.yourinstitution.edu".  This extra step applies to Mindscape Commons only.

Shibboleth/SAML Authentication 

At Coherent Digital, we support both Federated Shibboleth Authentication as well as ‘Bi-lateral’ metadata exchange.

Bi-lateral metadata exchange is used when the customer is not a member of a federation or Coherent Digital is not a member of the same federation.  For example this is how we support OpenAthens configuration.  This approach is also suitable for other SAML-based single-sign-on solutions like Microsoft Azure AD.

Currently Coherent Digital is a registered Service Provider at the following federations:

See our entry at REFEDs metadata explorer for up-to-date details.

Shibboleth Configuration

For Shibboleth Authentication, please provide the following to support@coherentdigital.net:

Federated Shibboleth Configuration:

  • Your EntityID

  • Your Federation


For Bi-lateral Metadata Exchange:

  • The URL of your Identity Provider metadata (or the metadata in XML format)


Coherent Digital’s Shibboleth Information:

WAYFless URLs

Once the shibboleth configuration is complete, the following Service-Provider-initiated URLs can be used to log your users into a product without having to encounter a ‘Where-are-you-from’ page.  These URLs are what you would use in your A-to-Z database menu for remote users:

Canada Commons

https://canadacommons.ca/start-session?entityID=your-entityID&target=https%3A%2F%2Fpolicycommons.net

Policy Commons

https://policycommons.net/start-session?entityID=your-entityID&target=https%3A%2F%2Fpolicycommons.net

Mindscape Commons

https://mindscapecommons.net/start-session?entityID=your-entityID&target=https%3A%2F%2Fmindscapecommons.net

Notes: Replace ‘your-entityID’ in the above URL with a URL-encoded version of your institution’s SAML Identity Provider entity ID. The target= parameter can contain any valid URL at the destination product.  These examples put the user in the product home page.




    • Related Articles

    • Troubleshooting TCP/IP address range authentication

      This article outlines some information gathering that will help support identify solutions when a session fails TCP/IP range authentication. Are the TCP/IP Ranges on File Correct? Coherent Digital uses the IP ranges assigned to your institution in ...
    • Why we use TheIPregistry.org to maintain IP addresses

      Maintaining accurate IP addresses is a problem for the entire scholarly community. According to the IPRegistry.org, 58% of the IP ranges held by publishers to authenticate libraries who license their content are inaccurate. Apart from unlicensed ...