Hi Paul, IP Authentication is a slight misnomer. It's not truly *authentication* but rather *authorization*. So, you don't need to login at all, but you are provided specific access rights based on your IP address.
So, the point of IP Auth is that you are essentially "mapping" specific IP addresses or ranges to specific DSpace Groups. Anyone who accesses your site from those IP addresses (even anonymously) will be added to that DSpace Group for the remainder of their session. You can then use that DSpace Group to assign those users specific access rights. One example use case for IP Auth is to provide access to all University Theses & Dissertations while on campus (or while in the University Library). In such a scenario, the Theses & Dissertations may be access restricted to downloading/viewing to the general public, but if a user visits your site from an on-campus IP address, they can download/view the files without logging in. I hope that helps clarify the purpose of IP Auth! Tim On Mon, Oct 2, 2017 at 5:11 AM Paul Warner <[email protected]> wrote: > Hi, > > I have set up ip authentication using apache as a proxy front end for > tomcat. The log is seeing the ip address, so it is being correctly passed > through from apache to tomcat, and correctly read by dspace. But it is not > logging me in to the group. My question is, how do I log in? If I have ip > authentication stacked with password authentication, when I click the login > button in the top menu on the jspui, I go to the password login page. If I > remove password login from the list in authentication.cfg and have only ip > authentication, then when I click the login button I get a page with no > form elements at all, nothing. And, as I said, I am not being logged in to > the group automatically. > > Thanks for any hints or tips! > > Best regards, > Paul > > dspace 6.1 on Suse 12.2, tomcat 8 and apache 2.4.23 > > Here is the log entry: > > 2017-10-02 11:55:00,242 INFO org.dspace.usage.LoggerUsageEventListener @ > anonymous:session_id=50601B9E86D5FEC0FC1173927BAF8DA6:ip_addr=1.2.3.4: > view_item:handle=123456789/46 > > I have configured dspace so: > > from dspace.cfg > > #### Proxy Settings > ###### > > # uncomment and specify both properties if proxy server > required > > # proxy server for external http requests - use regular hostname without > port > number > > http.proxy.host = localhost > > # port number of proxy > server > > http.proxy.port = 443 > > # If enabled, the logging and the Solr statistics system will look > for > > # an X-Forwarded-For header. If it finds it, it will use this for the user > IP > address > > useProxies = true > > from authentication.cfg > > plugin.sequence.org.dspace.authenticate.AuthenticationMethod = > org.dspace.authenticate.IPAuthentication,org.dspace.authenticate.PasswordAuthentication > > from authentication-ip.cfg > > authentication-ip.Hochschule_Bibliothek = 1.2.3.4 > > -- > You received this message because you are subscribed to the Google Groups > "DSpace Technical Support" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/dspace-tech. > For more options, visit https://groups.google.com/d/optout. > -- Tim Donohue Technical Lead for DSpace & DSpaceDirect DuraSpace.org | DSpace.org | DSpaceDirect.org -- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/dspace-tech. For more options, visit https://groups.google.com/d/optout.
