Add password auth checking to LookupUser service
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
NCIPServer |
Confirmed
|
Wishlist
|
Unassigned |
Bug Description
Hello, Our state wide ILL resource sharing system asked us if we would like to consider using NCIP for patron authentication instead of using SIP2. Lake Agassiz Regional Library out of Moorhead MN and Minitex in MN, with the mnlink.org resource sharing system.
I think this is done using the LookupUser message which would include an AuthenticationInput entity. One entry for the barcode and then one entry for the password/pin.
Jeff Davis was kind enough to share with me an example of how a custom TADL fork of iNCIPit (NCIP V1) handles it.
https:/
It probably needs a config option to specify if all LookupUser request are required to have a pin/password, or if it is just evaluated if it exists in the request.
There is also the AuthenticationP
description: | updated |
Changed in ncipserver: | |
importance: | Undecided → Wishlist |
Changed in ncipserver: | |
assignee: | nobody → Jason Stephenson (jstephenson) |
tags: | added: signedoff |
Changed in ncipserver: | |
assignee: | Jason Stephenson (jstephenson) → nobody |
Josh,
NCIP isn't a standard so much as it is a menu of messages that endpoints can use to communicate with each other. The current implementation of the Evergreen driver working Auto-Graphics' SHAREit software. It doesn't implement LookupAgency methods because SHAREit does not implement them.
The design is flexible enough that a new driver could be added for a new vendor and that driver would implement the messages that the other vendor supports.
It is also possible to add one or two simple methods to the existing driver so long as they don't interfere with the current integration with SHAREit. If all that is being added it LookupAgency and LookupAgencyRes ponse and the other functionality doesn't change, then that might be doable in the current driver.
I have been considering adding an option to require password lookup in the LookupUser messages. I was thinking of a simple Boolean to indicate if passwords are required or not.