ENHANCEMENT REQUEST
Add a 'Domain Bypass' OR "Domain Whitelist" to the Preferences --> Redirector section of OA admin
BUSINESS NEED:
Redirector links must have some local flexibility to improve the compatibility with third-party library systems e.g. OPAC, LMS, discovery service, search index/databases etc.
Some of these websites apply 'proxy' settings to ALL external links. Libraries are unable to customize the syntax for select resources (e.g. WAYFless syntax or Proxy syntax) OR disable the proxy setting when it is not required (e.g. open access resources).
This can lead to a lot of 'errors' as the OpenAthens Redirector will try to authenticate access and may not recognize the target domain. Users may perceive this as an OpenAthens error and have a bad impression of OpenAthens or the library.
CURRENT FUNCTIONALITY:
Clients can 'bypass' authentication for specific IPs i.e. onsite users. The library adds a unique IP list. The Redirector does NOT attempt to authenticate access within the IP range. Users do NOT see an error. Read more: https://docs.openathens.net/libraries/redirector-ip-bypass-zones
However, it's not possible to bypass OR whitelist specific website domains using a list submitted by the client.
EZproxy, a major competitor, supports this functionality with RedirectSafe OR "NeverProxy". Each administrator can whitelist a list of domains that the proxy server will NOT rewrite. This is completely flexible for each customer: https://help.oclc.org/Library_Management/EZproxy/Configure_resources/RedirectSafe
There is an "Open Access Resources" resource in the OpenAthens catalogue. OpenAthens can add open access domain(s) to this resource. However, it is a partial and largely imperfect solution:
- The domain must be 100% open access for EVERY customer. Many websites have a mixture of open and subscribed content. These websites can't be added to the "Open Acces" resource's redirector settings because OTHER clients need authentication
- The "Open Access" resource must be allocated or users will get a 'forbidden' error (when restrictive mode is enabled)
- There is no way to 'customise' or 'whitelist' domains for a specific customer i.e. it is not flexible.
DESIRED FUNCTIONALITY:
- Add a "Domain Bypass" or "Domain Whitelist" field in Preferences --> Redirector. The purpose would be to "Never Authenticate" that domain or block access to the target website in any way
- Functionality should be equivalent to the "IP bypass". Customers can list each website domain that should bypass redirection/authentication - their settings should NOT impact other clients
- Users would be sent straight to the target without being prompted to log in (customer does not subscribe) or seeing an error - forbidden/not redirectable
BENEFITS:
- It would allow the client to add the domain of custom SAML resources (not redirectable), open access resources and other websites that shouldn't be redirectable without having to log a ticket with OpenAthens
- It solves linking issues in rigid third-party systems that apply proxy settings to 'ALL' or 'NONE' in their system (e.g. Browzine and Talis)
- It removes the unfriendly 'not redirectable' error from open/free websites. There will be less errors if users accidentally create a redirector link where that is not required. The client can whitelist the domain without needing to contact OpenAthens or vet if the domain can be added to the 'Open Access Resources' list
