library-walk-in

[Cantor, Scott]

On 8/10/18, 9:16 AM, "users on behalf of Jerry Shipman" <users-bounces at shibboleth.net on behalf of jes59 at cornell.edu> wrote:

> I don't even know if it's possible to implement that?

Yes, it's possible. That was the use case in a nutshell.

> I guess that I think the best solution is to keep the IP whitelist so that nobody on campus is asked to log in when they
> access these online library resources, and use the SAML authentication for off-campus access. This is basically what
> we're doing now, so we wouldn't change anything. But I sort of got the impression from my conversation that this
> option may be at risk of disappearing. (I didn't look into it very much.)

I doubt it, but that's the reason SAML-based access can never be successful. As long as people keep using IP, that will always win. It's frictionless and simple. Any login is not, no matter what the protocol is. As soon as federated access becomes "special", it loses out. People view these sorts of dual paths as a transition aid, but they aren't, they actually prevent any progress because what's there is good enough.

-- Scott