User authentication

IP Addresses

Checking access IP addresses is a standard user authentication method. Electronic resources can be accessed from the IP addresses 147.229.*.*. The IP addresses of all computers in the BUT network follow this pattern.

If a user wants to access a resource from a different network (typically from home), the services of a Virtual Private Network (VPN) can be used. After logging on to this network, the user's computer receives the correct IP address enabling him or her to access a resource as if being part of the BUT network.

Proxy server

A proxy server running an EZProxy system by OCLC can also be used to access any electronic information resource. We recommend this access method even from the BUT internal network. EZproxy must be used for a comfortable remote access (outside the BUT network) in resources that cannot be accessed by Shibboleth.

The access method is very simple requiring no extra effort on the part of the user (such as a special computer configuration). A simple click on the Authenticated Login or EZproxy Login in the resource profile will do the trick.

EZproxy is "shibboletized" – a click on a link will reroute the user to the BUT Login Portal (provided that the user is not yet logged in). After successful login, the user is rerouted to a resource for which the user will be identified as a BUT person.

EZproxy also records all resource access instances. These records can be used to set up statistics on resource access rates. By far not all resource producers are able to provide us with such statistics. This is also why it is important that most of the users access resources via the proxy server.

Shibboleth

In some resources (with their number growing steadily) a user can be authenticated using the Shibboleth technology. In this case, a user's identity is checked against what is called an identity provider, which is the BUT Portal. If the user is not logged on to the portal, rerouting will take place to the portal. After login, the user is rerouted again to the resource this time being authenticated. This method can also be used to access resources from non-university networks (with IP address authentication still working, too).

On a national scale, this type of user authentication is supported and coordinated by the Czech Academic Federation of Identities, eduID.cz, of which BUT is a member.