From its early days, Biblionix has used only encrypted communications in providing access to its SIP2 service for patron authentication. Encrypted connections protect patron information that is passed back and forth between systems, which formerly was passed "in the clear" over the Internet. Their preferred connection is established over a TLS (formerly SSL) session using a private certificate Biblionix signs and provides to organizations needing to communicate with their SIP service.
A certificate is assigned to the organization hosting a service that needs to communicate via SIP. Therefore, for an organization hosting Palace for multiple libraries, only one certificate is required.
The certificate needed to communicate with Biblionix's SIP2 service is a private certificate created in communication with Biblionix. It is not a public certificate like those obtained for a fee through a third-party registrar like GoDaddy or Network Solutions. Therefore, there is no fee for the certificate, and the process is very easy. You will create a certificate signing request and send its file to Biblionix. The staff will engage with you by email to make sure any questions you have are answered and that your Collection Manager is able to connect appropriately. Here is the process.
Using a client utility such as OpenSSL, issue a command with some custom parameters associated with your organization. The parameters identify your organization's physical location (potentially a main office–this is up to you). I'll use my physical Dallas, Texas location as an example. You also need a service identifier that is unique to your organization. That identifier will go in the CN field. We'll use <your_org> as a placeholder for your organization's name, or a short form of it, with a '-SIP' suffix. For this certificate, the content of the identifier is not super important, but it should be unique, so using a tag identifying your organization name is a good bet. Again, this is a private certificate between your organization and Biblionix, so no one else will see any of these values.
openssl req -new -newkey rsa:2048 -nodes -out Biblionix-<your_org>.csr -keyout Biblionix-<your_org>.key -subj "/C=US/ST=Texas/L=Dallas/O=<your_org>/CN=<your_org>SIP"
The command above will create two files: a certificate signing request file (Biblionix-<your_org>.csr), and a private key file (Biblionix-<your_org>.key). Submit only the resulting certificate request file by email to Biblionix so they can create the signed certificate. Do not send the private key file. Keep the private key in a secure location on your own servers pending receipt of the signed certificate file from Biblionix. Send the request, and any questions about the SIP service configuration, to [email protected]. In the email, you can also indicate how you want your organization's connection to appear in the Apollo SIP Connectivity settings area (see Have library enable SimplyE service access in Apollo below). In the example below, the connection is listed with a service name. It could also be listed as your organization name or something similar, as well. The choice is up to you.
Once Biblionix has created the signed certificate file (.crt extension), they will return it to you by email. You will use the content of this certificate file, along with the content of the key file created in Step 1, when configuring a library patron authentication integration (shown below).
For each Biblionix library you will host on a Collection Manager, you must create a separate patron authentication integration. You will use the same certificate and key content for each library. However, you need to provide library-specific connectivity and login information that varies by library.
Host/domain name: The library's domain name for its Biblionix SIP2 service is very similar to its base Apollo website domain. The Apollo website domain has the following form: <library_name>.biblionix.com. The SIP2 domain/hostname will be: <library_name>-sip.biblionix.com.
The <library_name> tag is actually the Apollo account/login name. It is usually a keyword in the library name, most commonly the city name. If a library uses its own domain name to front the Apollo catalog, staff won't see the biblionix.com domain until they log in to their Apollo staff page. On their Staff page, the account name will show up in the URL bar. If for any reason the library has difficulty determining the Apollo account name, send a message to [email protected] and request the library's SIP2 service host name.
Port number: All certificate-based connections use the same port number: 9500.SIP Login user name: the Apollo account name, <library_name>SIP Login password:
when using certificate access, no password is required for login; however, if you wish to pass one, it does not cause an error or prevent login success.
Apollo provides a customizable set of login prompts (username/identifier and password) in its Settings area. While the default settings are most commonly used, a library may change these. The Collection Manager allows customization of these prompts as well. Check with the library and determine if either prompt has been customized:
Username/Identifier prompt: Card Number (default)
Password prompt: Phone Number or Password (default)