Referring URL Authentication is a method we offer to set up an authenticated link to EBSCOhost from a secure and/or password-protected web page. When a user clicks on the EBSCOhost URL, our referring URL uses a standard HTTP Referrer command to check the URL of the page that contained the link to EBSCOhost. If that URL is registered in EBSCOadmin, the user will be granted access.
Please note: Beginning in 2018, Referring URL authentication will require HTTPS setup in order for it to work properly with EBSCO URLs. To learn more about this upcoming security enhancement, please read the information provided at Upcoming Privacy and Security Enhancements.
Q. How do I set up Referring URL Authentication?
To set up Referring URL Authentication:
Click the Authentication Tab. From the drop-down lists on the toolbar, select the site and group you want to work with.
Select the profile that you want to work with. Click the Referring URL Sub-Tab.
Click the Add Referring URL Link. The Add Referring URL Screen appears.
If you are administering a library consortium, from the Site ID drop-down list, select the site.
From the Group ID drop-down list, select the group.
In the Referring URL field, type in the web address that your patrons will be coming from. For example: http://www.mylib.com/ebscoaccess.html.
Click Submit. The list of referring URLs appears with the new URL displayed.
Set up a link on your library's home page that accesses EBSCOhost using http://search.ebscohost.com/login.aspx?authtype=url
You can modify the referring URL for any user group by clicking on the linked referring URL in the Referring URL list.
If you are being authenticated by Referring URLs, you can view and change the list of referring URLs using this option. The base EBSCOhost URL for this authentication scheme is http://search.ebscohost.com/login.aspx?authtype=url
You can also direct your users to a specific profile by adding a profile ID to the end of the URL. (For example, http://search.ebscohost.com/login.aspx?authtype=url&profile=profileid where profileid identifies one of your profiles.)
Q. What are the limitations of Referring URL Authentication?
There are times where the referring URL is not passed, due to privacy or design of the web page. Known examples of this include:
- Some firewall software including Norton Personal Firewall
- Scripts that use HTTP redirect
If you are unable to successfully set up referring URL authentication, please contact EBSCO Technical Support.
Q. What can I check if I am having difficulty authenticating via Referring URL?
If you receive an error message when trying to connect to an EBSCOhost product, it may be caused by software on your computer which blocks referring URLs. The Referring URL authentication method is based on the web address a user is linked from, to EBSCOhost.
To check whether you are blocking referring URLs, please click this link:
If you do not see any value next to "Referring URL=" you are blocking referring URLs. Some software products can block referring URLs.
Here is a list of software products with instructions on how to allow referring URLs:
- McAfee Virus Scanner/Internet Security Suite
- EZ Armor/eTrust EZ Firewall provided by RoadRunner
- Norton Internet Security/Norton Personal Firewall
- Norton Internet Security and Norton Personal Firewall 2003 and 2004
- Norton Internet Security and Norton Personal Firewall 2002 and earlier
If you continue to experience authentication difficulties when using a referring URL, Click here for addresses to add to your configuration file.
Can I use Referring URL authentication with HTTPS?
Yes Referring URL can be used with HTTPS URLs, however you should note the following:
You cannot refer from a URL that uses HTTPS to an EBSCOhost profile link that uses HTTP.
For example, if you are using referring URL to authenticate your users from a secure site, your link must point to a URL with HTTPS, however, the EBSCOhost profile does not have to have https turned on.
You can refer from an unsecured HTTP page to a secure EBSCOhost profile using HTTPS.
You can refer from a secure HTTPS page to a secure profile using HTTPS.
Note: Clients should not include a Referrer header field in a (non-secure) HTTP request if the referring page was transferred with a secure protocol.
In other words, if your page that will be hosting the URL to EBSCO is HTTPS, the URL must also be HTTPS. Referring URL authentication will not work if it is HTTP.