The JSTOR remote logon script can be used by participating institutions to enable access to JSTOR for off-campus and remote users. This scheme requires that a campus be able to authenticate users for access to a CGI script running on a web server. The script will obtain a JSTOR "ticket," which permits an authorized user's browser to use JSTOR for up to 4 hours.
We have two versions of the script available. We developed the first version of the script as a convenience for those already using the OCLC WebScript application for FirstSearch logon. The second version of the script is written in perl. Requirements and installation instructions for each version are included below. The actual script will be sent upon request.
Important: You will be responsible for determining that a user is authorized to use JSTOR before allowing them to run either of these scripts. The method that you use to do this is up to you, although we request that you share with us a description of the approach you have taken.
As stated in the JSTOR Library License Agreement, Authorized Users means persons who are authorized to use Licensee's library facilities who are affiliated with Licensee as students, faculty or staff. Before you implement the logon script, please be aware that you are responsible for providing an authentication method that will ensure that only Authorized Users will be allowed access to JSTOR.
We realize that in addition to Authorized Users, colleges and universities often seek to serve a broader audience, including alumni, friends, spouses, and associated enterprises. The Library Agreement specifically does not grant remote access to this extended community, and the authorization scheme that you use in conjunction with the logon script must not permit access to anyone other than authorized users.
If you would like to know more about the JSTOR remote logon script, please email email@example.com.
The WebScript Logon Script
The WebScript logon script has the following requirements:
1. The script must be run as a "CGI" application on a web server for which access can be limited to authorized users. This necessitates a local UNIX HTTP or Windows IIS server that complies with Common Gateway Interface (CGI) 1.1
2. You will need OCLC's WebScript program. For more general information, see http://www.oclc.org/firstsearch/documentation/auto_logon.htm. The webscript program is available at http://www.oclc.org/firstsearch/documentation/auto_logon.htm#pkg. You will need to download and install the appropriate binary for your platform. Notice that for IIS servers, the Cygnus.DLL is also necessary. For servers running IIS, these files should be installed in \inetpub\scripts.
Please also note that the OCLC WebScript program is owned and has been developed by OCLC. Although it is available as "freeware," it is subject to the terms set forth at http://www5.oclc.org/downloads/software/webscript/webscript-2.0/LICENSE. JSTOR is not responsible for the OCLC WebScript program.
3. You must send JSTOR the IP address of the machine on which you will be running the script. The script will not be able to gain access to JSTOR until the IP address has been added to an authorization file on our servers.
1. Edit the first line of the script to use your installed WebScript binary. For UNIX servers, change the line
to reflect which directory the Webscript program is in on the server. For IIS servers, it should read something like this:
You may also wish to modify the error messages in the script (for example, to include an e-mail link to a local support address).
2. Place the script in a protected directory. This might be your /cgi-bin directory. For IIS servers, the script should be placed in \inetpub\scripts. Please note: "Protected" in this context means that the user must authenticate himself or herself to your server before he or she can obtain access to the script. Simply "hiding" the URL on a protected HTML page is not sufficient — access to the script itself must be protected.
3. To test the installation, use a host that is not normally authorized for access to JSTOR. Set the preferences for the browser to warn you about "cookies" so that you will know when a cookie is being sent to your machine. After you authenticate yourself to your local system, link to the script. You should shortly be prompted to accept a cookie from JSTOR. After you do so, you will be directed to the JSTOR "home" page, and should be able to use JSTOR normally.
The Perl Logon Script for Libraries
1. The script must be run as a "CGI" application on a web server for which access can be limited to authorized users. This necessitates a local UNIX HTTP or Windows IIS server that complies with Common Gateway Interface (CGI) 1.1.
2. You will need Perl version 5 with the LWP (libwww-perl) and CGI (CGI.pm) packages installed.
The script is known to work with LWP version 5.65. (It has also been tested with some, but not all, previous versions.) LWP is available from the CPAN archive in the directory: http://www.cpan.org/modules/by-module/LWP/. Look for files named libwww-perl-#.##.tar.gz. LWP requires several other modules; these will be listed in the corresponding libwww-perl-#.##.readme file.
The script is also known to work with CGI.pm version 2.81. (It has also been tested with some, but not all, previous versions.)This package is often included as part of the perl distribution. It can also be found at http://www.cpan.org/modules/by-module/CGI/. Look for files named CGI.pm-#.##.tar.gz.
Please see http://www.cpan.org/modules/INSTALL.html for detailed instructions on how to install these packages.
A prebuilt perl for several platforms, including Windows NT and 2000 is available from http://www.activestate.com/Products/ActivePerl/. This installation incorporates the LWP package, so it is not necessary to download it separately.
3. You must send to us the IP address of the machine on which you will be running the script. The script will not be able to gain access to JSTOR until the IP address has been added to an authorization file on our servers.
1. On Unix, edit the first line of the script to use your installed perl binary. For Windows, see http://aspn.activestate.com/ASPN/docs/ActivePerl-5.6/faq/Windows/ActivePerl-Winfaq6.html to configure IIS to use perl.
2. We require that you provide to us a distinct identifier for each individual user. This identifier need not be permanently associated with the user, but should be sufficient to identify which of your users was using JSTOR during a particular session. This enables us to provide better service to your users, and also to help identify users who fail to comply with the JSTOR terms and conditions of use. Possible values for this identifier include the following:
The IP address of the user's computer, as seen by your server. To use this identifier, make sure $userFromIP = 1;
The ID by which the user is known to your system. This ID should be provided to our script as the value of the "user" query parameter. In this case, the URL to invoke our script would look something like this: /cgi-bin/protected/jstor-logon?user=AUSERID where AUSERID would be the user's ID. The parameter name ("user") may be changed by modifying the line $userParm = "user"; replacing "user" with the parameter name that you wish to use. For example, if your URLs already include the user ID in the "id" parameter, then you could change this line to read $userParm = "id";
Any other value that is unique to the user at the time a session is established can be used as the value of the "user" parameter, as above. This value should be composed only of ASCII alphanumeric characters (A-Z, a-z, 0-9) plus hyphen.
3. Place the script in a protected "cgi-bin" directory with the name you wish to give it. "Protected" in this context means that the user must authenticate himself or herself to your server before he or she can obtain access to the script. Simply "hiding" the URL on a protected HTML page is not sufficient, access to the script itself must be protected.
4. To test the installation (after we've received your IP), use a host that is not normally authorized for access to JSTOR. Set the preferences for the browser to warn you about "cookies" so that you will know that the script is working. After you authenticate yourself to your local system, link to the script. You should shortly be prompted to accept a cookie from JSTOR. After you do so, you will be directed to the JSTOR "start" page, and should be able to use JSTOR normally.