### Tell the application to use the library
In the HTML of the application, tell MKWS to authenticate on to the
-Service Proxy. When referer-based, hostname-based or IP-based
-authentication is used, this is very simple:
+Service Proxy. When referer-based or IP-based authentication is used,
+this is very simple:
<script type="text/javascript">
var mkws_config = { service_proxy_auth:
"//sp-mkws.indexdata.com/service-proxy/?command=auth&action=perconfig" };
</script>
-> TODO This should be the default setting
+> TODO This should be the default setting: see MKWS-251.
And ensure that access to the MWKS application is from the correct
Referrer URL or IP-range.
the Service Proxy as the correctly named virtual host. This can be
done by setting the `service_proxy_auth` configuration item to a
URL containing that hostname, such as
-<//yourname.sp-mkws.indexdata.com/service-proxy/?command=auth&action=perconfig>
+`//yourname.sp-mkws.indexdata.com/service-proxy/?command=auth&action=perconfig`
> TODO It should be possible to change just the hostname without
-> needing to repeat the rest of the URL (protocol, path, query)
+> needing to repeat the rest of the URL (protocol, path, query): see
+> MKWS-252.
> TODO When changing the SP authentication URL, the Pazpar2 URL should
-> in general change along with it.
+> in general change along with it: see MKWS-253.
### (Optional): embed credentials for access to the library
password), it's necessary to pass these credentials into the Service
Proxy when establishing the session. This can most simply be done just
by setting the `service_proxy_auth` configuration item to a URL such as
-<//sp-mkws.indexdata.com/service-proxy/?command=auth&action=perconfig&username=mike&password=swordfish>
+`//sp-mkws.indexdata.com/service-proxy/?command=auth&action=perconfig&username=mike&password=swordfish`
> TODO It should be possible to add the username and password to the
-> configuration without needing to repeat the rest of the URL.
+> configuration without needing to repeat the rest of the URL: see
+> MKWS-254.
### (Optional): conceal credentials from HTML source
Apache2 is the application's web-server, which we will call
yourname.com:
-- Add a rewriting authentication alias to the configuration:
+Step 1: add a rewriting authentication alias to the configuration:
RewriteEngine on
RewriteRule /spauth/ http://mkws.indexdata.com/service-proxy/?command=auth&action=check,login&username=U&password=PW [P]
-- Set the MKWS configuration item `service_proxy_auth` to
- <http://yourname.com/spauth/>
-- Protect access to the local path <http://yourname.com/spauth/>
- (e.g. using a .htaccess file).
+Step 2: set the MKWS configuration item `service_proxy_auth` to
+<http://yourname.com/spauth/>
+
+Step 3: protect access to the local path <http://yourname.com/spauth/>
+(e.g. using a `.htaccess` file).
Choosing targets from the library