ILLiad 9.0 Release Notes


Release Date 26 November 2018.

Support for ILLiad 8.6 ends 28 February 2019

End of support for ILLiad 8.7 estimated for 31 December 2019

Important Update Information

ILLiad 9.0 now uses the .NET 4.6.2 (or higher) framework for both the ILLiad server and the ILLiad clientYour ILLiad server and all desktops that run the ILLiad client will need to update to .NET 4.6.2 framework or higher. Your server and client machines may need to be restarted after installation to apply the changes. This also resolves issues that some institutions have experienced when connecting to web servers that have explicitly disabled TLS 1.0. Note: ILLiad supports the recommended protocol TLS 1.2 for .NET 4.6.2.

Windows Server 2008 R2 SP1 and Windows 7 (client) is the minimum supported for ILLiad 9.

All patron users with ILLiad auth types of ILLiad, ILLiadExclusive, or PatronAPI will be required to reset their password upon the first login after ILLiad 9 update. This does not affect RemoteAuth or LDAP users.

All staff will need to change their ILLiad client password upon login after the update.

Bug fixes and new features are added periodically as point releases.

Considerations Before You Update

Checking the WebAuthtype Key

Sites who have set the RemoteAuthSupport customization key to Yes will need to set the WebAuthType key to RemoteAuth in the Customization Manager prior to the ILLiad 9.0 update.

  • If the WebAuthType key is not set to RemoteAuth, the user will be prompted to change their password after the update even if the RemoteAuthSupport key is set to Yes. This is because the new password enhancements use the WebAuthType to determine which sites require the password changes. 
  • During the update, if the UpgradeAdvisor detects the RemoteAuthSupport customization key is set to Yes and WebAuthType is not set to RemoteAuth then a warning will appear. 

Checking the SharedServerSupport Key

Sites who have a Shared Server will need to set the SharedServerSupport key to Yes for all NVTGCS (including ILL).

  • When the SharedServerSupport key is set to Yes, then a SQL views script is automatically run during the update. If the key is set to No, then the script doesn't automatically run and it could prevent patrons from accessing their ILLiad accounts after the update.

Checking the ILLiad Authentication Box on the Users Form

If you are using RemoteAuth or LDAP, you will want to make sure that your patrons using your Default AuthType are actually set to have their ILLiad Authentication box Unchecked in their User form. Please see Checking the Patron AuthType for more information. 

Sites that have more than one PC

After ILLiad has updated, any user who has successfully logged in and changed their password in either the ILLiad 9.0 Client or ILLiad 9.0 Staff Manager will not be able to log into another workstation whose Client still operates under version 8.7.2. This is because the username has been updated with the new hashing methods which are not recognized in previous versions. Instead, download the ILLiad 9.0 Client Installer and run as an administrator on that machine. Once the Client has updated to version 9.0, then any staff member will be able to successfully log in on that workstation.

Adding the FORMSTATE Tag

Add the FORMSTATE tag to the ChangePassword.html pages. For more information, please read the FORMSTATE Tag article.

ILLiad Highlights

The following new features and enhancements have been added to ILLiad version 9.0.

FIPS Compliance | OCLC Requests | Appearance | Password Security | Miscellaneous

FIPS Compliance

FIPS (Federal Information Processing Standards) can now be enabled for ILLiad.

  • 140-2 compliant encryption algorithms
  • Activated via the Windows group policy
  • FIPS compliance will be supported with ILLiad after the hashing customization keys are set in the Customization Manager with a numerical value (see StaffPasswordHashingIterations and WebPasswordHashingIterations customization keys for more information). 

If you need to utilize FIPS on your system after the update, you must update ALL passwords for staff members prior to activating it, or FIPS checking will prevent the system from running for the respective Staff user.

OCLC Requests

Connection Manager will automatically retry once after 15 seconds for most errors encountered when retrieving requests.


Updated client and staff interface look and feel with multiple different skins to choose from. For more information, please see Theme Selector.  

Password Security

ILLiad Basic Authentication, Staff, and Lending Web security updates for passwords.

  • Hashing Methods
  • Password Expiration
  • Password Complexity
  • Increased password field character sizes
  • Expired password notifications for patrons
  • And many more...


Lots of bug fixes and underlying component updates!

ILLiad 9.0 Features & Fixes 

For any questions on the ILLiad 9.0 features & fixes, please see the ILLiad 9.0 FAQ. For all other questions, please contact support.

Addons | Admin Tools | Authentication Database | Docline | Email | ILLiad Client | Notifications | OCLC Web Pages | Web Platform


New The Chromium Browser is now available for ILLiad 9.0 and higher. Please see Chromium Browser and Chromium WebBrowser for more information.

Admin Tools

New Added StaffPasswordHashingIterations, a hashing customization key to set the number of hash iterations when storing a staff password. The iterations store the hashed passwords as an algorithm for increased security. Default hash iterations 156,000. If you wish to change the default iterations, it is highly recommended to contact support for the number of iterations that work best for the speed of your computer and the hash algorithm. Generally, hash iterations should not be set to less than 100,000.
New Added capability to enable staff password expiration and set default dates for expiration through "StaffPasswordExpirationEnabled" and StaffPasswordExpirationDays" customization keys.
New Added the ability to enforce staff password complexity requirements through the 'StaffPasswordComplexity' customization key under System/General. Staff administrators have the option to override password requirements when creating new staff accounts with initial password.
New Added WebPasswordHashingIterations, a hashing customization key to set the number of hash iterations when storing a user password. The iterations store the hashed passwords as an algorithm for increased security.
New Added Web Interface notifications for invalid user passwords through the customization keys "SLUserPasswordExpired" and "SLPasswordDoesNotMeetHistoryRequirements".
New Added capability to enable user password expiration and set default dates for expiration through "UserPasswordExpirationEnabled" and "UserPasswordExpirationDays" customization keys. For more information on user expirations, please see User Expiration Date.
New Added the ability to not set an expiration date for new users.
New Added capability to enable LWeb password expiration and set default dates for expiration through  "LWebPasswordExpirationEnabled" and "LWebPasswordExpirationDays" customization keys.
New Added a "Required" field to the WebValidation table. If the box is checked as required, those fields will require a value equal to the expression noted in the validation field unless the validation is .+. For example, if Fieldname Password1 is required and the validation is set to ^.{10,}$ then the password value is required to have 10 characters. 
Changed UserNotification records will be deleted for deleted users.
Changed Added the title "Alert" to any alert popups that do not currently have a title. This will help users easily identify what type of popup message they are receiving.

The default customization key value for SLShowRequest has been updated to say 'Enter the information below and press the Submit Request button to send." 



When using SymphonyAPI authentication, users can successfully authenticate into the SIRSI Symphony catalog system through ILLiad. See Symphony API for more information.


New Added "PasswordChangedDate" column to Staff table in accommodation of the staff password expiration keys. When a staff member updates their password, the PasswordChangedDate field will reflect the date and time of the update.
New Added "PasswordChangedDate" column to Users table in accommodation of the user password expiration keys. When a user updates their password, the PasswordChangedDate field will reflect the date and time of the update.
New Added "WebPasswordChangedDate" column to LenderAddresses table in accommodation of the LWeb password expiration keys. When the LWeb password is updated, the PasswordChangedDate field will reflect the date and time of the update.
New A force reset checkbox has been added next to the login in both the Staff Manager and the Client.

Added new work form mappings:

Seed Data:

    • Blank Article: CopyrightCompliance, DOI, PMID
    • OCLC Article: CopyrightCompliance


    • Blank Article: CopyrightCompliance
    • OCLC Article: CopyrightCompliance
Changed Increased the length of the Symbol field in the EMST and ElecDelAddresses to 40 characters.
Changed Increased the ESPBillTo and ESPShipTo fields in the LenderAddresses table to be 500 characters from 255.
Changed Increased the WebPassword field length in the LenderAddress table to 255 characters to accommodate the new password hashing customization keys.
Changed ReasonForCancellation field length in the Transactions table is now 150 characters.
Changed Merged SLUsernameNotInDatabase and SLPasswordIncorrect into SLLoginFailed
Changed RequestType check constraint removed from the database.
Changed When ConnectionManager retrieves OCLC requests for importing or updating, a subsequent retry attempt will be made if an error occurs to allow for situations where there is a temporary network outage or the OCLC record is locked. 


Fixed Lender selection now opens selected Lender for Docline.




The<#Special.UserDisavowalReason> field is now available to be used as a tag in Email templates. This allows sites to add a custom prefix to the reset link. For example, the RelativePasswordResetLInk will be illiad.dll?Action=10&Form=85&Value=XYZ1234 for the PasswordResetLink


ILLiad Client

Changed Undo Shipped is not allowed when there are IFM billing charges associated with the request.
Changed Removed link to community portal.
Changed MarkFound process validation errors will now display to the end user.
Changed On the Update Stacks Search Results page, if the OCLC status comes back as anything other than CONSIDERING or CONDITIONS_ACCEPTED, the field will be highlighted yellow and a warning indicator placed for emphasis.
Changed Added Customization Key 'CopyZ3950BibInfo' to control the default behavior of the 'Copy Info' button on Z39.50 searches which is now split button. The default will include bibliographic information (Title and Author), while drop down option will only import call number and location.
Changed On the Check-In from Lending Library form, if a transaction has no lender string, a search box appears (in place of the radio buttons to select the lender) allowing staff to search for the lender. The search button becomes enabled after something is typed in the text search field.
Fixed Client form refresh now refreshes all tabs, not just the selected one.
Fixed Cloning a request in the staff client now correctly copies the RequestType.
Fixed Fixed a problem where changing the layout of tabbed groups caused an error when they were un-grouped.
Fixed Fixed a problem where invalid characters in OCLC request cause an error.
Fixed Fixed issue preventing routing rules from being applied when creating new LOCL requests.
Fixed Removed unsupported search types from OCLC Statuses page
Fixed Fixed MRU Unicode issues that would occur when attempting to edit dropdown values in the client that had Unicode values. Mostly noted when modifying Z39.50 search queries.


Changed Modified processing of SMS notification timers.
 Fixed Fixed borrowing overdue letter templates with salutation Dear User_LastName User_LastName to say Dear User_FirstName User_LastName
 Fixed Carriage returns are now stripped out of tag data.


Fixed Update Received will import Lending info.
Fixed OCLC Received updates removed from the ESPUpdate table if the item status is already set to 'Received' or is 'Not Found'

Web Pages


Updated default web pages by wrapping navigation in a <nav> tag for accessibility.

Changed Allow for renewals/cloning of OTH requests in Lending Web pages.
Changed Added alert roles to error status lines for accessibility.
Changed DLL will now support multiple cookies.
Changed Updated the ChangePassword.html, NewPassword.html, NewUserRegistration.html, LendingChangePassword.html, LendingNewPassword.html, and LendingNewUserRegistration.html default web pages by removing the <#PARAM> tags for any password fields so that data no longer persists when values are incorrect.
 Fixed Fixed an issue where the DLL would not handle invalid OpenURLFieldValues with invalid tag syntax. ie. "<#rft.btitle" (missing closing bracket)
 Fixed Fixed the closing brace in the include_head.html page to the proper tag syntax. The <![endif]--0 has been changed to ![endif]-->
 Fixed Fixed issue of SCountry not working properly on the ChangeUserInformation and NewAuthRegistration pages.
 Fixed Fixed Unicode issues where Unicode characters and diacritics were not handled properly in Lending Web DLL.
 Fixed Fixed web display status issues for delivery locations.
 Fixed Fixed an issue where some Unicode characters are not properly encoded on OpenURL submissions if the user must log in first.
 Fixed Updated the default ReviewRequestHistory.html page by replacing 'History Requests' with 'Request History'.

Web Platform

 New Added AllowInsecureWebPlatformRequests customization key to determine if the Web Platform requests require the use of SSL. Note: for Shared Servers, this key can't be set individually per site.
 Fixed Updated to .NET 4.6.2, which also resolves issues that some institutions have experienced when connecting to web servers that have explicitly disabled TLS 1.0. Note: ILLiad supports the recommended protocol TLS 1.2 for .NET 4.6.2.

ILLiad 9.0 Point Release Notes

03 Dec 2018 (9.0.2) Shared Component (Server/Client) Release

This update is only required for those whose client was not updated to version 9.0.1 on the server.

Fixed Fixed an issue where server addons would not run properly.

10 Dec 2018 (9.0.1) DLL Release

Fixed Fixed a web validation issue with the debug DLL logs. 
0 out of 0 found this helpful



Article is closed for comments.