Release Date 26 November 2018.
Support for ILLiad 8.6 ends 28 February 2019
Important Update Information
ILLiad 9.0 now uses the .NET 4.6.2 (or higher) framework for both the ILLiad server and the ILLiad client. Your ILLiad server and all desktops that run the ILLiad client will need to update to .NET 4.6.2 framework or higher. Your server and client machines may need to be restarted after installation to apply the changes. This also resolves issues that some institutions have experienced when connecting to web servers that have explicitly disabled TLS 1.0.
Windows Server 2008 R2 SP1 and Windows 7 (client) is the minimum supported for ILLiad 9.
All patron users with ILLiad auth types of ILLiad, ILLiadExclusive, or PatronAPI will be required to reset their password upon the first login after ILLiad 9 update. This does not affect RemoteAuth or LDAP users.
All staff will need to change their ILLiad client password upon login after the update.
Bug fixes and new features are added periodically as point releases.
Considerations Before You Update
Checking the WebAuthtype Key
Sites who have set the RemoteAuthSupport customization key to Yes will need to set the WebAuthType key to RemoteAuth prior to the ILLiad 9.0 update. If the WebAuthType key is not set to RemoteAuth, the user will be prompted to change their password after the update even if the RemoteAuthSupport key is set to Yes. This is because the new password enhancements use the WebAuthType to determine which sites require the password changes.
Sites that have more than one PC
After ILLiad has updated, any user who has successfully logged in and changed their password in either the ILLiad 9.0 Client or ILLiad 9.0 Staff Manager will not be able to log into another workstation whose Client still operates under version 8.7.2. This is because the username has been updated with the new hashing methods which are not recognized in previous versions. Instead, download the ILLiad 9.0 Client Installer and run as an administrator on that machine. Once the Client has updated to version 9.0, then any staff member will be able to successfully log in on that workstation.
Adding the FORMSTATE Tag
Add the FORMSTATE tag to the ChangePassword.html pages. For more information, please read the FORMSTATE Tag article.
The following new features and enhancements have been added to ILLiad version 9.0.
FIPS (Federal Information Processing Standards) can now be enabled for ILLiad.
- 140-2 compliant encryption algorithms
- Activated via the Windows group policy
- FIPS compliance will be supported with ILLiad after the hashing customization keys are set in the Customization Manager with a numerical value (see StaffPasswordHashingIterations and WebPasswordHashingIterations customization keys for more information).
If you need to utilize FIPS on your system after the update, you must update ALL passwords for staff members prior to activating it, or FIPS checking will prevent the system from running for the respective Staff user.
Connection Manager will automatically retry once after 15 seconds for most errors encountered when retrieving requests.
Updated client and staff interface look and feel with multiple different skins to choose from. For more information, please see Theme Selector.
ILLiad Basic Authentication, Staff, and Lending Web security updates for passwords.
- Hashing Methods
- Password Expiration
- Password Complexity
- Increased password field character sizes
- Expired password notifications for patrons
- And many more...
Lots of bug fixes and underlying component updates!
ILLiad 9.0 Features & Fixes
For any questions on the ILLiad 9.0 features & fixes, please see the ILLiad 9.0 FAQ. For all other questions, please contact support.
|New||The Chromium Browser is now available for ILLiad 9.0 and higher. Please see Chromium Browser and Chromium WebBrowser for more information.|
|New||Added StaffPasswordHashingIterations, a hashing customization key to set the number of hash iterations when storing a staff password. The iterations store the hashed passwords as an algorithm for increased security. Default hash iterations 156,000. If you wish to change the default iterations, it is highly recommended to contact support for the number of iterations that work best for the speed of your computer and the hash algorithm. Generally, hash iterations should not be set to less than 100,000.|
|New||Added capability to enable staff password expiration and set default dates for expiration through "StaffPasswordExpirationEnabled" and StaffPasswordExpirationDays" customization keys.|
|New||Added the ability to enforce staff password complexity requirements through the 'StaffPasswordComplexity' customization key under System/General. Staff administrators have the option to override password requirements when creating new staff accounts with initial password.|
|New||Added WebPasswordHashingIterations, a hashing customization key to set the number of hash iterations when storing a user password. The iterations store the hashed passwords as an algorithm for increased security.|
|New||Added Web Interface notifications for invalid user passwords through the customization keys "SLUserPasswordExpired" and "SLPasswordDoesNotMeetHistoryRequirements".|
|New||Added capability to enable user password expiration and set default dates for expiration through "UserPasswordExpirationEnabled" and "UserPasswordExpirationDays" customization keys. For more information on user expirations, please see User Expiration Date.|
|New||Added the ability to not set an expiration date for new users.|
|New||Added capability to enable LWeb password expiration and set default dates for expiration through "LWebPasswordExpirationEnabled" and "LWebPasswordExpirationDays" customization keys.|
|Changed||UserNotification records will be deleted for deleted users.|
|Changed||Added the title "Alert" to any alert popups that do not currently have a title. This will help users easily identify what type of popup message they are receiving.|
The default customization key value for SLShowRequest has been updated to say 'Enter the information below and press the Submit Request button to send."
When using SymphonyAPI authentication, users can successfully authenticate into the SIRSI Symphony catalog system through ILLiad. See Symphony API for more information.
|New||Added "PasswordChangedDate" column to Staff table in accommodation of the staff password expiration keys. When a staff member updates their password, the PasswordChangedDate field will reflect the date and time of the update.|
|New||Added "PasswordChangedDate" column to Users table in accommodation of the user password expiration keys. When a user updates their password, the PasswordChangedDate field will reflect the date and time of the update.|
|New||Added "WebPasswordChangedDate" column to LenderAddresses table in accommodation of the LWeb password expiration keys. When the LWeb password is updated, the PasswordChangedDate field will reflect the date and time of the update.|
|New||A force reset checkbox has been added next to the login in both the Staff Manager and the Client.|
Added new work form mappings:
|Changed||Increased the length of the Symbol field in the EMST and ElecDelAddresses to 40 characters.|
|Changed||Increased the ESPBillTo and ESPShipTo fields in the LenderAddresses table to be 500 characters from 255.|
|Changed||Increased the WebPassword field length in the LenderAddress table to 255 characters to accommodate the new password hashing customization keys.|
|Changed||ReasonForCancellation field length in the Transactions table is now 150 characters.|
|Changed||Merged SLUsernameNotInDatabase and SLPasswordIncorrect into SLLoginFailed|
|Changed||RequestType check constraint removed from the database.|
|Changed||When ConnectionManager retrieves OCLC requests for importing or updating, a subsequent retry attempt will be made if an error occurs to allow for situations where there is a temporary network outage or the OCLC record is locked.|
|Changed||Undo Shipped is not allowed when there are IFM billing charges associated with the request.|
|Changed||Removed link to community portal.|
|Changed||MarkFound process validation errors will now display to the end user.|
|Changed||On the Update Stacks Search Results page, if the OCLC status comes back as anything other than CONSIDERING or CONDITIONS_ACCEPTED, the field will be highlighted yellow and a warning indicator placed for emphasis.|
|Changed||Added Customization Key 'CopyZ3950BibInfo' to control the default behavior of the 'Copy Info' button on Z39.50 searches which is now split button. The default will include bibliographic information (Title and Author), while drop down option will only import call number and location.|
|Changed||On the Check-In from Lending Library form, if a transaction has no lender string, a search box appears (in place of the radio buttons to select the lender) allowing staff to search for the lender. The search button becomes enabled after something is typed in the text search field.|
|Fixed||Client form refresh now refreshes all tabs, not just the selected one.|
|Fixed||Cloning a request in the staff client now correctly copies the RequestType.|
|Fixed||Fixed a problem where changing the layout of tabbed groups caused an error when they were un-grouped.|
|Fixed||Fixed a problem where invalid characters in OCLC request cause an error.|
|Fixed||Fixed issue preventing routing rules from being applied when creating new LOCL requests.|
|Fixed||Removed unsupported search types from OCLC Statuses page|
|Fixed||Fixed MRU Unicode issues that would occur when attempting to edit dropdown values in the client that had Unicode values. Mostly noted when modifying Z39.50 search queries.|
|Changed||Modified processing of SMS notification timers.|
|Fixed||Fixed borrowing overdue letter templates with salutation Dear User_LastName User_LastName to say Dear User_FirstName User_LastName|
|Fixed||Carriage returns are now stripped out of tag data.|
|Fixed||Update Received will import Lending info.|
|Fixed||OCLC Received updates removed from the ESPUpdate table if the item status is already set to 'Received' or is 'Not Found'|
Updated default web pages by wrapping navigation in a <nav> tag for accessibility.
|Changed||Allow for renewals/cloning of OTH requests in Lending Web pages.|
|Changed||Added alert roles to error status lines for accessibility.|
|Changed||DLL will now support multiple cookies.|
|Changed||Updated the ChangePassword.html, NewPassword.html, NewUserRegistration.html, LendingChangePassword.html, LendingNewPassword.html, and LendingNewUserRegistration.html default web pages by removing the <#PARAM> tags for any password fields so that data no longer persists when values are incorrect.|
|Fixed||Fixed an issue where the DLL would not handle invalid OpenURLFieldValues with invalid tag syntax. ie. "<#rft.btitle" (missing closing bracket)|
|Fixed||Fixed issue of SCountry not working properly on the ChangeUserInformation and NewAuthRegistration pages.|
|Fixed||Fixed Unicode issues where Unicode characters and diacritics were not handled properly in Lending Web DLL.|
|Fixed||Fixed web display status issues for delivery locations.|
|Fixed||Fixed an issue where some Unicode characters are not properly encoded on OpenURL submissions if the user must log in first.|
|Fixed||Updated the default ReviewRequestHistory.html page by replacing 'History Requests' with 'Request History'.|
|New||Added AllowInsecureWebPlatformRequests customization key to determine if the Web Platform requests require the use of SSL on shared server installations.|
|Fixed||Updated to .NET 4.6.2, which also resolves issues that some institutions have experienced when connecting to web servers that have explicitly disabled TLS 1.0.|
ILLiad 9.0 Point Release Notes
03 Dec 2018 (9.0.2) Shared Component (Server/Client) Release
This update is only required for those whose client was not updated to version 9.0.1 on the server.
|Fixed||Fixed an issue where server addons would not run properly.|