Release Date 26 November 2018.
Support for ILLiad 8.6 ends 28 February 2019
End of support for ILLiad 8.7 estimated for 31 December 2019
Important Update Information
ILLiad 9.0 now uses the .NET 4.6.2 (or higher) framework for both the ILLiad server and the ILLiad client. Your ILLiad server and all desktops that run the ILLiad client will need to update to .NET 4.6.2 framework or higher. Your server and client machines may need to be restarted after installation to apply the changes. This also resolves issues that some institutions have experienced when connecting to web servers that have explicitly disabled TLS 1.0. Note: ILLiad supports the recommended protocol TLS 1.2 for .NET 4.6.2.
Windows Server 2008 R2 SP1 and Windows 7 (client) is the minimum supported for ILLiad 9.
All patron users with ILLiad auth types of ILLiad, ILLiadExclusive, or PatronAPI will be required to reset their password upon the first login after ILLiad 9 update. This does not affect RemoteAuth or LDAP users.
All staff will need to change their ILLiad client password upon login after the update.
Bug fixes and new features are added periodically as point releases.
Considerations Before You Update
Checking the WebAuthtype Key
Sites who have set the RemoteAuthSupport customization key to Yes will need to set the WebAuthType key to RemoteAuth in the Customization Manager prior to the ILLiad 9.0 update.
- If the WebAuthType key is not set to RemoteAuth, the user will be prompted to change their password after the update even if the RemoteAuthSupport key is set to Yes. This is because the new password enhancements use the WebAuthType to determine which sites require the password changes.
- During the update, if the UpgradeAdvisor detects the RemoteAuthSupport customization key is set to Yes and WebAuthType is not set to RemoteAuth then a warning will appear.
Checking the SharedServerSupport Key
Sites who have a Shared Server will need to set the SharedServerSupport key to Yes for all NVTGCS (including ILL).
- When the SharedServerSupport key is set to Yes, then a SQL views script is automatically run during the update. If the key is set to No, then the script doesn't automatically run and it could prevent patrons from accessing their ILLiad accounts after the update.
Checking the ILLiad Authentication Box on the Users Form
If you are using RemoteAuth or LDAP, you will want to make sure that your patrons using your Default AuthType are actually set to have their ILLiad Authentication box Unchecked in their User form. Please see Checking the Patron AuthType for more information.
Sites that have more than one PC
After ILLiad has updated, any user who has successfully logged in and changed their password in either the ILLiad 9.0 Client or ILLiad 9.0 Staff Manager will not be able to log into another workstation whose Client still operates under version 8.7.2. This is because the username has been updated with the new hashing methods which are not recognized in previous versions. Instead, download the ILLiad 9.0 Client Installer and run as an administrator on that machine. Once the Client has updated to version 9.0, then any staff member will be able to successfully log in on that workstation.
Adding the FORMSTATE Tag
Add the FORMSTATE tag to the ChangePassword.html pages. For more information, please read the FORMSTATE Tag article.
ILLiad Highlights
The following new features and enhancements have been added to ILLiad version 9.0.
FIPS Compliance | OCLC Requests | Appearance | Password Security | Miscellaneous
FIPS Compliance
FIPS (Federal Information Processing Standards) can now be enabled for ILLiad.
- 140-2 compliant encryption algorithms
- Activated via the Windows group policy
- FIPS compliance will be supported with ILLiad after the hashing customization keys are set in the Customization Manager with a numerical value (see StaffPasswordHashingIterations and WebPasswordHashingIterations customization keys for more information).
If you need to utilize FIPS on your system after the update, you must update ALL passwords for staff members prior to activating it, or FIPS checking will prevent the system from running for the respective Staff user.
OCLC Requests
Connection Manager will automatically retry once after 15 seconds for most errors encountered when retrieving requests.
Appearance
Updated client and staff interface look and feel with multiple different skins to choose from. For more information, please see Theme Selector.
Password Security
ILLiad Basic Authentication, Staff, and Lending Web security updates for passwords.
- Hashing Methods
- Password Expiration
- Password Complexity
- Increased password field character sizes
- Expired password notifications for patrons
- And many more...
Miscellaneous
Lots of bug fixes and underlying component updates!
ILLiad 9.0 Features & Fixes
For any questions on the ILLiad 9.0 features & fixes, please see the ILLiad 9.0 FAQ. For all other questions, please contact support.
Addons | Admin Tools | Authentication | Database | Docline | Email | ILLiad Client | Notifications | OCLC | Web Pages | Web Platform
Addons
| New | The Chromium Browser is now available for ILLiad 9.0 and higher. Please see Chromium Browser and Chromium WebBrowser for more information. |
Admin Tools
| New | Added StaffPasswordHashingIterations, a hashing customization key to set the number of hash iterations when storing a staff password. The iterations store the hashed passwords as an algorithm for increased security. Default hash iterations 156,000. If you wish to change the default iterations, it is highly recommended to contact support for the number of iterations that work best for the speed of your computer and the hash algorithm. Generally, hash iterations should not be set to less than 100,000. |
|---|---|
| New | Added capability to enable staff password expiration and set default dates for expiration through "StaffPasswordExpirationEnabled" and StaffPasswordExpirationDays" customization keys. |
| New | Added the ability to enforce staff password complexity requirements through the 'StaffPasswordComplexity' customization key under System/General. Staff administrators have the option to override password requirements when creating new staff accounts with initial password. |
| New | Added WebPasswordHashingIterations, a hashing customization key to set the number of hash iterations when storing a user password. The iterations store the hashed passwords as an algorithm for increased security. |
| New | Added Web Interface notifications for invalid user passwords through the customization keys "SLUserPasswordExpired" and "SLPasswordDoesNotMeetHistoryRequirements". |
| New | Added capability to enable user password expiration and set default dates for expiration through "UserPasswordExpirationEnabled" and "UserPasswordExpirationDays" customization keys. For more information on user expirations, please see User Expiration Date. |
| New | Added the ability to not set an expiration date for new users. |
| New | Added capability to enable LWeb password expiration and set default dates for expiration through "LWebPasswordExpirationEnabled" and "LWebPasswordExpirationDays" customization keys. |
| New | Added a "Required" field to the WebValidation table. If the box is checked as required, those fields will require a value equal to the expression noted in the validation field unless the validation is .+. For example, if Fieldname Password1 is required and the validation is set to ^.{10,}$ then the password value is required to have 10 characters. |
| Changed | UserNotification records will be deleted for deleted users. |
| Changed | Added the title "Alert" to any alert popups that do not currently have a title. This will help users easily identify what type of popup message they are receiving. |
| Fixed |
The default customization key value for SLShowRequest has been updated to say 'Enter the information below and press the Submit Request button to send." |
Authentication
| New |
When using SymphonyAPI authentication, users can successfully authenticate into the SIRSI Symphony catalog system through ILLiad. See Symphony API for more information. |
Database
| New | Added "PasswordChangedDate" column to Staff table in accommodation of the staff password expiration keys. When a staff member updates their password, the PasswordChangedDate field will reflect the date and time of the update. |
|---|---|
| New | Added "PasswordChangedDate" column to Users table in accommodation of the user password expiration keys. When a user updates their password, the PasswordChangedDate field will reflect the date and time of the update. |
| New | Added "WebPasswordChangedDate" column to LenderAddresses table in accommodation of the LWeb password expiration keys. When the LWeb password is updated, the PasswordChangedDate field will reflect the date and time of the update. |
| New | A force reset checkbox has been added next to the login in both the Staff Manager and the Client. |
| New |
Added new work form mappings: Seed Data:
Update:
|
| Changed | Increased the length of the Symbol field in the EMST and ElecDelAddresses to 40 characters. |
| Changed | Increased the ESPBillTo and ESPShipTo fields in the LenderAddresses table to be 500 characters from 255. |
| Changed | Increased the WebPassword field length in the LenderAddress table to 255 characters to accommodate the new password hashing customization keys. |
| Changed | ReasonForCancellation field length in the Transactions table is now 150 characters. |
| Changed | Merged SLUsernameNotInDatabase and SLPasswordIncorrect into SLLoginFailed |
| Changed | RequestType check constraint removed from the database. |
| Changed | When ConnectionManager retrieves OCLC requests for importing or updating, a subsequent retry attempt will be made if an error occurs to allow for situations where there is a temporary network outage or the OCLC record is locked. |
Docline
| Fixed | Lender selection now opens selected Lender for Docline. |
| New |
The<#Special.UserDisavowalReason> field is now available to be used as a tag in Email templates. This allows sites to add a custom prefix to the reset link. For example, the RelativePasswordResetLInk will be illiad.dll?Action=10&Form=85&Value=XYZ1234 for the PasswordResetLink http://illiad.library.edu/illiad/illiad.dll?Action=10&Form=85&Value=XYZ1234. |
ILLiad Client
| Changed | Undo Shipped is not allowed when there are IFM billing charges associated with the request. |
|---|---|
| Changed | Removed link to community portal. |
| Changed | MarkFound process validation errors will now display to the end user. |
| Changed | On the Update Stacks Search Results page, if the OCLC status comes back as anything other than CONSIDERING or CONDITIONS_ACCEPTED, the field will be highlighted yellow and a warning indicator placed for emphasis. |
| Changed | Added Customization Key 'CopyZ3950BibInfo' to control the default behavior of the 'Copy Info' button on Z39.50 searches which is now split button. The default will include bibliographic information (Title and Author), while drop down option will only import call number and location. |
| Changed | On the Check-In from Lending Library form, if a transaction has no lender string, a search box appears (in place of the radio buttons to select the lender) allowing staff to search for the lender. The search button becomes enabled after something is typed in the text search field. |
| Fixed | Client form refresh now refreshes all tabs, not just the selected one. |
| Fixed | Cloning a request in the staff client now correctly copies the RequestType. |
| Fixed | Fixed a problem where changing the layout of tabbed groups caused an error when they were un-grouped. |
| Fixed | Fixed a problem where invalid characters in OCLC request cause an error. |
| Fixed | Fixed issue preventing routing rules from being applied when creating new LOCL requests. |
| Fixed | Removed unsupported search types from OCLC Statuses page |
| Fixed | Fixed MRU Unicode issues that would occur when attempting to edit dropdown values in the client that had Unicode values. Mostly noted when modifying Z39.50 search queries. |
Notifications
| Changed | Modified processing of SMS notification timers. |
|---|---|
| Fixed | Fixed borrowing overdue letter templates with salutation Dear User_LastName User_LastName to say Dear User_FirstName User_LastName |
| Fixed | Carriage returns are now stripped out of tag data. |
OCLC
| Fixed | Update Received will import Lending info. |
| Fixed | OCLC Received updates removed from the ESPUpdate table if the item status is already set to 'Received' or is 'Not Found' |
Web Pages
| Changed |
Updated default web pages by wrapping navigation in a <nav> tag for accessibility. |
|---|---|
| Changed | Allow for renewals/cloning of OTH requests in Lending Web pages. |
| Changed | Added alert roles to error status lines for accessibility. |
| Changed | DLL will now support multiple cookies. |
| Changed | Updated the ChangePassword.html, NewPassword.html, NewUserRegistration.html, LendingChangePassword.html, LendingNewPassword.html, and LendingNewUserRegistration.html default web pages by removing the <#PARAM> tags for any password fields so that data no longer persists when values are incorrect. |
| Fixed | Fixed an issue where the DLL would not handle invalid OpenURLFieldValues with invalid tag syntax. ie. "<#rft.btitle" (missing closing bracket) |
| Fixed | Fixed the closing brace in the include_head.html page to the proper tag syntax. The <![endif]--0 has been changed to ![endif]--> |
| Fixed | Fixed issue of SCountry not working properly on the ChangeUserInformation and NewAuthRegistration pages. |
| Fixed | Fixed Unicode issues where Unicode characters and diacritics were not handled properly in Lending Web DLL. |
| Fixed | Fixed web display status issues for delivery locations. |
| Fixed | Fixed an issue where some Unicode characters are not properly encoded on OpenURL submissions if the user must log in first. |
| Fixed | Updated the default ReviewRequestHistory.html page by replacing 'History Requests' with 'Request History'. |
Web Platform
| New | Added AllowInsecureWebPlatformRequests customization key to determine if the Web Platform requests require the use of SSL. Note: for Shared Servers, this key can't be set individually per site. |
|---|---|
| Fixed | Updated to .NET 4.6.2, which also resolves issues that some institutions have experienced when connecting to web servers that have explicitly disabled TLS 1.0. Note: ILLiad supports the recommended protocol TLS 1.2 for .NET 4.6.2. |
ILLiad 9.0 Point Release Notes
03 Dec 2018 (9.0.2) Shared Component (Server/Client) Release
This update is only required for those whose client was not updated to version 9.0.1 on the server.
| Fixed | Fixed an issue where server addons would not run properly. |
Comments
Article is closed for comments.