Checking the Patron AuthType

Follow

Before you update your server to ILLiad 9, if you are using RemoteAuth or LDAP, you will want to make sure that your patrons using your Default AuthType are actually set to have their ILLiad Authentication box Unchecked in their User form.

To ensure ILLiad recognizes patrons as RemoteAuth or LDAP, there are a couple of things you must do.

Check the WebAuthType key in the Customization Manager

Sites who have set the RemoteAuthSupport customization key to Yes will need to set the WebAuthType key to RemoteAuth in the Customization Manager prior to the ILLiad 9.0 update.

  • If the WebAuthType key is not set to RemoteAuth, the user will be prompted to change their password after the update even if the RemoteAuthSupport key is set to Yes. This is because the new password enhancements use the WebAuthType to determine which sites require the password changes.
  • During the update, if the UpgradeAdvisor detects the RemoteAuthSupport customization key is set to Yes and WebAuthType is not set to RemoteAuth then a warning will appear.

Check the Patron AuthType

There are two different options for checking the Patron AuthType. To access option 1, click on the arrow. To access option 2, click on the magnifying glass. See example below.

mceclip3.png

Option 1: Custom User Search

The results can be filtered by setting parameters on the custom search or by clicking on the column headings and filtering the data.

Notice how in the search results grid you can see that the field in the Users table is really “AuthType” and if the box for ILLiad Authentication is CHECKED then this value is “ILLiad”, and if the box is UNCHECKED the value is “Default”.

Note: The value shown in the password column are not actual user passwords.

Capture.PNG

Option 2: Search User Results

Scroll to the right until you see the AuthType column.

mceclip4.png

Changing the User Records

If you find that you have a lot of user records where the AuthType is set to ILLiad instead of to Default, you can contact Support and have that changed via a SQL Query (as long as we can identify which users need to have this value changed).

illiad9userformauthtype.png

Additional Details- Click the (+) symbol to expand this section.

Anyone with the ILLiad Authentication box checked (AuthType=ILLiad) will be prompted to change their password in ILLiad 9 because the encryption on the passwords was updated in this version.

To clarify, those users who login via LDAP or RemoteAuth but whose AuthType are set to ILLiad would have been able to log into ILLiad just fine up until the ILLiad 9 update. Once you update, there is a check done in the DLL like these:

For a user who does not have the box checked:   

2018-12-07 11:13:48,939 [DEBUG] ILLiad 2528 - User AuthType: Default (user did not have "ILLiad Authentication" checked.)
2018-12-07 11:13:48,939 [INFO] Customization 2528 - WebAuthType (ILL) = RemoteAuth (WebAuthType key is "RemoteAuth")
2018-12-07 11:13:48,939 [DEBUG] ILLiad 2528 - Default AuthType: RemoteAuth (it declares that the default AuthType is RemoteAuth)
2018-12-07 11:13:48,939 [DEBUG] ILLiad 2528 - Using LDAP: False (it decides that they are not using LDAP)
2018-12-07 11:13:48,939 [DEBUG] ILLiad 2528 - Using RemoteAuth: True (putting all this info together, it decides this user is using RemoteAuth)
2018-12-07 11:13:48,939 [DEBUG] ILLiad 2528 - Using ILLiad passwords: False (because they're using RemoteAuth, they're not using ILLiad passwords)

And if a user does have that box checked, even though they're in the protected set of pages, the DLL log does this:

2018-12-07 05:06:43,316 [DEBUG] ILLiad 2524 - User AuthType: ILLiad (user has the ILLiad Authentication box checked)
2018-12-07 05:06:43,316 [DEBUG] ILLiad 2524 - Using LDAP: False (it decides that they are not using LDAP)
2018-12-07 05:06:43,316 [DEBUG] ILLiad 2524 - Using RemoteAuth: False (it decides they are not using RemoteAuth)
2018-12-07 05:06:43,316 [DEBUG] ILLiad 2524 - Using ILLiad passwords: True (therefore it is using the ILLiad password)
2018-12-07 05:06:43,316 [INFO] PasswordExpiration 2524 - A password reset is required due to missing/invalid last changed date. (and the PasswordChangedDate is not a valid value, so it sends them to the ChangePassword page)

Questions?

If this article didn’t resolve your issue, please take a moment and answer a few questions to help improve our documentation:

Feedback