ILLiad 9.1 Release Notes

Print Friendly and PDF Follow

Important Update Information

Released December 18th, 2019


As promised on the ILLiad Roadmap, here are the main features/enhancements of ILLiad 9.1:

  • Authentication Enhancements  
  • Automatic User Creation
  • New, Fully Accessible and Responsive Web Pages  
  • Enhanced Rapid / RapidR Integration
  • Decision Support for Request Processing    

There are over 60 bug fixes and several underlying component updates to continue supporting external systems in this release. 

Considerations Before You Update     

Review ILLiad 9.1 FAQ

For frequently asked questions and additional information regarding the 9.1 features and fixes, please see the ILLiad 9.1 FAQ. You can also view the recorded 9.1 pre-release webinars in the VTL (ILLiad in Focus 9.1 and ILLiad in Focus 9.1 Encore). For all other questions, please contact support at

Updating During Normal Working Hours

Please consider running updates and installations during standard support hours 8 am - 5 pm eastern time (business days Monday - Friday) so that help is readily available if any issues are encountered.

Updating Procedures

Before you begin updating, please review the Hardware and Software Requirements for Version 9.1. For specific instructions on updating, see Updating ILLiad to the Newest Version.

Updating from Version 8.7

If you are updating from ILLiad 8.7, please review the ILLiad 9.0 Release Notes and FAQ since all the password change requirements will impact you after updating to version 9.1. You will need to update the server and the client on each machine to 9.0 prior to updating the server and clients for ILLiad 9.1. It's not required to login or change any passwords until after you've updated to 9.1.

NoteWorthy Changes in the 9.1 Update

  • The existing RemoteAuthUserVariable Customization Key will be removed and recreated as a default line in the new RemoteAuthValidation table. This change was added in support of the Authentication Enhancements feature.

Manual ISO Service Upgrade

The ISO Service requires a manual upgrade after the 9.1 update due to the new database configuration. For instructions on upgrading, see 9.1 ISO Service Upgrade.

Rapid Returnable Workflow Configuration

After updating ILLiad to v9.1, please contact Rapid staff at There is a UsesReturnableWorkflow flag that needs to be turned on. If the flag has not been configured when a lender sets a Book request to Filled via the Rapid API and the borrower utilizes the UsesReturnableWorkflow, then instead of setting the request to Filled, it sets it to Shipped.

ILLiad 9.1 Features & Fixes 

Addons | Administrative | Authentication | Connection Manager | Decision Support for Request Processing | DOCLINE | Email | ISO | OdysseyRAPID | Staff Client | Staff Customization Manager | Staff Manager | Web Interface |  Web Platform



Added support for addon history entries added to the Request Form using the ExecuteCommand("AddHistory", {TransactionNumber, Entry, Username}).



ILLiad 9.0 and 9.1 are now supported to run on Windows Server 2019. 


Fixed issue where the ILLiad API was not using database defaults for creating new requests. For example, a request would not appear on the ILLiad reports even though it was in the Client if the CopyrightAlreadyPaid key is set to Null via the API since the reports are looking for the default value of No or Yes. Bug# 4093



Added Authentication Enhancements that allow ILLiad to validate patron registration through their external authentication system by verifying access and importing relevant user information. At each login, ILLiad will validate credentials and verify access as well as update any relevant identity information. For more information, see Authentication Enhancements


Through the use of Automatic User Creation, ILLiad will now create a user record automatically based on identity information provided by an external authentication system for unregistered users who login to ILLiad. This feature is supported by the Authentication Enhancements feature. For more information, see Automatic User Creation. Removed the Customization Key RemoteAuthUserVariable and replaced it with a line item in the RemoteAuthValidation table.


The Account Number field is no longer included by default web pages. Instead, a new Customization key, ShowAccountsPageWithDefaultAccount, has been added to indicate if the user should be shown the UserAccounts page after registration if a default billing account is added for the user. If the key is set to no, the user will be directed to their requested page as it normally would.


Sites will be able to force patrons to update their user information by Auto Expiring Users. Four new Customization Keys have been added to support auto expiration: 

  • AutoExpireUsers
  • AutoExpireUsersClearedValue 
  • RenewedUsersClearedValue
  • AutoUpdateExpiration

For more information, see Automatic Expiration of Users.


Added SLUserLockedOutUserLoginAttemptsBeforeLock, and UsingUserLockout Customization Keys to temporarily block web users after a configurable number of invalid password login attempts. In support of temporarily blocking web users after exceeding the failed login limit, the two new columns have been added to the user's table (FailedLoginCount and Locked). See Temporarily Block Web User for Failed Login Attempts for more information. 

Connection Manager

Changed Removed the DevExpress MemData component that caches transaction statuses from the Connection Manager and replaced it with JSON functionality.

Fixed issue where the updater may cause a hang-up in the Client if it receives a 404 response when trying to download the update executable. Bug# 4007


Fixed an issue that would generate an Undo Shipped error "Received unexpected undo shipped message for transaction from [lender symbol]" when an item was Checked In from a lender with a lowercase lender symbol. Bug# 3989

Decision Support for Request Processing


The Decision Support Pipeline (DSP) combines the power of addons, pipelines, stages, business rules, and routing rules to gather data from external systems in an effort to help make better fulfillment decisions and automate the borrowing request process for both articles and loans. 

For more information, see the new DSP articles below: 

New addons supported by DSP:


As a part of the 9.1 update, the ILLiad client installer will update the DOCLINE scripts to accommodate the URL change which will occur on January 1st, 2020. For information on this change, please see the DOCLINE FAQ.


Added support for handling requests placed using the "Place Requests - PMIDs" borrowing option. If the request is placed through the DOCLINE web interface, the lending library will receive a separate transaction number for each item requested. Since each DOCLINE request must be associated with a single ILLiad request, multiple borrowing requests using the Place Requests - PMID is not supported.


The DOCLINE scripts (v3.2) have been updated to use the new DOCLINE URL The DOCLINE scripts will be updated as a part of the 9.1 update. 


Removed the DOCLINE username and password customization keys since DOCLINE 6.0 no longer allows for automatic authentication into the website and requires each user to have a unique username and password.


Fixed issue where the default shipping option value for articles in Docline is being set to the default shipping value of loans. When the lending library imports the lending request, it imports the LenderAddresses. The DefaultShippingMethodLoan value was being placed into the Transactions.ShippingOptions field instead of using the LenderAddresses.DefaultShippingMethodArticle value. Bug# 4028



Fixed issue where the email and SMS template tag processor does not properly handle parameters that have a right angle bracket. The RegEx used assumes the first right angle bracket is part of the tag instead of a bracket inside the tag parameter. Bug# 1470



The ISO Service requires a manual upgrade after the 9.1 update due to the new database configuration and the OpenJDK bundle. For instructions on upgrading, see 9.1 ISO Service Upgrade.

  • Database Configuration: The ILLiad 9.1 ISOService has been changed to connect to the ILLiad database using the SQL DBC file. 
  • OpenJDK: The ILLiad 9.1 ISOService no longer requires Java 8 to be installed on the server. The ISO Service is now bundled with the OpenJDK (an open-source implementation of the Java platform) and does not require an Oracle Java license. 

As a part of the configurations, new installs of the ISO Service Manager will be installed via a ps1 PowerShell script instead of the InstallService.bat.


Fixed issue where the ESPNumber and InstitutionSymbol are not being set on outgoing ISO requests resulting in the error message "Could not execute JDBC batch update". Bug# 1453



Updated the Odyssey Client to retrieve requests by an alternative ID  (e.g., IDFormElectronicDelivery.ImportOdysseyUnmatchedRequests) instead of just the OdysseySystemID.


Updated the Odyssey Manager to check if the lending library is a Trusted CopyrightPayer. If the lending library is a CopyrightPayer, then the CopyrightAlreadyPaid field will be checked. Bug# 4491



Enhanced RAPID/RAPIDR integration with live RAPID status updates, support for variable due dates, ability to share RAPID symbols in Shared Server setups, and capability to determine if the lender has shipped an item through the RAPID API. Note: Most of these feature enhancements (e.g., live status updated) require both the lending and borrowing institutions to have updated to v9.1 to utilize. For more information, see the ILLiad 9.1 FAQ under the RAPID heading. 

Staff Client

Changed Removed the Atlas Systems and OCLC ILLiad web links from Systems ribbon.
Changed Removed the OCLC Resource Sharing Settings interface within the client (the interface used to change Custom Holdings Paths, Custom Holdings Groups, Constant Data, and Direct Request Profiles) and replaced it with a button that links out to the OCLC Interface where the updated settings are located. This allows OCLC to rapidly change the Service Config without having to maintain a duplicate interface or breaking ILLaid until an update can be released. You may need to contact OCLC to get credentials to access Service Configuration if you have not accessed previously. These credentials are different than the 9-digit authorization number and password that you used previously.
Fixed Fixed issue where the transaction status that displays in the lower left-hand corner of the Client status bar on a request form is not visible when using some skins due to the color contrast with the default black text. Bug# 4166
 Fixed Fixed issue where the Outgoing Notification grid columns reset their size whenever the Outgoing Notifications are closed or the client is restarted. Bug# 3927
 Fixed Fixed issue where closing the client after switching sites using `Login as...` caused an error pop-up and would sometimes cause a temporary crash in ILLiad client. Bug# 3980
 Fixed Removed several deprecated OCLC WsKey URLs from messages as a result of the shortened OCLC domain causing the missing WSKey prompt in the Client. Bug# 3788 
Fixed Fixed issue where the DocDel form would not save grid layout customizations in the Staff Client. Bug# 3758
Fixed Fixed issue where grouping a column row by a field (e.g., username) in Document Delivery (DD) Stacks Searching would prompt an error message in the Client. Bug# 4172
Fixed Fixed issue where the "TransactionNumber could not be determined from the OCLC request." error appears when a staff user clicks the Show button on a borrowing request that is linked to an OCLC request in the Cancelled status. Bug# 3595
Fixed Fixed the error dialog message for requests that have been resubmitted with a previous OCLC status of Cancelled. The error message will now include a more descriptive message instead of saying"Nullable object must have a value". Bug# 3594
Fixed Fixed issue where the OCLC Request form would not properly open for completed requests if they have a WorldShare ILL Status of Closed and disposition of Supplied. Bug# 3787
Fixed Fixed issue where the spaces  at the beginning or ending of a password were being trimmed off in the web but not in the client. Bug# 4490
Fixed Fixed issue where the ClientUpdateLocation Customization Key does not allow index files with names other than "ClientUpdates.xml". Bug# 4006

Staff Customization Manager


Added SLPasswordResetInvalidEmail, a status line customization key that displays when a user attempts to reset their password with an email address that doesn't match the email ILLiad has on file.

Changed Changed the value requirements for the SLPasswordResetEmailConfirmation customization key. To ensure the privacy and security of the user account, we recommend the value for the SLPasswordResetEmailConfirmation and SLPasswordResetInvalidEmail customization keys should match. This will prevent ILLiad from revealing if an account exists for that particular email address.
Changed The ServerAddons Table has been removed from the database since it was replaced by the Addons Table in the 8.7 release and will no longer be used.
 Fixed Fixed issue where dragging the last server from the included listbox to the available servers listbox and then saving during a ZSearch with no included servers would cause an error in the Customization Manager. Bug# 1456
 Fixed Fixed issue where creating or editing a Z39.50 server would not clear the yellow highlighted indicator in the modified ISSN search field after changes are saved in the Customization Manager. Bug# 1481

Staff Manager

Fixed Fixed issue where database connection problems would result in an 'Unhandled Exception' error upon startup of the Staff Manager. Bug# 3775
Fixed Fixed issue where status messages were showing up multiple times on the bottom status bar of the Staff Manager. Bug# 3826

Web Interface

New New fully accessible and responsive web pages that adhere to WCAG 2.1 & Section 508 compliance. The new web pages are not installed automatically to prevent overwriting any customizations your institution may have created. The complete set of 9.1 webpages are available for download on the ILLiad Downloads. For more information, see ILLiad 9.1 Fully Accessible and Responsive Web Pages

Hidden user fields are no longer required on HTML forms to preserve the values in the user record. The DLL will only update the data in the database for user fields that exist on the HTML form instead of updating al the fields. 

Fixed Fixed issue where in some cases ILLiad users can login unprompted for password change if WebAuthType=RemoteAuth and users AuthType=Default. Bug# 4214

Web Platform

Changed Changed the name of the Web Report RequestSentByHour's filename when exported. The filename prefix was being set incorrectly to 'RequestsSentbyDay' instead of 'RequestSentByHour.' Bug# 2764
Fixed Fixed issue where the ElecDelTurnaroundTime WebReport would cause an error when attempting to download the report due to a visible ungrouped date column. Bug# 2765 

Fixed issue in Web Reports where the Article Details Grid will leave the transaction parameters blank for the Turnaround Time Reports when exported to excel. Bug# 3931


Fixed an ILLiad and Aeon integration issue that was causing the ExternalRequestController to error out when checking for an Aeon status that had not yet been created in Aeon. The ExternalRequestController will no longer check the Aeon status if the ExternalID is set to null. Bug# 3829


ILLiad 9.1.x Point Release Notes

16 January 2020 (9.1.1) Client & Customization Manager Release

In conjunction with the Web DLL release, a revised set of web pages that adhere to the changes mentioned below are now available for download on the ILLiad Downloads page.

Fixed Fixed a bug that was preventing RAPID Lending requests from downloading correctly for shared server sites who share a RAPID symbol but have different branches. Bug# 4834
Fixed Fixed the document type tag to mitigate the potential risk of cross-site scripting (XSS) in the ILLiad web pages. Bug# 4766
Fixed Fixed how ILLiad handles the HTTP headers to mitigate the potential risk of cross-frame scripting (XFS) in the ILLiad web pages. The Customization Key HttpContentSecurityPolciyHeader was added to add the Content Security Policy header to responses from the webserver. The Customization key HttpXFrameOptionsHeader will add the X Frame Options header. The values for the key are deny, sameorigin, and allow-from (uri). For more information, see Web XFS Prevention.
Fixed an issue where the ILLiad WebAlerts may contain HTML tags in both the title and the body of the message.

There are no special styling requirements for these elements; therefore, adding HTML to the WebAlert message will change the default styling. Bug# 4540

Fixed the Automatic User Creation feature to include support for user notifications preferences. 

  • The Notification Method for all users will be set to Electronic by default unless an alternative value is passed through when a request is submitted. The default can be changed to one of the acceptable values of Phone or Mail by adding an entry to the RemoteAuthValidation table. 
  • The Account Notification Preferences (e.g., account cleared) and Request Notification Preferences (e.g., item shipped) will be set to Email by default for all new users. The default can be changed to Text/SMS by adding an entry to the RemoteAuthValidation table. Bug# 4808


6 February 2020 (9.1.2) DLL & Database Components Release

Change Added the GetBuildInfoShowDetailed Customization Key to control whether HTTP Headers and Server Variables are displayed when using the GetBuildInfo in the Web DLL. If set to Yes, the HTTP headers will display once and then toggle to change the key's value to no. Note: This is a system-level setting and should not be changed by sites. 
Fixed Fixed an issue where the RemoteAuthValidation would prevent the ILLiad web DLLs from looking at IIS server variables when determining remote authentication details, such as the username. The RemoteAuthValidation was only checking for HTTP headers. Since it's more secure to retrieve the web request's special fields from the IIS server variables than from the HTTP headers, by default ILLiad will now only consider server variables when retrieving the values of RemoteFieldName from the RemoteAuthValidation table. Legacy behavior is still supported, where ILLiad will consider both server variables and HTTP headers when mapping RemoteAuth fields. The UseLegacyRemoteAuthHandling Customization key was added to retrieve RemoteAuth fields from HTTP headers and server variables in support of the legacy behavior. This key is set to No for new installations but will be set to Yes by default for all sites upgrading to v9.1.2, in order to not break existing RemoteAuth configurations. Bug# 5154
Fixed Fixed an issue that prevented fields from displaying at the correct width within the default web pages. Bug# 5062
Fixed Fixed an issue where the wrong ID was assigned to the Username field on NewUserRegistration form. Bug# 5066
Fixed Fix an issue where the Search button on the Navbar was green instead of utilizing the default blue for consistency. In addition, the size of the button was adjusted for consistency. Bug# 5071
Fixed Fixed an issue that was preventing custom queues from being added to the list of business rule targets for shared server installations when utilizing the Decision Support Pipeline feature. Bug# 4961

Fixed an issue where custom statuses set in the DisplayStatus table (e.g., using "Ready for Pickup or Checked Out" as a display status for "Checked Out to Customer") would not display certain menu options (e.g., renew, clone, etc.) in the patron web pages because the <#MENU> tag would not read the custom statuses as a valid status. Bug# 5050

Fixed Fixed an issue where LDAP users who attempted to create a new user after coming in through an OpenURL link would be sent to the Main Menu instead of the Request Page after registration. Bug#5018
Fixed Fixed an issue where the batch Copyright Clearance processing form would check to see if the request was at the 'Awaiting Copyright Clearance' status to ensure the request wasn't being processed by someone else simultaneously. When checking for the status of the request, ILLiad should have considered the 'Awaiting Copyright Clearance - Pipeline' status to also be a valid status. Instead, this status was seen as invalid and would prevent latter requests from being processed. Bug# 4930

Fixed an issue where the lending returns would now refresh the OCLC or Rapid status on the batch processing form. Bug# 4867


Fixed an issue where the change user password form would display a second time after the user had already changed their password if their previous password was expired. Bug# 4795

28 February 2020 (9.1.3) DLL Release

Fixed Fixed an issue where the RemoteAuthValidation would trigger WebValidation errors (e.g., missing daytime phone) on the NewAuthRegistration form the first time the form loads. These errors were a result of the Auto User Creation not being able to pre-populate certain fields; however, it appears misleading to patrons since they see these errors before they've had a chance to complete the registration form.

9 April 2020 Web Page Release

To implement these changes, you can either:

Changed Updated JQuery to 3.4.1 on ILLiad default web pages.
Fixed Updated ILLiad web pages to prevent a potential external link vulnerability.
Fixed On LendingGenericRequestArticle.html and EditLendingGenericRequestArticle.html, the input tag for the request type and been added. Bug# 5935
Fixed  The EditArticleRequest form name tag has been updated to EditLendingGenericRequestArticle, and the value in the input tag has been updated from WebRequest to EditLendingGenericRequestArticle in the EditGenericRequestArticle.html file to stop the duplication of a request after editing the original. These changes have been mimicked in the EditGenericRequestLoan.html file. Bug# 5969
 Fixed The ID's for Password and Re-enter Password divs for NewUserRegistration.html have been updated to Password1 and Password2.
 Fixed For both borrowing and lending, HTML and CSS have been updated to align the radio buttons vertically for viewing search results.
Removed any redundant target=_self tags from the default web pages.
In ILLiad lending pages, the atlasCookieConsent.js and the cookieconsent.min.js have been updated to resolve the returning cookie consent banner.
Both borrowing and lending pages, required spans have been correct to be consistently within the ERROR spans.
In both borrowing and lending pages for ILLiad, searches without any results will now properly show "no results" on the ViewSearchResults.html and also works with the LendingViewSearchResults.html.
A thorough review of the pages has been performed and corrected for keywords like "special collections" in ILLiad.
Resolved a 404 error by updating the search form to point illiad.dll to illiadlending.dll.
Fixed the inconsistency between icons for the Lending Long and Logon2 pages.

02 June 2020 (1.3) Atlas Auth Portal Release

This release includes changes to the Atlas Auth Portal in an effort to close a potential redirect vulnerability that will require some modifications to the index.cshtml and web.config files. The Atlas Auth portal installer can be obtained from the ILLiad Downloads. For step-by-step instructions on implementing the 1.3 release, see Atlas Auth Portal 1.3 Release Configuration.

Changed  The redirectUrl parameter has been replaced with the authType parameter. The accepted authType values are AtlasAuth and RemoteAuth. For details, see the Using an Authentication Portal Landing article under Automatic Redirect Feature.
Changed The RedirectUrlCookieName setting has been removed and replaced with the AuthTypeCookieName which defaults to AtlasAuthType.

07 July 2020 (1.3.1) Atlas Auth Portal Release

The Atlas Auth Portal has been updated to support some additional redirect URL configurations for sites for who are not currently on version 1.3.0 of the Atlas Auth Portal. This change is backwards compatible with v1.3.0; therefore, there is no reason for sites who are currently on v1.3.0 to update the Atlas Auth Portal. They can just add the changes to the Web.Config file.

The Atlas Auth portal installer can be obtained from the ILLiad Downloads


When adding a key for an AuthType in the Web.Config file, two new specifiers ({$QueryString} and {$EncodedQueryString}) are now supported to help designate where the URL query parameters will be inserted into the target URL. For instructions on adding the target URLs in the Web.Config, see Atlas Auth Portal 1.3.x Release Configuration.


2 September 2020 (9.1.2) Client Release

This point release has been removed and replaced with version 9.1.3.

Those who have updated ILLiad to the 9.1.2 Client Release (the 9.0.4 update released is unaffected) today, September 2nd, 2020, may need to manually add the OCLC Status field back to the Borrowing and Lending Request Forms. This problem has occurred for users who have customized saved layouts in the Client. For users who have yet to update to v9.1.2, the release has been temporarily removed from the update server until development has pushed out an update to prevent the removal of the OCLC status. We have identified the problem and hope the push out a fix later this week or early next week. For details on adding the External Request Status (aka OCLC Status) field back to the request form, see Adding the External Request Status.

The following fields from the database have been made as optional fields to add to the Request Details form:  
For details on adding these fields to the Client, see The Borrowing Request Form.
The Decision Support Pipeline will now generate recommendations for transactions regardless of whether or not fulfillment data has been generated. Also, if a fulfillment source hasn't been identified by a DSP addon(s), a transaction can now be automatically routed to a specific DSP queue. To enable this functionality, the "Queue" business rule must be placed after any other "Addon" or "System" business rules for the pipeline.  
Previously, a business rule with a target type of "Queue" would only lead to a recommendation under the following circumstances:
1. The transaction matched the business rule.
2. No previous business rule in the pipeline had generated a recommendation.
3. At least one addon generated fulfillment data for the transaction. 


2 September 2020 (9.1.2) Server Release

The ILLiad Client can now automatically update the Docline scripts as new versions become available. The scripts will be installed in the new default location: 
C:\ProgramData\ILLiad\Docline\ in addition to their typical location. To enable this functionality, set the 
DoclineAutoUpdateEnabled key to Yes. Set the DoclineAutoUpdateFieldTranslations key to Yes to automatically update the 
FieldTranslation.xml and LendingFieldTranslation.xml pages when updating the Docline scripts. For configuration instructions, see Docline Automatic Update.
The Electronic Delivery form now checks the OdysseyAltId as well as OdysseySystemId when importing requests to ensure files are being matched correctly.  
Fixed an issue that would cause the ILLiad Client and Odyssey Manager to crash when merging and converting certain PDFs. The Odyssey Manager will now utilize a new AtlasPDF Utility to handle PDF merging and conversions. Users will not need to need to configure the Atlas PDF Utility; Odyssey Manager will continue to merge, convert, and deliver PDFs automatically.

08 September 2020 (9.1.3) Client Release

The 9.1.2 Client release has been removed and replaced with v9.1.3. The 9.1.3 Client release includes all the same features from the v9.1.2 along with an additional bug fix for an issue that occurred after the 9.1.2 update. If you have already updated to v9.1.2, you will still receive a prompt to update to the current version.

Fixed an issue where the External Request Status (aka OCLC Status) was being removed from both the borrowing and lending forms for users who have customized saved layouts in the Client. Users were having to manually add this field back to the request forms; the 9.1.3 update prevents the removal of this field.


If this article didn’t resolve your issue, please take a moment and answer a few questions to help improve our documentation: