In this article, we will go over frequently asked questions pertaining to the Ares 5.0 update. For a list of Features and Fixes in the 5.0 update, see the Ares 5.0 Release Notes.
Updating to Ares 5.0
Will the new Auto-Updater feature prompt a client update to version 5.0?
The auto-updater will NOT prompt an automatic update for the Ares 5.0.0 client because the feature is installed during the release; however, any subsequent major and point releases will utilize this feature.
How do I update to Ares 5.0?
Before you begin updating, please review the Hardware and Software Requirements for Version 5.0. For specific instructions on updating, see Updating Ares to Version 5.0.
Will there be full release notes available for Ares 5.0?
They are now available at: Ares 5.0 Release Notes.
Will my system automatically update to Ares 5.0 on release day?
No. You can schedule your Ares server update Atlas Hosting Services or your local server administrator (if self-hosted) for a time that works for you.
How do I receive updates when new versions of Ares are made publicly available?
Atlas Systems provide release updates and training opportunities through the following modes of communication:
Access Services Newsletter: https://confirmsubscription.com/h/t/08A0C18E31C79D72
Ares Community Forum: https://support.atlas-sys.com/hc/en-us/community/topics/115000191608-Ares
How do I receive updates on Ares 5.0.x point releases?
Once you've updated the server to Ares 5.0, the Ares Client will now automatically check to see if a newer version of the Client is available and display a prompt to update. If you click yes to the update, the client installer will automatically be download and execute the required installer. For more information, see Ares Auto Updater.
If my site has more than 1 PC, will I be able to update other work stations after my passwords have been updated in the new version?
After Ares has updated, any user who has successfully logged in and changed their password in either the Ares 5.0 Client or Ares 5.0 Staff Manager will not be able to log into another workstation whose Client still operates under version 4.7.x. This is because the username has been updated with the new hashing methods which are not recognized in previous versions. Instead, download the Ares 5.0 Client Installer and run as an administrator on that machine. Once the Client has updated to version 5.0, then any staff member will be able to successfully log in on that workstation.
Password & Security Improvements
Will users have to reset their passwords after the 5.0 update?
As of Ares 5.0, staff has the ability to force a password reset for web users. A checkbox was added to the change password dialog on the client's user form. If this option is checked, it will set the user's PasswordChangedDate field to null and trigger the password reset function described above.When upgrading, all web users will have a NULL value in the new PasswordChangedDate field. When this field is NULL (and the user is using Ares authentication), a successful login attempt will redirect the user to the ChangePassword form, and they will not be able to navigate the Ares pages until that password change is complete.
Where do I find more information on the Ares API?
Details regarding how to use the Ares API and the available endpoints can be found here: Ares API.
Example use cases can be found here: Ares API Use Cases.
How do you configure Ares to upload and download files via the Ares API instead of FTP or FileShare?
To use the Ares API instead of FTP or FileShare for uploading and downloading files within the Ares Client, no action is required for new installations since the default method is set to API. For current installations of Ares, please implement the following changes below:
Course & User Loads
With the new free-text formatting changes, will old messages be converted to the new formatting?
All previous message board threads, reply pages, and posts will be converted to the new format with Markdown rather than HTML. In addition, all free-text items uploaded on the Item Info have been converted to the new format.
How do I update my existing Item email templates?
Since support for User tags in Item-type email templates has been removed you will need to update your existing Item email templates.
How do I find information on bugs, work arounds, and bug fixes in Ares?
For details on the bugs fixed in Ares 5.0, see the Ares 5.0 Release Notes. For a current list of bugs, workarounds, and what version of Ares the bugs were fixed, see UserVoice. If you are experiencing a problem and don't see a bug listed in UserVoice, please contact firstname.lastname@example.org for further assistance.
I have an idea for a feature I would like to see in Ares. How do I submit my idea for consideration?
If you have an idea or an enhancement request that isn’t planned for the next release, please submit your idea to UserVoice. The more votes and feedback your idea receives, the more likely it is to be put in a future release.
Why is it necessary for all staff to change their passwords?
To increase security, Ares' basic authentication storage hash is updated to a more secure algorithm (default 156,000 iterations). To make sure the passwords are stored in this new format, it is necessary to change them so the new password can be properly hashed and secured in the database. It is a best practice for security to change passwords periodically.
Do all staff users have to change their passwords upon login after Ares 5.0 update? Any way to disable that?
Yes, all staff will have to change their passwords. There is no way to disable that prior to the Ares 5.0 update.
If I change my password in the version 5.0 client, can I still login to 4.7?
Due to the change in password hashing, once a staff user has logged in to version 5.0 after the update, they will not be able to login to older client versions. This means that if one staff user plans to update multiple client workstations, they should right-click the 4.7 client to login and start the automatic update on each machine before logging in to Ares 5.0 after the client update completes. If you experience errors because you have already changed your password in Ares 5.0 and need to update another client, the workaround is to download and install 5.0 client to bypass the client automatic updater.
Is making staff passwords expire an optional setting? Where is that set?
It is optional after the initial password change after Ares 5.0 update. You can change the options for these settings in the Customization Manager StaffPasswordExpirationEnabled and StaffPasswordExpirationDays (default 180 days) under System | Password Expiration.
Does the staff password change have to be a different password or can I just keep using the same password?
Yes, it must be different than your last password.
How does Ares track the date the password was changed?
There is a new field called PasswordChangedDate in the Staff table and Users table.
What happens if I try to login to AtlasBI before I change my password after Ares 5.0 update?
Attempting to login with an expired password will prompt you to log in to the Ares Client, Customization Manager, or Staff Manager to change your password.
After the update, do you have to log in to the Client before the Customization Manager?
Yes, because the Client will upgrade the Customization and Staff Manager to the latest version.
What if users select forgot/reset password option prior to an attempt to log-in?
If a user selects the forgot/reset password option prior to an attempt to log-in, their new password is created with the new encoding, and they will not be directed to create another new password when logging in. In other words, the forgot/reset password functionality works the same as the change password functionality.
Do all patron users have to change their passwords upon login after Ares 5.0 update? Any way to disable that?
Patron users who are NOT authenticating through an institutional single sign on (i.e. users with an Authentication Method of 'Ares') will be required to reset their password upon first login to the Ares web pages, after update. Users who access Ares through a Learning Management System and users who have an Authentication Method of 'RemoteAuth' or 'LDAP' will not be affected.
There is no way to disable this requirement prior to the Ares 5.0 update.
Why is it necessary for all patrons to change their passwords?
To increase security, Ares’s basic authentication storage hash is updated to a more secure algorithm (default 156,000 iterations). To make sure the passwords are stored in this new format, it is necessary to change them so the new password can be properly hashed and secured in the database. It is a best practice for security to change passwords periodically.
After changing passwords, will web users still be able to see all of their history and current requests? Will we need to merge accounts?
The account is the same and all history will be there. It is just the password that gets updated.
You will not need to merge accounts.
Is making web users passwords expire an optional setting? Where is that set?
Yes making the patron passwords expire is optional.
There are new Customization Manager keys called UserPasswordExpirationEnabled and UserPasswordExpirationDays under System | Password Expiration. It defaults to yes and 180 days but can be changed after update to Ares 5.0.
How does Ares track the date the password was changed?
There is a new Users table field called PasswordChangedDate that is updated after a password change.
Are there default password complexity settings already in place for the initial password change requirement?
It just uses your current WebValidation settings for the password field.
Are the hash Algorithms different for each Authorization (Auth) type? How does Ares know what Auth type is being used?
Yes, the Auth type is encoded into the hash.
The Auth type is stored in the database record.
If I reset a patron password in the Client, can I require them to change the password on next login?
Yes, there is a new checkbox that allows you to force reset on next login.
Is it possible to update passwords via SQL query?
In the interest of security, Atlas Development does not provide workarounds for the password re-encryption process as we are expecting all users who are using the system to update their passwords when they enter and don't want to compromise the security of the system. If the customer is taking on the responsibility of managing user accounts, they'll have to change passwords in the user form of the client as Atlas will not be providing any functionality to batch update passwords.