This article contains instructions for updating existing installations of the Atlas Auth Portal to newly released versions. For information on performing a new install of the Atlas Auth Portal, see Using an Authentication Portal Landing Page.
Version 1.3.2 Update | Version 1.3.1 Update | Version 1.3.0 Update
Version 1.3.2 Update
Atlas Auth Portal version 1.3.2 was released on June 14th, 2023. This release includes several changes to the session cookie generated by the Atlas Auth Portal upon login to address login persistence issues experienced in other Atlas products caused by the recent SameSite cookie changes rolled out by Google Chrome and other web browsers.
Warning!
Auth Portal 1.3.2 requires .NET Framework 4.7.2 or greater, which is higher than the minimum .NET framework version required by the ILLiad Server. Please ensure that the upgraded version of this component is installed on the ILLiad Server prior to upgrading to/installing Atlas Auth Portal v1.3.2.
Changes to the ILLiad Session Cookie
After updating to Atlas Auth Portal version 1.3.2, the session cookie generated by the Atlas Auth Portal upon login will now include SameSite and Secure properties to address the recent SameSite cookie changes rolled out by Google Chrome and other web browsers. Note that the issues caused by these changes are only present in other Atlas products and do not affect ILLiad at this time. As these changes do not affect ILLiad, this update is optional and is not required to maintain any existing Auth Portal functionality in ILLiad. After the update is applied, the SameSite and Secure properties will be set on the user's session cookie as follows when the user places a request to ILLiad from an external website (i.e., a website outside of the ILLiad web pages, such as a library catalog):
- When a user places a request from an external website using HTTPS:
- ILLiad will set the SameSite property on the session cookie to None and the Secure property to True
- When a user places a request from an external website using HTTP:
- ILLiad will set the SameSite property on the session cookie to Lax and the Secure property to False
Update Instructions
To implement these changes, please follow the instructions below:
- Download the Atlas Auth Portal files.
- Right-click and unzip download.
- Replace the current AtlasAuthPortal Bin files with the version 1.3.2 files in the Bin folder. Default location: C:\inetpub\wwwroot\illiad\AtlasAuthPortal\Bin.
Version 1.3.1 Update
When adding a key for an AuthType in the Web.Config file, two new specifiers ({$QueryString} and {$EncodedQueryString}) are now supported to help designate where the URL query parameters will be inserted into the target URL.
- {$QueryString} - inserts the query parameters as they are submitted.
- {$EncodedQueryString} - URL-encodes the query parameters before inserting them.
To use these, add the specifiers to the target URL in Web.Config. For example:
<add key="RemoteAuth" value="https://shibdomain.com/Shibboleth.sso/Login?entityID=https%3A%2F%2Fsamltest.id%2Fsaml%2Fidp&target=https%3A%2F%2Fdomain.edu%2Fremoteauth%2Faeon.dll%3F{$EncodedQueryString}" />
In the example, the target URL is a Shibboleth server which will redirect to the ILLiad server (whose address is passed as the target parameter). The URL of the ILLiad server is URL-encoded within the target parameter. The query parameters must also be URL-encoded in order for the ILLiad server to receive them correctly.
Version 1.3.0 Update
The Atlas Auth Portal version 1.3 was released on June 2nd, 2020. This release includes several changes in an effort to mitigate the risk of potential redirect vulnerabilities. For details regarding the changes, see Using an Authentication Portal Landing Page. To implement these changes, the release requires some modifications to the index.cshtml and web.config files. The release includes the following changes:
- The redirectUrl parameter has been replaced with the authType parameter. The default pages accept the authType values of AtlasAuth and RemoteAuth.
- The RedirectUrlCookieName setting has been removed and replaced with the AuthTypeCookieName which defaults to AtlasAuthType.
To implement these changes, please follow the instructions below:
1. Update the Atlas Authentication Portal Bin Files
- Download the Atlas Auth Portal files.
- Right-click and unzip download.
- Replace the current AtlasAuthPortal Bin files with the version 1.3 files in the Bin folder. Default location: C:\inetpub\wwwroot\illiad\AtlasAuthPortal\Bin.
2. Index.cshtml Changes
- Open file explorer and navigate to the web directory: C:\inetpub\wwwroot\illiad\AtlasAuthPortal\Views\Portal.
- Right-click and open the index.cshtml file in your preferred code editor (e.g., Notepad ++, Visual Studio Code).
- Edit the redirectUrl parameter value to match the authType value in the web.config file.
- Note: The name of the input parameter has been changed from "redirecturl" to "authType".
- Note: The name of the input parameter has been changed from "redirecturl" to "authType".
3. Web.Config Changes
- Open file explorer and navigate to C:\inetpub\wwwroot\illiad\AtlasAuthPortal.
- Right-click and open the web.config file in your preferred code editor (e.g., Notepad ++, Visual Studio Code)
- Add the following key:
<add key="AuthTypeCookieName" value="AtlasAuthType"/>
-
Edit the AuthTypeCookieName value with the AuthType used if the value is different than the default. The accepted values are AtlasAuth and RemoteAuth.
- Add the following key(s) depending on your authentication type:
<add key="AtlasAuth" value="https://youruniversity.edu/illiad/illiad.dll?"/>
<add key="RemoteAuth" value="https://youruniversity.edu/?"/>
-
Edit the default placeholder(s) with your redirect target URL value(s).