This article contains frequently asked questions pertaining to using the RemoteAuthValidation Table to map user attribute fields from external authentication systems into the ILLiad User table fields.
Frequently Asked Questions
How can I check which attributes are being released by my Identity Provider (IdP) to ILLiad?
For security purposes, there is no way to check this information in ILLiad prior to configuring the RemoteAuthValidation table when these attributes are passed to the ILLiad system as server variables. Therefore, it is recommended that you contact your IdP before configuring this table to determine which attributes have been released by the IdP and the name for each attribute that should be used in the RemoteFieldName column. Once the RemoteAuthValidation table has been configured, you can test your setup with the GetBuildInfo ILLiad endpoint to ensure that each attribute has been configured properly. Please see Troubleshooting the RemoteFieldName Value in the RemoteAuthValidation table documentation for more information on this process.
Is it possible to track the date when a user logs in and their ILLiad account is either created or updated with new information and also capture the user's "last login date" in one of the UserInfo fields?
The LastChangedDate field in the ILLiad Users table tracks the last time account information was changed for an ILLiad user. There is no other functionality in ILLiad to capture additional login or creation dates. However, if you have an attribute from your RemoteAuth IdP tracking more specific DateTime information, then you could potentially release this attribute to ILLiad and write a rule in the RemoteAuthValidation table to accept this information into one of the ILLiad UserInfo fields.
If we are denying users access to ILLiad for different reasons based on their RemoteAuth attributes (e.g., an expired NetID, user status does not allow ILL, user's division is not eligible for ILL, etc.), will they get a generic “access denied” page in ILLiad, or can we specify the reason why their login failed (e.g., Interlibrary Loan is a service for current students, faculty, and staff. Your record indicates that [your account is not current / your affiliation is X / your division is Y and is not eligible for this service]. If you think this is an error, please contact us at…)?
ILLiad does not contain any built-in custom status lines or web pages that can be configured to display specific reasons that a user was denied access to ILLiad. If the user is denied access, they will be taken to the Logon2.html page and the SLLoginFailed status line will display. You could present a list of potential reasons a logon may fail directly on the Logon2.html page, link to another page with this list, or just go with a generic "Contact Library Staff for assistance" message in the SLLoginFailed status line.