Authentication

There are 5 different types of authentication available to ILLiad users with a default install. Included in the explanation of each method is a user authentication flowchart. Stand-Alone Registration is allowed with Basic ILLiad and PatronAPI Authentication. 

  1. Basic ILLiad Authentication is the default option. This version allows the user to select a username and password and register with the system. They are placed in a queue for the staff user to review, who can then allow access, or disavow the user, automatically canceling all of their requests. Stand-Alone Registration is allowed.

  2. Importing an Authentication Database (ILLiad Exclusive Authentication) is another available option. From an OPAC or similar system, you can download patron information into a file format that is compatible with SQL Server, then import those entries into the UserValidation table in ILLiad. Users are checked against this table at first login and skip the staff review queue. Only users listed in the UserValidation table can log in using ILLiad Exclusive authentication.

  3. LDAP Authentication is another type of authentication available to ILLiad users. If you have an LDAP server with an authoritative database of users, you can point ILLiad to it for authenticating users as they log in. This is a live link and is used at each login.

  4. Implementing a User Gateway (RemoteAuth Authentication) using an Authentication Database is another option. This way works similarily to ILLiad Exclusive Authentication but allows you to keep a separate web directory so users can register themselves via basic ILLiad Authentication.

  5. III's PatronAPI is an option for Innopac sites who have purchased this module from III. A user will register with ILLiad, giving the system in one of the registration fields their "patron number". This matches to a number within the Innopac system and is used for validating the registration as well as for subsequent logins to the system. This can be set to be exclusive (allow only people within this database access) or non-exclusive. Fines, blocks, and expirations are all carried over to ILLiad as well. Stand-Alone Registration is allowed.
  6. SymphonyAPI is an option for sites who utilize SIRSI Symphony catalogs. With a similar authentication process to PatronAPI, a staff member will register their Symphony account username and password in ILLiad. The staff account will verify authentication by performing a field lookup in Symphony and verify the users credentials and patron standing. Login conditions can be set through the use of SymphonyAPI exclusive and non-exclusive.
Icon

While each authentication method has some special features to it, there are some concepts that are common to all authentication methods in ILLiad.

  • Usernames must be unique across the database.
  • Passwords stored by ILLiad are one-way encrypted and cannot be revealed to staff or customers if forgotten. Some authentication methods such as LDAP and RemoteAuth do not store the user's password in the database, but those that do encrypt it so that it cannot be reversed to the plain text version and only compared to what the user enters at login.
  • Regardless of the pre-registering or authenticating system, all users can be blocked and/or disavowed by staff in the Client. ILLiad checks for the user's cleared status last before attempting to display the Main Menu or a request form. The AllowBlockedAccess customization key, which allows blocked users access to their web accounts while prohibiting them from placing requests, can be used with all authenticating systems.
  • Users who do not register via the ILLiad web interface can be added by staff in the ILLiad client using the New User ribbon command. This allows staff to accept exclusive authentication methods such as LDAP, PatronAPI Exclusive, ILLiad Exclusive, etc as defined by the WebAuthType or override the default value and assign a value of ILLiad by checking the ILLiad Authentication check box to select Basic ILLiad Authentication.