-
Notifications
You must be signed in to change notification settings - Fork 2
Known Issues
The ILLiad customization manager defines a web timeout variable (currently set to 60 mins). The ILLiad application will automatically log a user out of the local system after this period, however it will not call the logout url defined by the RemoteAuth settings. So you will be logged out of ILLiad but not PDS. The simple logic would dictate to send you back to PDS since you're logged out, but since the PDS logout page was never called this will result in an infinite loop. I have added handling for this as a workaround for what seems like an ILLiad bug.
The errors and messages in the Windows EventLog display incorrectly for this application. They claim that information about the error cannot be found: "The description for Event ID ( 6 ) in Source ( PDSAuth ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: , ."
This error is supposed to indicate a registry problem with the files that produce the correct logging information but I have checked those values many times and they appear correct. I will revisit this issue, but it doesn't have any effect on the functionality of the application.
The application retrieves patron data from an AJAX call to PDS. ILLiad is served over HTTP, PDS over HTTPS. The Visual C++ functions the application is using does not allow cross-protocol scripting (adhering to the general AJAX security guidelines). Therefore, I have had to create a function that wraps the HTTPS call in an HTTP call. The ISAPI filter calls this non-secure application instead to retrieve. The result is unencrypted patron status and ID being sent.
We've determined that this is not a significant security threat to us since establishing a PDS session cannot establish an OpenSSO session. Possibility for the future would be to run ILLiad over HTTPS, but it's not clear if there are vendor limitations.
As of ILLiad 8.4 an SSL cert is required and so ILLiad can be served over HTTPS and this workaround is no longer necessary
Memory leaks arose when upgrading to a 64-bit Windows. See the Upgrading page for more details and read the email correspondence with the Microsoft Technical Specialist and the Microsoft Analysis.