Archive for September 28, 2017

Springy https-a-palooza is Go!

It’s here – the release you’ve all been waiting for: the Springy https-travaganza! 🎉
And yes, it’s “Springy” vs. a specific product, because this affects all of our products. Let’s go through the list of fun new stuff, shall we?

LibAnswers & LibCal Now Support SSL Certificates (via LibApps)

LibApps Admins can now upload security certificates for LibAnswers and LibCal custom domains! It’s not just LibGuides anymore, folks. All products that support custom domains now also support security certificates for those domains. Head to LibApps > Admin > Domains & Certificates, and click the lock icon in the Actions column. Please read through those screens and our documentation to learn more about the process of installing certificates for your sites. This often requires coordination with your IT department so be sure to include those folks in your conversations, as well.

Don’t forget, anyone on a libguides.com, libanswers.com, libcal.com, libwizard.com, libsurveys.com, libinsight.com, or libcrm.com domain is already covered by Springshare’s security certificates, so you can go all https at any time! (If you’re on a campusguides.com, libguidescms.com, or communityguides.com domain, please contact us about switching to a libguides.com domain to take advantage of our security certificate. In addition, if you have a domain formatted like this – guides.mylibrary.libguides.com – please contact us about changing to something like guides-mylibrary.libguides.com in order to take advantage of our security certificate.)

As we’ve mentioned before, this only covers your Springy domain, not the widgets, etc., you’ve added within any pages. If you’ve decided to use https for your sites, you’ll also want to check any widgets you’ve added to the systems (other vendor/site widgets, like those from subscription databases, social media sites, etc.) to see whether they are http or https, as non-https widgets will trigger a security warning. If they are not https, check with that vendor/site to see if they offer an https option. Springshare widgets/APIs are either protocol-less (meaning they’ll work on both http and https pages) or are already https. See our FAQ for more info.

LibApps Now Supports Wildcard and SAN Certificates

Yes! You can now upload wildcard and SAN certificates. What are wildcard certificates, you may ask? They’re certificates that cover a whole domain vs. just one subdomain. For example, a wildcard certificate might be for *.mylibrary.org, so it covers mylibrary.org, research.mylibrary.org, ask.mylibrary.org, calendar.mylibrary.org, etc., etc., all under a single certificate. Most sites likely won’t need a wildcard certificate, but for those who do, it’s now an option.

Force https is Available…

…for most apps. LibGuides, LibAnswers, and LibWizard allow you to force pages / widgets / APIs to load via https. LibInsight always loads over https. The best part? This is available to:

  • All sites on libguides.com, libanswers.com, libwizard.com, libsurveys.com, and libinsight.com domains and
  • LibGuides and LibAnswers sites with custom domains, who have uploaded security certificates.

The ability to force https for LibCal sites (via LibApps) will be available in the not-too-distant future, and we’ll be updating LibStaffer to be all https, all the time. Keep your eyes on our blog for those announcements.

What does this actually mean? If you’ve enabled “force https,” have an http link to a guide in LibGuides or FAQ in LibAnswers (etc.) somewhere on a webpage, and someone clicks that link, they’ll automatically be redirected to https instead. Any links they click for other pages in that LibGuides / LibAnswers / etc. site will also automatically load over https. That’s it! It loads your LibGuides, LibAnswers, and LibWizard pages over https no matter whether the link that brought the user there was http or https. So if you forgot to update a link…or someone has something bookmarked…or a member of your community has a link on one of their webpages…it’ll always load over https.

What does this not mean? The links you have set up in your site that go to other websites (subscription databases, books in your catalog, etc.) will not be forced to use https. Springshare does not control those other websites, so we have no control over how those sites are loaded.

Here’s how to force Springy sites to use https:

  • LibInsight: enabled by default; you don’t have to do a thing.Screenshot of "Force HTTPS" setting.
  • LibWizard: Go to Admin > System Settings > Misc Settings.
  • LibGuides & LibAnswers:
    • Go to LibApps > Admin > Domains & Certificates.
    • Click the lock icon in the Actions column for the site.
    • Under “Force HTTPS” Setting, choose Required.
      If you do not see the “Force HTTPS” Setting section, either that app doesn’t currently support it as an option (e.g., LibInsight is always https; LibCal support is coming soon) or you have a custom domain (for LibGuides / LibAnswers) and need to upload a security certificate before you can access that option.

On LibGuides v1, LibAnswers v1, or LibAnalytics?

The best advice we can give you is to move to v2. The v2 platform is better, more secure, faster, feature-rich…so there is no reason to stay on v1. If you’d like some assistance, our support team can help you figure out how to do it in the quickest way possible. We also have dedicated training sessions and step-by-step migration guides (LibGuides, LibAnswers, LibAnalytics) to walk you through the entire process. We do not support SSL certificates for custom domains for v1 systems.

Additional Features & Fixes

It wouldn’t be us if we didn’t also include an extra list of fixes & features in our releases, now would it?

  • LibGuides: A-Z Page statistics are now available in base LibGuides, in addition to LibGuides CMS.
  • LibAuth: Empty postfix field is allowed in LDAP configurations.
  • LibAnswers: LibChat accessibility adjustment – frameborder=”0″ has been replaced with CSS in chat widgets.
  • Fixed in LibGuides:
    • When creating new Database Assets, assigned Friendly URLs now stay put, as intended.
    • An ampersand in the name of an E-Reserves course no longer breaks the OAI feed.
    • The “Edit Database” modal window in guides now appropriately points people to the A-Z Database List page for editing fields…which is far more useful than pointing to an outdated location.
    • IE10 users, rejoice! (Is that a thing? 😉) The Image Manager works again within LibCal and LibAnswers.

As always, we’re here to help! Let us know if any questions pop up…