[Koha] Subject: SIP2 AF field sent even if patron password is invalid

BRANNON, CHRISTOPHER CBRANNON at cdalibrary.org
Wed Jul 30 10:56:38 NZST 2014


I have an interesting SIP2 implementation issue. When authenticating
through SIP2, if a valid patron id is passed in, but an *invalid* password
is passed in, Koha's SIP2 server send back the AF ( screen message ) field
even though the credentials are invalid. If a patron owes any fees, the
server will send back the amount owed in an AF field.

For instance, Overdrive will display this AF field even with an invalid
password. Freegal does not ( but it may not display any AF field ). At
least one SIP2 machine we tested against will also display the AF field
when an invalid password is submitted.

Is this a Koha issue, or a client side issue? The SIP2 protocol
specification does not indicate that AF fields should be removed in the
event of an invalid password. My guess is that some SIP2 server
implementations may send back "Invalid password" messages which may be
useful.

Kyle

Kyle, I filed a bug back in April related to this issue.  It hasn't been touched yet.

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12126

Christopher


More information about the Koha mailing list