============================================================================= Run Date: JAN 17, 2019 Designation: XOBS*1.6*3 Package : XOBS - VISTALINK SECURITY Priority: Mandatory Version : 1.6 SEQ #2 Status: Released Compliance Date: FEB 17, 2019 ============================================================================= Subject: VistALink TWO FACTOR AUTHENTICATION Category: - Routine Description: ============ ************************************************************************* V i s t A L i n k Enabling Personal Identification Verification (PIV Card) / Two Factor Authentication (2FA) Combined build: XOBV*1.6*3 XOBS*1.6*3 Note: Following this patch will be other application-specific updates that will individually enable those applications for Two Factor Authentication (2FA). This patch does not create that capability, it only enables that ability. ************************************************************************** Pursuant to Veteran Affairs (VA) official directive: the Memorandum for Implementation of Federal Personal Identity Verification (PIV) Credentials for Federal Employee and Contractor Access to VA IT Systems (VAIQ# 7614373), VistALink patches, XOBS*1.6*3 and XOBV*1.6*3, are a combined build (single VistA install) were created to facilitate the Two Factor Authentication (2FA) effort for non-VistA applications using the VistALink middleware. The MUMPS code for VistALink is being updated to add an RPC that accepts the SAML token and validates the user log-on in the same manner as the RPC Broker software does for other VA web applications. Once XOBS*1.6*3 and XOBV*1.6*3, have been implemented, consuming applications will then be able to use this middleware upgrade. There will be no functionality change with this implementation for applications using VistALink the way it is now. The addition of a PIV card (2FA) sign-on will only be seen later when changes are applied to each application connecting through VistALink. Patch Components: ----------------- Files & Fields Associated: File Name (Number) Field Name (Number) New/Modified/Deleted ------------------ ------------------- -------------------- N/A Forms Associated: Form Name File # New/Modified/Deleted --------- ------ -------------------- N/A Mail Groups Associated: Mail Group Name New/Modified/Deleted --------------- -------------------- N/A Options Associated: Option Name Type New/Modified/Deleted ----------- ---- -------------------- N/A Protocols Associated: Protocol Name New/Modified/Deleted ------------- -------------------- N/A Security Keys Associated: Security Key Name ----------------- N/A Templates Associated: Template Name Type File Name (Number) New/Modified/Deleted ------------- ---- ------------------ -------------------- N/A Additional Information: New Service Requests (NSRs): ---------------------------- N/A Patient Safety Issues (PSIs): ----------------------------- N/A Defect Tracking System Ticket(s) & Overview: --------------------------------------------- Rational #728033 - 2 Factor Authentication for VistALink Problem: ------------ 1. VAIQ# 7614373 Requires implementation of 2 Factor Authentication (2FA). Resolution: --------------- Routines XOBSCAV and XOBSCAV1 were updated to add proper return messaging for 2FA token success or failure and fallback processing for Access/Verify codes. Participating Test Sites: ========================= Central Texas Veterans Health Care System VA Sierra Nevada Health Care System (Reno) Software and Documentation Distribution: ======================================== The software for this patch is not being distributed through the National Patch Module. This patch is being distributed as a host file. The host file will contain the following two KIDS builds: Host file name: XOB_1P6_3.KID Builds: XOBV*1.6*3 XOBS*1.6*3 Sites may retrieve the software directly using Secure File Transfer Protocol (SFTP) from the ANONYMOUS.SOFTWARE directory at the following OI Field Offices: Hines : domain.ext Salt Lake City : domain.ext First Available Server : download.vista.domain.ext The following file will be available: File Name Description --------- ----------- XOB_1P6_3.KID Host File containing KIDS software distribution Note: Use ASCII mode when transferring the .KID file. Documentation describing the new functionality introduced by this patch is available at the above locations as well. Title File Name SFTP Mode ---------------------------------------------------------------------- VistALink v1.6 Release Notes xob_1_6_p3_rn.pdf Binary Documentation can also be found on the VA Software Document Library (VDL) at: http://www.domain.ext/vdl/application.asp?appid=163 Installation Instructions: ========================== ****************************************************************** ** PLEASE NOTE: THERE IS NO INSTALLATION FOR THIS PATCH. ** ****************************************************************** The components sent with this patch, XOBS*1.6*3, have been included in the HOST File XOB_1P6_3.KID. Please follow the instructions listed in the INSTALLATION INSTRUCTIONS section of the patch description for VistALink JAVA patch, XOBV*1.6*3. Post-Installation Instructions: ------------------------------- N/A Back-Out Plan: -------------- Please see Patch Description for VistALink patch, XOBV*1.6*3, for back-out plan instructions. Routine Information: ==================== The second line of each of these routines now looks like: ;;1.6;VistALink Security;**[Patch List]**;May 08, 2009;Build 8 The checksums below are new checksums, and can be checked with CHECK1^XTSUMBLD. Routine Name: XOBSCAV Before: B55844023 After: B51538870 **3** Routine Name: XOBSCAV1 Before: B81688032 After: B97214849 **3** ============================================================================= User Information: Entered By : Date Entered : MAR 12, 2018 Completed By: Date Completed: JAN 16, 2019 Released By : Date Released : JAN 17, 2019 ============================================================================= Packman Mail Message: ===================== No routines included