============================================================================= Run Date: MAR 18, 2026 Designation: XOBS*1.6*6 Package : XOBS - VISTALINK SECURITY Priority: Mandatory Version : 1.6 SEQ #4 Status: Released Compliance Date: MAR 23, 2026 ============================================================================= Associated patches: (v)XOBS*1.6*2 <<= must be installed BEFORE `XOBS*1.6*6' Subject: Implementation of a ConnectionSpec, update sampleApp and Struts for vlconsole Category: - Routine - Informational Description: ============ This VistALink patch is for the implementation of a new connection specification - the SAMLConnectionSpec. This spec will be used in conjunction with the STS service to support 2FA logins using the VistALink Java libraries and IAM services. The Site Parameter FILE #18.01, J2EECONNECTION TIMEOUT field # .04 will be changed to 86400 with the post install routine XOBV8P. In addition VistALink Console has been updated with a TRM-approved version of Struts and SampleApp has been updated to include a SAMLConnectionSpec example. This is an informational patch for installation at the centralized application server. EHRM Impact Statement: ---------------------- This patch should have no EHRM impact, and can be installed at all sites, including EHRM converted sites. Patch Components: ----------------- Files & Fields Associated: File Name (Number) Field Name (Number) New/Modified/Deleted ------------------ ------------------- -------------------- N/A Forms Associated: Form Name File Number New/Modified/Deleted --------- ----------- -------------------- N/A Mail Groups Associated: Mail Group Name New/Modified/Deleted --------------- -------------------- N/A Options Associated: Option Name Type New/Modified/Deleted ----------- ---- -------------------- N/A Protocols Associated: Protocol Name New/Modified/Deleted ------------- -------------------- N/A Security Keys Associated: Security Key Name ----------------- N/A Templates Associated: Template Name Type File Name (Number) New/Modified/Deleted ------------- ---- ------------------ -------------------- N/A Remote Procedures Associated: Remote Procedure Name New/Modified/Deleted --------------------- -------------------- N/A Parameter Definitions Associated: Parameter Name New/Modified/Deleted -------------- -------------------- N/A Additional Information: ----------------------- N/A New Service Requests (NSRs): N/A Patient Safety Issues (PSIs): N/A Defect Tracking System Tickets(s) & Overview: ----------------------------------------------- 1. HDSO-8817 - INC35523637 Using VistALink to Authenticate with STS (Lighthouse) 2. HDSO-8565 - Contractor created service desk ( Notes state submit as an Incident) RITM12011954 VistaLink connection spec and authentication for SAML token (Formerly INC33686684) Problem ------------- Unable to authenticate to VistA with a SAML token. Resolution to the above. ----------- Add code to VistA routines XOBSRA,XOBVRPC and XOBVRPCX to allow reauthentication with the SAML token for assigned users. 3. INC39229638 - Excessive VistA link connections. Problem -------- FOUNDATIONS SITE PARAMETERS File #18.01 field # .04 J2EECONNECTION TIMEOUT was set to one week at VistA locations. Resolution ----------- Change the FOUNDATIONS SITE PARAMETERS file (#18.01), field (#.04), J2EECONNECTION TIMEOUT was set to one day at VistA locations. Test Sites: ----------- Houston VAMC,TX. Washington DC VAMC. SNOW Change Order #: -------------------------------- Houston VAMC-CHG0705764 Washington DC VAMC-CHG0706265 Software and Documentation Retrieval Instructions: -------------------------------------------------- The software for this patch is being deployed by the IO Enterprise Server Support Team. The software for this patch is being released using a host file. The host file is available at the following location: /srv/vista/patches/SOFTWARE/XOBV_1.6_8_XOBS_1.6_6.KID Documentation describing the new functionality is included in this Release. Documentation can be found on the VA Software Documentation Library at: https://www.domain.ext/vdl/. Documentation can also be obtained at https://download.vista.domain.ext/index.html/SOFTWARE. Documentation Title File Name ---------------------------------------------------------------- VistALink Developers Guide VISTALINK_1_6_8_DG.PDF Installation Instructions: -------------------------- There is nothing to install in this patch. See patch VistA patch description XOBV*1.6*8 for complete instructions. Post-Installation Instructions: ------------------------------- N/A Back-Out/Roll Back Plan: ------------------------ Software implemented by combo patch XOBV_1.6_8_XOBS_1.6_6.KID. Please see patch XOBV*1.6*8 for back-out/roll back plan instructions. Routine Information: ==================== The second line of each of these routines now looks like: ;;1.6;VistALink Security;**[Patch List]**;May 08, 2009;Build 4 The checksums below are new checksums, and can be checked with CHECK1^XTSUMBLD. Routine Name: XOBSRA Before: B61888471 After: B81573003 **2,6** Routine list of preceding patches: 2 ============================================================================= User Information: Entered By : Date Entered : FEB 03, 2026 Completed By: Date Completed: MAR 18, 2026 Released By : Date Released : MAR 18, 2026 ============================================================================= Packman Mail Message: ===================== No routines included