============================================================================= Run Date: JAN 17, 2019 Designation: XOBV*1.6*3 Package : XOBV - VISTALINK Priority: Mandatory Version : 1.6 SEQ #2 Status: Released Compliance Date: FEB 17, 2019 ============================================================================= Subject: VistALink TWO FACTOR AUTHENTICATION Category: - Routine - Other Description: ============ ************************************************************************* V i s t A L i n k Enabling Personal Identification Verification (PIV Card) / Two Factor Authentication (2FA) Combined build: XOBV*1.6*3 XOBS*1.6*3 Note: Following this patch will be other application-specific updates that will individually enable those applications for Two Factor Authentication (2FA). This patch does not create that capability, it only enables that ability. ************************************************************************** Pursuant to Veteran Affairs (VA) official directive: the Memorandum for Implementation of Federal Personal Identity Verification (PIV) Credentials for Federal Employee and Contractor Access to VA IT Systems (VAIQ# 7614373), the following two patches, XOBS*1.6*3 and XOBV*1.6*3, are a combined build (single VistA install) were created to help facilitate the Two Factor Authentication (2FA) effort for non-VistA applications using the VistALink middleware. The VistA side code for VistALink is being updated to add an RPC that accepts the SAML token and validates the user log-on in the same manner as the RPC Broker software does for other VA web applications. Once XOBS*1.6*3 and XOBV*1.6*3, have been implemented, consuming applications will then be able to use this middleware upgrade. There will be no functionality change with this implementation for applications using VistALink the way it is now. The addition of a PIV card (2FA) sign-on will only be seen later when and as changes are applied to each application connecting through VistALink. Patch Components: ----------------- Files & Fields Associated: File Name (Number) Field Name (Number) New/Modified/Deleted ------------------ ------------------- -------------------- N/A Forms Associated: Form Name File # New/Modified/Deleted --------- ------ -------------------- N/A Mail Groups Associated: Mail Group Name New/Modified/Deleted --------------- -------------------- N/A Options Associated: Option Name Type ----------- ----- KAAJEE BROKER CONTEXT [XUS KAAJEE WEB LOGON Broker] (Client/Server) New/Modified/Deleted: --------------------- Modified Protocols Associated: Protocol Name New/Modified/Deleted ------------- -------------------- N/A Security Keys Associated: Security Key Name ----------------- N/A Templates Associated: Template Name Type File Name (Number) New/Modified/Deleted ------------- ---- ------------------ -------------------- N/A Remote Procedure Calls (RPCs): ------------------------------ XOBV VALIDATE SAML - New Additional Information: New Service Requests (NSRs): ---------------------------- N/A Patient Safety Issues (PSIs): ----------------------------- N/A Defect Tracking System Ticket(s) & Overview: --------------------------------------------- Rational 728033 - 2 Factor Authentication for VistALink Problem: -------- 1. VAIQ# 7614373 Requires implementation of Two Factor Authentication (2FA). Resolution: ----------- New routine XOBVSAML was created to allow input of SAML token via new RPC XOBV VALIDATE SAML. This in turn calls existing kernel API's that process the token return values, indicating that the user is validated for access or not. Routine XOBVSKT was updated to allow for proper parsing of the SAML token. The menu option, KAAJEE BROKER CONTEXT [XUS KAAJEE WEB LOGON] is updated to register the new RPC. Participating Test Sites: ========================= Central Texas Veterans Health Care System VA Sierra Nevada Health Care System (Reno) Software and Documentation Retrieval: ===================================== The software for this patch is not being distributed through the National Patch Module. This patch is being distributed as a host file. The host file will contain the following two KIDS builds: Host file name: XOB_1P6_3.KID Builds: XOBV*1.6*3 XOBS*1.6*3 Sites may retrieve the software directly using Secure File Transfer Protocol (SFTP) from the ANONYMOUS.SOFTWARE directory at the following OI Field Offices: Hines : domain.ext Salt Lake City : domain.ext First Available Server : download.vista.domain.ext The following file will be available: File Name Description --------- ----------- XOB_1P6_3.KID Host File containing KIDS software distribution Note: Use ASCII mode when transferring the .KID file. Documentation describing the new functionality introduced by this patch is available at the above locations as well. Title File Name SFTP Mode ---------------------------------------------------------------------- VistALink v1.6 Release Notes xob_1_6_p3_rn.pdf Binary Documentation can also be found on the VA Software Document Library (VDL) at: http://www.domain.ext/vdl/application.asp?appid=163 Installation Instructions: ========================== ****************************************************************** ** Installation of this patch should NOT be queued to run. ** ****************************************************************** This host file (containing two patches) can be installed with users on the system. Installation will take less than 2 minutes. Pre-Installation Instructions: ============================== 1. DOWNLOAD HOST KIDS FILE ----------------------- Download the KIDS file XOB_1P6_3.KID from the ANONYMOUS.SOFTWARE directory of one of the following two Office of Information Field Offices (OIFOs): Hines or Salt Lake City to the appropriate directory on your system. 2. START UP KIDS ------------- Start up the Kernel Installation and Distribution System Menu [XPD MAIN]: Edits and Distribution ... Utilities ... Installation ... Select Kernel Installation & Distribution System Option: INStallation --- Load a Distribution Print Transport Global Compare Transport Global to Current System Verify Checksums in Transport Global Install Package(s) Restart Install of Package(s) Unload a Distribution Backup a Transport Global Select Installation Option: 3. Select Installation Option: -------------------------- a. Use the 'Load a Distribution' option and enter the directory into which you downloaded the host file, followed by the host file name: [directory] XOB_1P6_3.KID NOTE: When prompted for the INSTALL NAME, enter, XOBV*1.6*3: NOTE: Please make a backup per step 3b. (Backup a Transport Global) noted below: b. Backup a Transport Global - This option will create a backup message of any routines exported with this patch. It will not backup any other changes such as DD's or templates. c. Compare Transport Global to Current System - This option will allow you to view all changes that will be made when this patch is installed. It compares all components of this patch (routines, DD's, templates, etc.). d. Verify Checksums in Transport Global - This option will allow you to ensure the integrity of the routines that are in the transport global. 4. From the Installation Menu, select the Install Package(s) option and choose the patch to install, XOBV*1.6*3. 5. When Prompted "Want KIDS to Rebuild Menu Trees Upon Completion of Install? NO//," respond NO. 6. When Prompted "Want KIDS to INHIBIT LOGONs during the install? NO//," respond NO. 7. When Prompted "Want to DISABLE Scheduled Options, Menu Options, and Protocols? NO//," respond NO. Post-Installation Instructions: ------------------------------- N/A Back-Out Plan: -------------- Prior to installing the updated KIDS package, the site/region should have saved a backup of the routines in a mail message using the Backup a Transport Global [XPD BACKUP] menu option. The message containing the backed up routines can be loaded with the, "Xtract PackMan", function at the Message Action prompt. The PackMan function, INSTALL/CHECK MESSAGE, is then used to install the backed up routines onto the VistA system. Routine Information: ==================== The second line of each of these routines now looks like: ;;1.6;VistALink;**[Patch List]**;Apr 5, 2017;Build 16 The checksums below are new checksums, and can be checked with CHECK1^XTSUMBLD. Routine Name: XOBVSAML Before: n/a After: B1012167 **3** Routine Name: XOBVSKT Before: B19091287 After: B16067673 **3** ============================================================================= User Information: Entered By : Date Entered : APR 21, 2017 Completed By: Date Completed: JAN 16, 2019 Released By : Date Released : JAN 17, 2019 ============================================================================= Packman Mail Message: ===================== No routines included