$TXT Created by L at KRNIRIS.FO-OAKLAND.DOMAIN.EXT (KIDS) on Thursday, 04/21/22 at 14:06 ============================================================================= Run Date: MAY 18, 2022 Designation: XU*8*771 Package : XU - KERNEL Priority: EMERGENCY Version : 8 SEQ #609 Status: Released Compliance Date: MAY 20, 2022 ============================================================================= Associated patches: (v)XU*8*659 <<= must be installed BEFORE `XU*8*771' (v)XU*8*731 <<= must be installed BEFORE `XU*8*771' Subject: FIX TO XU*8*746 Category: - Routine Description: ============ **Note**: This patch is a replacement to patch XU*8*746 whose release was cancelled (entered in error) due to inconsistent policy for users accessing VistA from Remote Applications, like JLV. This patch and future related patches includes coordination and testing with such remote applications before and during IOC test sites testing. This patch makes a modification to VistA Kernel Security and Visitor Security to distinguish "Remote" users from "Local" users. It also adds additional checks to prevent duplicate visitor user accounts. Defect Tracking System Ticket(s) & Overview: -------------------------------------------- Problem 1: ServiceNow ticket: INC21934508 ---------- a) There is still the chance that duplicate visitor user entries are created when the following combination occurs: 1) visitor entry was created before patch XU*8*731 was released and the SSOi token was used, so that only the SecID value was populated in the NEW PERSON file (#200); and 2) after, the same user visits with an older visitor token, like BSE, which uses the SSN as the lookup, which will fail and create a duplicate entry. b) Some REMOTE applications are submitting multiple simultaneous sign-on session when their users visit a VistA instance. Duplicate users may occur if the key fields in the incoming tokens have extra spaces. Resolution: ----------- a) Changes to routine XUESSO1 to check the MPI web service if the SSN lookup fails and obtain the SecID value for a second lookup. b) Changes to routine XUSAML to ensure consistency of lookup values and storage values that prevents potential for duplicate entries. Problem 2: ServiceNow ticket: REQ6135128 ---------- VA Information System Security Officers (ISSO) requested that a new field, CREATED BY, be added to the NEW PERSON file (#200); so that a future manual or automated process be able to distinguish local users from "remote" users for the purposes of security reviews. Resolution: ----------- A new field has been added, CREATED BY (#202.06), and an option, [XUSER REMOTE], has been added to the User Security Menu, [XUSER SEC OFCR]. Changes to routines XUESSO1 and XUESSO2 were made to populate the new field when an entry is created during the first visit. Changes to the Print Template, [XUSERINQ], were made to include the new field in the User Inquiry [XUSERINQ] option. **Note**: The above were new components in patch XU*8*746. Backout of XU*8*746 left these components in place. Patch Components ================ Files & Fields Associated: File Name (Number) Field Name (Number) New/Modified/Deleted ------------------ ------------------- -------------------- NEW PERSON (#200) CREATED BY (#202.06) New (see note in problem 2) Forms Associated: Form Name File # New/Modified/Deleted --------- ------ -------------------- N/A Mail Groups Associated: Mail Group Name New/Modified/Deleted --------------- -------------------- N/A Options Associated: Option Name Type New/Modified/Deleted ----------- ---- -------------------- XUSER REMOTE edit New (see note in problem 2) Protocols Associated: Protocol Name New/Modified/Deleted ------------- -------------------- N/A Security Keys Associated: Security Key Name ----------------- N/A Templates Associated: Template Name Type File Name (Number) New/Modified/Deleted ------------- ---- ------------------ -------------------- XUSERINQ Print 200 Modified XUSER REMOTE Input 200 New (see note in problem 2) Remote Procedures Associated: Remote Procedure Name New/Modified/Deleted --------------------------- -------------------- N/A Parameter Definitions Associated: Parameter Name New/Modified/Deleted --------------------------- -------------------- N/A Additional Information: Blood Bank Team Coordination ---------------------------- N/A New Service Requests (NSRs) ---------------------------- N/A Patient Safety Issues (PSIs) ----------------------------- N/A Test Sites: ----------- Atlanta Big Spring Software and Documentation Retrieval Instructions: -------------------------------------------------- The software for this patch is being released in a PackMan message. Documentation describing the new functionality is not included in this release. Documentation Title File Name ------------------------------------------------------------------ N/A Patch Installation: Pre/Post Installation Overview ------------------------------ There are no Pre/Post installation routine processes. Pre-Installation Instructions ----------------------------- This patch takes less than a minute to install. This patch may be installed with users on the system and the installation may be queued. Installation Instructions ------------------------- 1. Choose the PackMan message containing this build. Then select the INSTALL/CHECK MESSAGE PackMan option to load the build. 2. From the Kernel Installation and Distribution System Menu, select the Installation Menu. From this menu, A. Select the Verify Checksums in Transport Global option to confirm the integrity of the routines that are in the transport global. When prompted for the INSTALL NAME enter the patch or build name. (ex. XU*8.0*771) NOTE: Using will not bring up a Multi-Package build even if it was loaded immediately before this step. It will only bring up the last patch in the build. B. Select the Backup a Transport Global option to create a backup message. You must use this option and specify what to backup; the entire Build or just Routines. The backup message can be used to restore the routines and components of the build to the pre-patch condition. i. At the Installation option menu, select Backup a Transport Global ii. At the Select INSTALL NAME prompt, enter your build XU*8*771 iii. When prompted for the following, enter "R" for Routines or "B" for Build. Select one of the following: B Build R Routines Enter response: Build iv. When prompted "Do you wish to secure your build? NO//", press and take the default response of "NO". v. When prompted with, "Send mail to: Last name, First Name", press to take default recipient. Add any additional recipients. vi. When prompted with "Select basket to send to: IN//", press and take the default IN mailbox or select a different mailbox. C. You may also elect to use the following options: i. Print Transport Global - This option will allow you to view the components of the KIDS build. ii. Compare Transport Global to Current System - This option will allow you to view all changes that will be made when this patch is installed. It compares all of the components of this patch, such as routines, DDs, templates, etc. D. Select the Install Package(s) option and choose the patch to install. i. If prompted 'Want KIDS to Rebuild Menu Trees Upon Completion of Install? NO//', answer NO. ii. When prompted 'Want KIDS to INHIBIT LOGONs during the install? NO//', answer NO. iii. When prompted 'Want to DISABLE Scheduled Options, Menu Options, and Protocols? NO//', answer NO. Post-Installation Instructions ------------------------------ N/A Back-Out Plan ------------- If assistance is needed to rollback/backout the patch please, log a ServiceNow(SNOW) ticket so the development team can assist in this process. Note: During installation, if the option to back-up the routines was executed as directed, "Backup a Transport Global" (Step 2B.), then the routines will have the ability to be restored from the 'backup' MailMan message that was generated. However, the Kernel Installation and Distribution System (KIDS) process does NOT perform a back up of the other VistA software components, such as RPCs. Routine Information: ==================== The second line of each of these routines now looks like: ;;8.0;KERNEL;**[Patch List]**;Jul 10, 1995;Build 8 The checksums below are new checksums, and can be checked with CHECK1^XTSUMBLD. Routine Name: XU8P771 Before: n/a After: B688501 **771** Routine Name: XUESSO1 Before: B93859687 After:B100368166 **165,183,196,245,254,269,337, 395,466,523,655,659,771** Routine Name: XUESSO2 Before:B121663690 After:B125277665 **655,659,630,701,731,771** Routine Name: XUSAML Before:B156920962 After:B165559906 **655,659,630,701,731,771** Routine list of preceding patches: 731 ============================================================================= User Information: Entered By : Date Entered : APR 07, 2022 Completed By: Date Completed: MAY 18, 2022 Released By : Date Released : MAY 18, 2022 ============================================================================= Packman Mail Message: ===================== $END TXT