============================================================================= Run Date: JUN 27, 2024 Designation: XU*8*791 Package : XU - KERNEL Priority: Mandatory Version : 8 SEQ #639 Status: Released Compliance Date: JUL 28, 2024 ============================================================================= Subject: SSOWAP :: TRM-required http-client dependency, UI, certificate-related changes. Category: - Informational - Other Description: ============ TRM required changes to the http-client dependency for the KAAJEE Single Sign-On Web Application Plugin (SSOWAP). The dependency was removed in favor of WebLogic's SSL API. In addition, error message display improvements were recommended. The configuration for the Identity certificate changes for a 2-Way TLS STS connection, is on the application server side. This is an INFORMATIONAL only patch. The release of this patch is bundled with PRPF*4.0*8. Although it is not dependent upon the PRPF*4.0*8 patch, that patch was used to test the changes in the XU*8*791 patch. This is a web application Java Build. This is a centralized server promotion. No installation is required at local sites. Patch Components: ----------------- Files & Fields Associated: File Name (Number) Field Name (Number) New/Modified/Deleted ------------------ ------------------- -------------------- N/A Forms Associated: Form Name File Number New/Modified/Deleted --------- ----------- -------------------- N/A Mail Groups Associated: Mail Group Name New/Modified/Deleted --------------- -------------------- N/A Options Associated: Option Name Type New/Modified/Deleted ----------- ---- -------------------- N/A Protocols Associated: Protocol Name New/Modified/Deleted ------------- -------------------- N/A Security Keys Associated: Security Key Name ----------------- N/A Templates Associated: Template Name Type File Name (Number) New/Modified/Deleted ------------- ---- ------------------ -------------------- N/A Remote Procedures Associated: Remote Procedure Name New/Modified/Deleted --------------------- -------------------- N/A Parameter Definitions Associated: Parameter Name New/Modified/Deleted -------------- -------------------- N/A Additional Information: ----------------------- N/A New Service Requests (NSRs): N/A Patient Safety Issues (PSIs): N/A Defect Tracking System Tickets(s) & Overview: 1.HDSO-5308 - KAAJEE Single Sign-On Web Application Plugin (SSOWAP) Problem: -------- TRM required changes to the http-client dependency. In addition, error message improvements were needed. Resolution: ----------- Reliance on vulnerable component was removed. Application Server mechanism was engaged for the management of identity certificate. WebLogic's SSL API was engaged. Test Sites: ----------- Houston VAMC (#580) Washington DC VAMC (#688) SNOW Change Order #: -------------------------------- CHG0485387 Software and Documentation Retrieval Instructions: -------------------------------------------------- The software for this patch is being deployed by the IO Enterprise Server Support Team. Other Software Files: This release also includes other software files. They can be obtained at location: /srv/vista/patches/SOFTWARE Other software files can also be obtained by accessing the URL: https://download.vista.domain.ext/index.html/SOFTWARE File Title File Name Format --------------------------------------------------------------------- KAAJEE SSOWAP bundle XU_8_791.ZIP Binary Documentation describing the new functionality is included in this Release. Documentation can be found on the VA Software Documentation Library at: https://www.domain.ext/vdl/. Documentation can also be obtained at https://download.vista.domain.ext/index.html/SOFTWARE. Documentation Title File Name ---------------------------------------------------------------- Deployment, Installation, Back-Out, and Rollback Guide XU_8_791_DIBRG.pdf Deployment Guide KAAJEE_SSOWAP_8_791_DEPG.pdf Installation Guide KAAJEE_SSOWAP_8_791_IG.pdf Release Notes KAAJEE_SSOWAP_8_791_RN.pdf Installation Instructions: -------------------------- This is a web application Java Build. This is a centralized server promotion. No installation is required at local sites. Back-Out/Roll Back Plan: ------------------------ Any back-out/roll back will be handled by the central server deployment team. No actions are required of local sites in the event of back-out/roll back. Routine Information: ==================== No routines included. ============================================================================= User Information: Entered By : Date Entered : JUL 10, 2023 Completed By: Date Completed: JUN 27, 2024 Released By : Date Released : JUN 27, 2024 ============================================================================= Packman Mail Message: ===================== No routines included