KIDS build text print for PATCH,USER Printed at VAHACG.FO-ALBANY.MED.VA.GOV 11/03/10@17:08 Subj: Released XU*8*451 SEQ #414 [#42336] 04/14/09@12:08 From: <"National Patch Module"@FORUM.VA.GOV> Page 1 ------------------------------------------------------------------------------- $TXT Created by CHAN,ALAN at NXT.KERNEL.FO-OAKLAND.MED.VA.GOV (KIDS) on Monday, 02/11/08 at 16:03 ============================================================================= Run Date: APR 14, 2009 Designation: XU*8*451 Package : XU - KERNEL Priority: Mandatory Version : 8 SEQ #414 Status: Released Compliance Date: MAY 15, 2009 ============================================================================= Subject: KAAJEE LOGIN PAGE--REMOVAL OF REFRESH BUTTON Category: - Other Description: ============ Subj: Released XU*8*451 SEQ #414 [#42336] Page 2 ------------------------------------------------------------------------------- Patch Tracking #: FORUM message #46426416 Test sites: CENTRAL TEXAS HCS, NEW YORK HCS, NORTH TEXAS HCS, PHILADELPHIA VAMC, PUGET SOUND HCS Blood Bank Clearance: 8/2/2007 Related Remedy Tickets: HD0000000175475 HD0000000176176 HD0000000170902 This software release fixes a defect in a security software tool that is used by J2EE Web-based HealtheVet VistA applications to perform a login to the end user's local Legacy VistA system via Kernel Security. This tool is known as Kernel Authentication and Authorization for J2EE (KAAJEE). The custodian package of KAAJEE is Kernel. VA Facilities (VAMCs) are expected to install the M-side component Subj: Released XU*8*451 SEQ #414 [#42336] Page 3 ------------------------------------------------------------------------------- as this only brings in a single Security Key(No routines included) needed for the KAAJEE Sample Web Application (Standalone test harness). M KIDS Components: Security Key XUKAAJEE_SAMPLE ================== VA Facilities are not expected to install the Java-side components unless they have their own J2EE Application Server(s) (e.g.: BEA WebLogic Server) and managed them as well as develop their own local J2EE web-based applications. Summary of issues addressed: * Remove Refresh button from KAAJEE login page. * Add JavaScript code for client-side sorting of Institutions. * Fix Response already committed error--The code that was fixed was associated with processing the persistent cookie information on the Application Server. This fix should also fix the extra M process that was created. Subj: Released XU*8*451 SEQ #414 [#42336] Page 4 ------------------------------------------------------------------------------- * Make KAAJEE Login Page more Section 508 friendlier. * Allow Access code ; Verify code in one line. * Provide MD5 checksums on all deployable artifacts. * Compiled and tested KAAJEE against SDS 13.0 * Compiled and tested KAAJEE against VistaLink 1.5.1.002. * Support parameter passing of Default Institution and Institution sorting preferences. This addresses the issues of persistent cookies when using Thin Clients and Terminal Servers. * Provide KAAJEE Sample Web Application. Kernel Authentication and Authorization for J2EE (KAAJEE) is used by several HealtheVet-VistA applications (e.g.: Blind Rehabilitation, Veterans Personal Finance System(VPFS), Clinical Data Repository Health Data Repository(CHDR), etc.) to provide authentication and authorization services. Subj: Released XU*8*451 SEQ #414 [#42336] Page 5 ------------------------------------------------------------------------------- The login page that KAAJEE provides utilizes two buttons. One of these is 'Refresh' and the other is 'Login'. The 'Refresh' button is used in conjunction with the 'Sort by Station Number' and 'Sort by Station Name' radio buttons to initiate a change in the sorting of institutions displayed in the Institution drop down component. The actual sorting occurs on the Application Server side only after the login user presses the 'Refresh' button. The problem with the 'Refresh' button is that it resets the 'Access code' and 'Verify code' fields to blank. In addition, the selected institution in the Institution Drop down component is reset to the default value. Furthermore, the '' key defaults to the 'Refresh' button instead of the 'Login' button. This causes a problem as many users are accustomed to pressing the key immediately after entering in their verify code. Instead of logging in the user as the user had intended, the login page is refreshed and the user is unaware of the changes that just occurred. This eventually causes problems when the user does finally press the 'Login' button and the login attempt fails. Additionally, the 'Refresh' causes an M process to be created that may further contribute to the login attempt problems that users are Subj: Released XU*8*451 SEQ #414 [#42336] Page 6 ------------------------------------------------------------------------------- experiencing. This patch fixes this problem by removing the 'Refresh' button from the login page. In its place, JavaScript will be used in conjunction with the existing radio buttons to change the sorting of institutions. The actual sorting will now occur on the client instead of the server. In addition, the 'Access code' and 'Verify code' fields will no longer need to be reset. Also, the key will default to the 'Login' button. Another issue that causes some problems with the login is that some users are accustomed to entering both their access code and verify code separated by a semicolon (';') in a single line. This patch addresses this issue by permitting both the and to be entered in the 'Access Code' text box of the KAAJEE login page. In order to test the KAAJEE login, you need to deploy a consuming J2EE Web Application that is configured to use KAAJEE. Therefore, this patch provides a standalone KAAJEE Sample Web Application that may be used to test KAAJEE. In addition, this can be used by J2EE developers as a sample to assist them in configuring their J2EE web-based application to use KAAJEE. Therefore, this Subj: Released XU*8*451 SEQ #414 [#42336] Page 7 ------------------------------------------------------------------------------- sample web application can be used by web administrators, SQA, Testing Services, J2EE developers and support personnel. Parameter passing of Default Institution and Institution sorting preferences is now supported with this patch. When the consuming application provides a web URL link to their protected web pages, they can now include a list of KAAJEE supported parameters. In addition, each login user can create shortcuts to these links on their desktops. The login user can then edit these shortcuts to include the desired parameters and corresponding values. The use of these shortcuts can be used as a workaround to the issue of using persistent cookies when using Thin Clients and Terminal Servers. The issue of using persistent cookies on Terminal Servers is that they are often not retained as part of the roaming user profile upon logout and disconnect. Below is a list of possible parameters that may be appended to the URL of the consuming application's protected page: kaajeeDefaultInstitution=### Subj: Released XU*8*451 SEQ #414 [#42336] Page 8 ------------------------------------------------------------------------------- kaajeeDisableInstitutionComponents=true kaajeeSortStationBy=number kaajeeDisableSortStationBy=true Note, that the ### listed above should be replaced with the actual station number. Also, the kaajeeSortStationBy parameter can have a value of either 'number' or 'name'. All parameter names and values are case sensitive. Java-side Components (new/modified): ========================== /kaajee-1.0.1.003/jars/kaajee-1.0.1.003.jar (modified) /kaajee-1.0.1.003/jars/jsp/logout.jsp (new) /kaajee-1.0.1.003/jars/jsp/login/login.jsp (modified) /kaajee-1.0.1.003/jars/jsp/login/navigationerror.jsp (new) /kaajee-1.0.1.003/jars/jsp/login/javascript/login.js (new) /kaajee-1.0.1.003/samples/kaajeeSampleApp-1.0.1.003.ear (new) /kaajee-1.0.1.003/samples/kaajeeSampleApp-1.0.1.003.ear.MD5 (new) Subj: Released XU*8*451 SEQ #414 [#42336] Page 9 ------------------------------------------------------------------------------- /kaajee-1.0.1.003/samples/exploded/... (new) /kaajee-1.0.1.003/samples/shortcuts/... (new) For updated KAAJEE documentation, please refer to the KAAJEE Deployment and Installation Guides located on the VHA Software Document Library(VDL). The direct link to the VDL for KAAJEE documentation is: http://www.va.gov/vdl/application.asp?appid=151 The Java-side component will be in a ZIP format and will be accompanied by an MD5 checksum file. These files can be downloaded from one of the following OI Field Office ANONYMOUS.SOFTWARE directories via FTP: IRM Field Office FTP Address ================ =========== Albany ftp.fo-albany.med.va.gov Hines ftp.fo-hines.med.va.gov Salt Lake City ftp.fo-slc.med.va.gov VistA Download Site download.vista.med.va.gov Subj: Released XU*8*451 SEQ #414 [#42336] Page 10 ------------------------------------------------------------------------------- KAAJEE_1_0_1_003.ZIP KAAJEE_1_0_1_003_ZIP.MD5 ========================================================================= Installation: Install Time less than 5 minutes. 1. Users ARE allowed to be on the system during the installation. 2. You DO NOT need to stop TaskMan. 3. Use the 'INSTALL/CHECK MESSAGE' option on the PackMan menu. This option will load the KIDS package onto your system. 4. The patch has now been loaded into a Transport global on your system. You now need to use KIDS to install the Transport global. On the KIDS menu, under the 'Installation' menu, use the following options: Subj: Released XU*8*451 SEQ #414 [#42336] Page 11 ------------------------------------------------------------------------------- Verify Checksums in Transport Global Print Transport Global Compare Transport Global to Current System Backup a Transport Global 5. Installation will take less than 2 minutes. On the KIDS menu, under the 'Installation' menu, use the following option: Install Package(s) 'XU*8.0*451' ========== Want KIDS to INHIBIT LOGONs during the install? NO// Want to DISABLE Scheduled Options, Menu Options, and Protocols? NO// ========================================================================= Routine Information: ==================== No routines included. Subj: Released XU*8*451 SEQ #414 [#42336] Page 12 ------------------------------------------------------------------------------- ============================================================================= User Information: Entered By : CHAN,ALAN Date Entered : FEB 13, 2007 Completed By: SINGH,GURBIR Date Completed: APR 03, 2009 Released By : TILLIS,LEWIS Date Released : APR 14, 2009 ============================================================================= Packman Mail Message: =====================