PRIVATE ICR FOR CISS TO ACCESS KAAJEE ICR (5255)

Name

Value

NUMBER

5255

IA #

5255

DATE CREATED

2008/08/27

CUSTODIAL PACKAGE

KERNEL

USAGE

Private

TYPE

Other

DBIC APPROVAL STATUS

APPROVED

NAME

PRIVATE ICR FOR CISS TO ACCESS KAAJEE

GENERAL DESCRIPTION


1. Logins are only to be performed by the CISS framework code.  This
IA and supporting IAs are granted to CISS only, not to the application
portlets/plug-ins running in CISS.

2. To run user checks and establish user identity for a specific M/VistA
system, CISS should do the following:

a. Instantiate a KaajeeVistaLinkConnectionSpec instance, using
user-entered access/verify code and division, and also obtaining the
end-user's IP address, e.g., request.getRemoteAddr().

b. Obtain a VistALink connection to the desired M/VistA system from the
appropriate VistaLink connection factory object, using the
KaajeeVistaLinkConnectionSpec instance.

c. Using the connection, run the RPC "XUS KAAJEE GET USER INFO" in the
RPC context "XUS SIGNON" to, if successful, get a DUZ back.
This also creates the sign-on log entry on the M/VistA system; the DA
of that entry is also returned. If an exception is thrown, the user
is not authorized to run RPCs on the target VistA system. The exception
will contain the reason for denial.

d. If the end-user is authorized to run RPCs by the preceding step,
use the same connection and immediately run the RPC "XUS KAAJEE LOGOUT"
under the RPC context "XUS SIGNON", passing the DA of the sign-on log
entry created.  Running the RPC marks the sign-on log entry as closed.

e. Close the connection.

f. To run application RPCs for the end user, obtain a new connection
from the same VistALink connection factory, but using
VistaLinkDuzConnectionSpec (or, when supported,
VistaLinkVpidConnectionSpec.)

3. For the duration of the user session, the DUZ may be used with
DuzConnectionSpec to run RPCs.

4. Whether or not CISS caches a user's DUZ, for any new CISS user
sessions requiring access to a VistA system, all steps 2a-2f should be
performed again, as the user's authorization to log onto the VistA system
may have been revoked or otherwise may have changed since the previous
session.

STATUS

Active

KEYWORDS

KAAJEE

DURATION

Till Otherwise Agreed

COMPONENT/ENTRY POINT

COMPONENT DESCRIPTION

VARIABLES

['gov.va.med.authentication.kernel.KaajeeVistaLinkConnectio', 'nSpec']


The no-argument constructor should not be used.  Only use this
constructor that contains the following four arguments:
String division, String accessCode, String verifyCode, String clientIp

VARIABLES	TYPE	VARIABLES DESCRIPTION
division	Input	This is the first parameter for this constructor. Pass in the station # (external format) of the division to log the user in against.
accessCode	Input	This is the second parameter for this constructor. Pass in the user access code.
verifyCode	Input	This is the third parameter for this constructor. Pass in the user verify code.
clientIp	Input	This is the fourth parameter for this constructor. Pass in the client IP address. To obtain the client IP address, 'request.getRemoteAddr()' may be used.

SUBSCRIBING PACKAGE

SUBSCRIBING PACKAGE	ISC
CLINICAL INFO SUPPORT SYSTEM	Washington/Silver Spring

DATE ACTIVATED

2008/09/12