Security enhancements (CORE-283)

[CORE-289] Mandatory password change Created: 24/Jan/18  Updated: 25/Apr/18  Resolved: 17/Apr/18

Status: Resolved
Project: i2b2 Core Software
Component/s: CRC Cell, PM Cell
Affects Version/s: 1.7.10
Fix Version/s: 1.7.10

Type: Sub-Task Priority: Major
Reporter: Janice Donahoe Assignee: Janice Donahoe
Resolution: Done Votes: 0
Labels: wikirelease
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Blocked
is blocked by CORE-288 Enforce complex passwords Resolved
Rank: 0|hzzzz0:
Sprint: v1710.1
Affects Database/s:
All databases
Testing Notes: Tested and it is not working correctly. Password did not expire when expected.

Tried parameter both with date when the password is to expire and number of days when the password is to expire. Neither one worked.
Participant/s:

 Description   
*** Part of the security enhancements update ***

The mandatory password change feature requires users to change passwords after a specified interval of time. The i2b2 Administrator controls the number of days allowed before a password must be changed. Two new parameters, 1 global and 1 user, will store the relevant information for passwords to expire.

Summary of Password Expiration Process
1. New global parameter is entered (via i2b2 Admin module).
2. Password expiration feature is turned on.
3. Passwords for ALL users are now expired.
4. User attempts to sign into i2b2 Web Client; prompted to change password.
5. User enters a new password & successfully signs into the i2b2 Web Client.
6. Using the value in the global parameter, the system calculates the next expiration date for the user and adds the user parameter with that date to the correct table.

NEW PARAMETERS
Two new parameters were created as part of the Mandatory password change feature. Both parameters are called PM_EXPIRED_PASSWORD however one is set within PM_GLOBAL_PARAMS and the other within PM_USER_PARAMS. Each parameter has a different function in the password expiration process and is further defined below.

GLOBAL Parameter
What it does:
     • Turns the feature on.
     • Defines the password change interval.
     • Passwords will never expire if this parameter is not added as a global parameter.

Table: PM_GLOBAL_PARAMS

Parameter Name = PM_EXPIRED_PASSWORD
Parameter Value = [number of days the passwords will expire (change interval)]
Parameter Data Type = Text


USER Parameter
What it does:
     • Date user’s password will expire
     • Parameter is added automatically 1st time password is changed after it expires.
     • Passwords will never expire without this setup as a global parameter in the PM_GLOBAL_PARAMS table.

Table: PM_USER_PARAMS

Parameter Name = PM_EXPIRED_PASSWORD
Parameter Value = [date password will expire]
Parameter Data Type = Text




 Comments   
Comment by Janice Donahoe [ 17/Apr/18 ]
Tested and verified it is is working as designed. This feature will be included in the 1.7.10 release.
Generated at Fri Jan 21 12:00:03 UTC 2022 using JIRA 7.6.3#76005-sha1:8a4e38d34af948780dbf52044e7aafb13a7cae58.