Release Management
Space shortcuts
Space Tools

Versions Compared

Old Version 96

changes.mady.by.user Reeta Metta

Saved on

compared with

New Version 97

changes.mady.by.user Jeffrey Klann

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Description
SAML Authentication

User Account Registration Tool

Image Removedlocal registrationImage Added

ACT Ontology v4

Improved patient counting scripts
("totalnum")

Synthea SyntheticMass dataset in i2b2 format

Simplified database upgrade method

log4J upgrade (to address security concerns)

Apache Log4j Logo.png

Code changes to address security vulnerabilities

Bugfixes

Community-Contributed Features

Contribution

Contributor


SAML Authentication

Kevin Bui (lead developer)
Michelle Morris
University of Pittsburgh

Justin Prosser (security expert)
University of Washington

Mike Mendis
Jeff Klann
Reeta Metta
Mass General Brigham

i2b2 now includes support for SAML-based enterprise authentication via an institutional Identity Provider. See more information below.


Ability to specify user parameter defaults

Michael Horvath
Wake Forest University

This change is meant to allowing user params to take precedence over hive params. Currently, it's the other way around.

Particularly, if you have the situation where you have a large number of users who use an authentication method other than the default basic, but your service account (AGG_SERVICE_ACCOUNT) is using basic then you need to specify a user param for each of your users.

With this change, you can set default authentication params in pm_hive_params for all users, and then set your service account specifically to be authentication_method = 'BASIC'. May seem like a small change, but it would be very welcome not to need to assign params for each new user at our institution.

In the process of making this change, I re-organized basic authentication into its own package and removed some code duplication.

LDAP UPN Support

Michael Horvath
Wake Forest University

Active Directory enables other methods of binding which are more flexible besides just using the distinguished name. https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/6a5891b8-928e-4b75-a4a5-0e3b77eaca52. This change is to enable binding the the User Principle Name form, which is very convenient when the distinguished names for users is not easily available (OU by department, etc.).

API to get all children of an ontology node

Kevin Bui
Michelle Morris
University of Pittsburgh

The metadata GetChildren API call, which returns information on the children of an ontology node, can now be configured to return multiple levels of children (e.g., children, children's children, etc.). This is done by specifying the numLevel parameters. 

By default, the function assumes numLevel = 1 and will return the direct descendants of the concept, which is one level of children.  When the numLevel = -1 the function will return ALL descendants of the concept, otherwise the function will return up to and including the number of levels specified by numLevel (eg. numlevel=2 returns two levels of descendants, numLevel=4 returns four levels of descendants).

Totalnum Counter Performance ImprovementsDarren Henderson
University of Kentucky		Performance enhancements on SQL Server totalnum counting to not unnecessarily recompute temp tables.
ACT v4 Postgres bugfixes

Ambreen Zaver
University of Colorado

Bugfixes in time interval calculation (for age and age-at-visit) in ACT v4 ontology for Postgres.


Detailed Documentation on New Features

User Registration Tool

TODO - Documentation draft is here - https://github.com/kvb2univpitt/i2b2-saml-demo/tree/main/doc/user_registration 

There are two paths: SAML and local

Image Removed

There is a new user registration tool that can be enabled in the webclient. Documentation on this new feature is here: 6.5a i2b2 Webclient User Registration

local registrationImage Added

registrationMethodYString

NEW 1.7.13! Defines an information source for the new user registration tool. (If showRegistration is true, this parameter must be present.)

  • "SAML" = The tool will register users based on SAML EPPNs.
  • Any other value = The tool will register users with information entered in the registration form that pops up. If the value is non-empty, new users will be created with a corresponding entry in PM_user_params. 

...

Webclient Core-server
  • WEBCLIENT-334 Provide tabs for major plugins and temporal query 
  • WEBCLIENT-344 Cleanup Analysis Tools list of Plugins to only Supported Items 
  • WEBCLIENT-325 Wayne's improvements to hierarchical find-by-name (READY TO TEST)
  • WEBCLIENT-353 SAML and user registration tool (client side)  
  • CORE-399 Oracle index hints must use the table alias 
  • CORE-382 Username / password errors should not specify which had the problem
  • CORE-402 Fix Veracode identified Security flaws in i2b2 Server-Side Code
  • CORE-404 Adding support for JDK 11. Now including the gensrc due to jaxb has been removed. (CLOSED)
  • CORE-413 FetchAllChildren (CLOSED)
  • CORE-414 SAML (server side) (CLOSED)
  • CORE-415 Log4j upgraded to v2  (RESOLVED)v2
  • CORE-416 User parameter precedence change (contributed by Michael Horvath) (CLOSED)
  • CORE-417 LDAP UPN support (contributed by Michael Horvath) (CLOSED)

Bug Fixes

Webclient Core-server
  • WEBCLIENT-351 Obfuscated User Not Showing Graph (CLOSED)Graph
  • WEBCLIENT-342 switch response status check from "OK" to 200 to handle lab value pop up in http/2 protocols  (CLOSED)protocols
  • WEBCLIENT-335 temporal query in webclient with no anchoring events not running (CLOSED
  • WEBCLIENT-350  Unable to drag items in workplace (READY TO TEST)
  • WEBCLIENT-325 Wayne's improvements to hierarchical find-by-name  (READY TO TEST)
  • WEBCLIENT-319 FindTerms- exceeding more than 200(default) return count - displaying server error (READY TO TEST)
  • WEBCLIENT-294 Webclient Reports "QUERY CANCELLED" While Query Is Still Running (CLOSED)
  • WEBCLIENT-354 Removed broken context menu in Find Previous Queries (READY TO TEST)Queries
  • CORE-418 Local timestamps in sessions on Oracle - appserver /db server in diff time zones (READY TO TEST)
  • CORE-282 Error returned when obfuscated user is locked out (READY TO TEST)
  • CORE-281 Query continues to run after user receives lockout message (READY TO TEST)
  • CORE-412 Disable login to agg service account  (CLOSED)account
  • CORE-405 Upgrade JDBC Drivers (RESOLVED)
  • CORE-399 use alias for index hint  (CLOSED)

i2b2 Database Changes

New Features and Improvements

Database updates
  • DATA-7 QT_PATIENT_SET_ENC_COLLECTION should be a bigint (DONE)
  • DATA-14 Synthea i2b2 data (DONE)
  • DATA-6 improve i2b2 db upgrade process (DONE)
  • DATA-12  Stored procedure to update concept dimension (DONE)
  • DATA-11 Age in years updater during demodata install (DONE)
  • DATA-9 ACT v4 ontology (DONE)
  • DATA-13 Postgres time interval corrections in ACT v4 demographics ontology (DONE)
  • CORE-389 Totalnum performance improvements (DONE)
  • CORE-394 Obfuscated totalnum reporting tables (CLOSED)table
  • CORE-398 Multifact support for totalnums  (DONE
  • CORE-400 Show totalnums in top level folders (DONE)folders 

Notes for Developers

For Java 11 install, if you change the xsd (REST API message definitions), then you will need to regenerate gensrc via JAXB in Java 8. In the i2b2-core cell directory for which you're regenerating the XSD-Java, run the ant target "jaxb_gen" on Java 8 and then build as usual using Java 11.

...