|
i2b2 1.7.13 offers support for SAML federated login, enhanced security due to improvements found via an internal Veracode scan, a client-based user registration tool, support for Synthea synthetic data for testing, and a variety of other bugfixes and performance improvements.
Description | |
---|---|
SAML Authentication | |
User Account Registration Tool | |
ACT Ontology v4 | |
Improved patient counting scripts ("totalnum") | |
Synthea SyntheticMass dataset in i2b2 format | |
Simplified database upgrade method | |
log4J upgrade (to address security concerns) | |
Code changes to address security vulnerabilities | |
Bugfixes |
Contribution | Contributor | |
SAML Authentication | Kevin Bui (lead developer) | i2b2 now includes support for SAML-based enterprise authentication via an institutional Identity Provider. See more information below. |
Ability to specify user parameter defaults | Michael Horvath | This change is meant to allow user params to take precedence over hive params. Currently, it's the other way around. |
LDAP UPN Support | Michael Horvath | Active Directory enables other methods of binding which are more flexible besides just using the distinguished name. https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/6a5891b8-928e-4b75-a4a5-0e3b77eaca52. This change is to enable binding the the User Principle Name form, which is very convenient when the distinguished names for users is not easily available (OU by department, etc.). |
API to get all children of an ontology node | Kevin Bui | The metadata GetChildren API call, which returns information on the children of an ontology node, can now be configured to return multiple levels of children (e.g., children, children's children, etc.). This is done by specifying the numLevel parameters. By default, the function assumes numLevel = 1 and will return the direct descendants of the concept, which is one level of children. When the numLevel = -1 the function will return ALL descendants of the concept, otherwise the function will return up to and including the number of levels specified by numLevel (eg. numlevel=2 returns two levels of descendants, numLevel=4 returns four levels of descendants). |
Totalnum Counter Performance Improvements | Darren Henderson University of Kentucky | Performance enhancements on SQL Server totalnum counting: stop unnecessarily recomputing temp tables. |
ACT v4 Postgres bugfixes | Ambreen Zaver | Bugfixes in time interval calculation (for age and age-at-visit) in ACT v4 ontology for Postgres. |
There is a new user registration tool that can be enabled in the webclient. It allows users to request an i2b2 account that can then be activated by an administrator. It supports manual entry of user information through the form shown below, or automatic population of user information through SAML.
Documentation on this new feature is here: 6.5a i2b2 Webclient User Registration
i2b2 now includes support for SAML-based enterprise authentication via an institutional Identity Provider.
Detailed setup instructions are in Chapter 8 of the Installation Guide.
Totalnum Scripts (patient counting scripts) have been updated to improve the counter's performance on both multiple ontology tables and very large(>1.5 million) ontologies such as ACT medications. Debug messages have also been added for troubleshooting and profiling purposes. Support for multiple fact tables has been added and bugfixes have been made.
e.g., create view observation_fact_view as select * from CONDITION_VIEW union all select * from drug_view
If running the counting script in SQL Server, add the wildcard flag, to ignore multifact references in the ontology: e.g. exec RunTotalnum 'observation_fact_view','dbo','@','Y'
This is automatically accounted for in the other database platforms. Note this approach does not work if you have conflicting concept_cds across fact tables.
Oracle: | begin You can optionally include a table name if you only want to count one ontology table (this IS case sensitive): Note: If you get the error as: ERROR at line 1: ORA-01031: insufficient privilege, then run the command: |
SQL server: | exec RunTotalnum 'observation_fact','dbo','@' Parameters are: 1) the observation table name (for multi-fact-table setups), 2) the schema name, 3) a single table name to run on a single ontology table or '@' to run on all, and 4) and a wildcard flag that will ignore multifact references in the ontology if 'Y' |
PostgreSQL: | select RUNTOTALNUM('observation_fact','public') Replace 'public' by the schema name for the fact table If using a schema other than public for metadata, you might need to run "set search_path to 'i2b2metadata','public' " first as well |
When finished, verify it is complete by checking that c_totalnum columns in your ontology tables contain numbers (not nulls). These total counts will be visible in the ontology browser in the web client.
Parent folders will get counts (of all patients with facts in the leaves) except for ontology folders derived from visit_dimension or patient_dimension. These cannot be rolled up because of the way these terms are defined in the ontology. They will have no count at all (not a zero).
i2b2 users must have the DATA_AGG user permission to view the counts through the web client. |
When the CRC data is installed via ant, a new SQL script updates the age_in_years_num in the patient dimension based on the birth dates of the sample patients. As a reminder, this load process can be triggered with ant -f data_build.xml db_demodata_load_data in the CRC directory of NewInstall.
Insert_Concept_FROMTableAccess is designed to populate concept_dimenison table using the ontologies listed in table_access table records.
The stored procedure loops through the table_access and inserts values from each metadata table (specified in the c_table_name column), when
c_dimtablename is set to 'concept_dimension'
Example usage: exec Insert_Concept_FROMTableAccess
Synthetic patient data generated by Synthea can be loaded into i2b2. The Synthea SyntheticMass sample files have been converted to i2b2-ACT format, and scripts to load Synthea data from scratch are available here: https://github.com/i2b2/i2b2-synthea
create_synthea_table_<your dbServertype>.sql
in your project to create the Synthea tables.synthea_to_i2b2_<your dbServerType>.sql
to clean up the date formatting.synthea_to_i2b2_<your dbServertype>.sql
to convert Synthea data into i2b2 tables (this will truncate your existing fact and dimension tables!)i2b2metadata.dbo
in the script. Use the database and schema where your ACT ontology tables are.Metadata scripts are now available to load the latest ACT Version-4 ontology into your i2b2 db schema.
The CPT4 ontology table is not included with i2b2 due to AMA restrictions on redistribution of CPT code information. Contact the ACT team to get a copy if your institution is an AMA member. |
Previously, i2b2 db upgrade was a multi-step process of running upgrade SQL scripts and stored procedures individually on the db instance. This release simplifies the process of running the table upgrade SQL scripts and stored procedures from data_build.xml files. Details are on the i2b2 Upgrade Page here.
The JDBC drivers were updated to the following versions.
Driver | ojdbc8.jar | postgresql-42.2.14.jar | mssql-jdbc-9.2.0.jre8.jar |
---|---|---|---|
New Version | Oracle 21.5 | PostgreSQL 42.3.2 | MS Sql Server 9.2 |
Server Type | SQL Server | Oracle | Postgres |
---|---|---|---|
Supported Version/s | 2012+ (tested with up to 2019) | 12g+ and 21c | 9 to 14 |
Application Type | Java | Wildfly | Apache HTD | Apache Ant | Apache Axis2 | PHP |
---|---|---|---|---|---|---|
Supported Version/s | 8 or 11 | 17.0.1Final | 2.0 (RHEL 6) and 2.2 ( RHEL 7) | 1.9.6 | 1.7.1 | 7.2.27 or higher |
CentOS versions 6 (deprecated) or 7 (highly recommended)
Windows 7-2019
Unofficially, MacOS and other flavors of Linux are likely to work.
Core-server | webclient |
---|---|
CORE-399 Oracle index hints must use the table alias CORE-382 Username / password errors should not specify which had the problem CORE-402 Fix Veracode identified Security flaws in i2b2 Server-Side Code CORE-404 Adding support for JDK 11. Now including the gensrc due to jaxb has been removed. CORE-413 FetchAllChildren CORE-414 SAML (server side) CORE-415 Log4j upgraded to v2 CORE-416 User parameter precedence change (contributed by Michael Horvath) CORE-417 LDAP UPN support (contributed by Michael Horvath) CORE-405 Upgrade JDBC Drivers CORE-412 Disable login to agg service account | WEBCLIENT-334 Provide tabs for major plugins and temporal query WEBCLIENT-344 Cleanup Analysis Tools list of Plugins to only Supported Items WEBCLIENT-325 Wayne's improvements to hierarchical find-by-name WEBCLIENT-353 SAML and user registration tool (client side) |
DATA-7 QT_PATIENT_SET_ENC_COLLECTION should be a bigint DATA-14 Synthea i2b2 data DATA-6 improve i2b2 db upgrade process DATA-12 Stored procedure to update concept dimension DATA-11 Age in years updater during demodata install DATA-9 ACT v4 ontology DATA-13 Postgres time interval corrections in ACT v4 demographics ontology CORE-389 Totalnum performance improvements CORE-394 Obfuscated totalnum reporting table CORE-398 Multifact support for totalnums CORE-400 Show totalnums in top level folders |
Webclient | Core-server |
---|---|
WEBCLIENT-351 Obfuscated User Not Showing Graph WEBCLIENT-342 switch response status check from "OK" to 200 to handle lab value pop up in http/2 protocols WEBCLIENT-335 temporal query in webclient with no anchoring events not running WEBCLIENT-350 Unable to drag items in workplace WEBCLIENT-294 Webclient Reports "QUERY CANCELLED" While Query Is Still Running WEBCLIENT-354 Removed broken context menu in Find Previous Queries | CORE-418 Local timestamps in sessions on Oracle - appserver /db server in diff time zones CORE-282 Error returned when obfuscated user is locked out CORE-281 Query continues to run after user receives lockout message CORE-399 use alias for index hint |
For Java 11 install, if you change the xsd (REST API message definitions), then you will need to regenerate gensrc via JAXB in Java 8. In the i2b2-core cell directory for which you're regenerating the XSD-Java, run the ant target "jaxb_gen" on Java 8 and then build as usual using Java 11.