Hello,

The UMLS Terminology Services (UTS) is moving from a username/password login to 
an NIH-federal identity provider system on Monday, November 9. UMLS users will 
begin migrating their accounts to the new system on this date with a migration 
deadline of January 15, 2021.

You will need to update any systems that use the UMLS user validation 
API<https://uts.nlm.nih.gov/help/license/validateumlsuserhelp.html>, as 
described in my previous emails. We recommend you implement the new workflow as 
soon as possible after November 9.

Attached are instructions for implementing UMLS user validation with the new 
system. You MUST supply NLM with the domains (e.g., https://www.example.com in 
the instructions), so that we can whitelist the domains first.

The UMLS user validation 
API<https://uts.nlm.nih.gov/help/license/validateumlsuserhelp.html> will remain 
functional through January 15, 2021; however, UMLS users that create their UTS 
accounts after November 9 will not have a password, and you will be unable to 
validate their accounts.

Please let us know if you run into any issues or have any questions. Thank you!

-Patrick

From: McLaughlin, Patrick (NIH/NLM) [E] <patrick.mclaugh...@nih.gov>
Sent: Wednesday, September 16, 2020 5:35 PM
To: dev@ctakes.apache.org
Cc: Pei Chen <p...@peistation.com>
Subject: RE: Changes to UTS Authentication for Authorized Content Distributors

Hello,

I'm following up on my previous message about changes to the NLM UMLS 
Terminology Services (UTS) authentication. As an Authorized Content Distributor 
of UTS content, you will need to modify your implementation to accommodate 
these changes. Our testing environment is now available for you to test.

We need some information from you.

In order for you to test your implementation, we need two things:


  1.  A domain name from which you will link your users to our authentication 
service - We will need to whitelist your domain name for use in our test 
system. Example: www.yourwebsite.org<http://www.yourwebsite.org>.
  2.  A Google email address - We will need to configure a test account for you 
so that you can test user authentication.

If you have questions or concerns, please respond to this email. We appreciate 
your patience as we make improvements to UTS.

-Patrick

Patrick McLaughlin
Head, Terminology QA & User Services
National Library of Medicine
8600 Rockville Pike, MSC 3831, Bethesda, MD  20894
patrick.mclaugh...@nih.gov<mailto:patrick.mclaugh...@nih.gov>

From: McLaughlin, Patrick (NIH/NLM) [E] 
<patrick.mclaugh...@nih.gov<mailto:patrick.mclaugh...@nih.gov>>
Sent: Friday, August 14, 2020 6:14 PM
To: dev@ctakes.apache.org<mailto:dev@ctakes.apache.org>
Cc: Pei Chen <p...@peistation.com<mailto:p...@peistation.com>>
Subject: Changes to UTS Authentication for Authorized Content Distributors

Dear UMLS Licensee,

I'm contacting you from the U.S. National Library of Medicine because you are 
an Authorized Content Distributor of UMLS Terminology Services (UTS) content 
(https://uts.nlm.nih.gov/help/license/validateumlsuserhelp.html). We are 
contacting you because we are making changes to the way in which UTS users 
authenticate starting this November.

What is changing?

UTS users will no longer authenticate using a username and password. Instead, 
users will sign in using external authentication services like Login.gov, 
Google, Facebook, Microsoft, or one of several research organizations. We 
anticipate that users will begin migrating to external authentication services 
on November 9, 2020. Users who migrate to these services will no longer 
authenticate with a username and password. We also anticipate that passwords 
will be removed from UTS accounts on January 1, 2021. After that point, it will 
no longer be possible for Authorized Content Distributors to authenticate users 
with a username and password via 
https://uts.nlm.nih.gov/help/license/validateumlsuserhelp.html.

What does this mean for Authorized Content Distributors?

If you wish to continue to authenticate UTS users, you will need to implement a 
web-based authentication service. To do this, you will need to provide your 
users with a web interface that links to our authentication service. The user 
will navigate to your web interface using their web browser and click a link to 
our authentication service. Our service will then authenticate the user via an 
external authentication service (for example, Google or Facebook) and redirect 
the user back to your web interface. We will return true / false to you to let 
you know whether the user has an active UTS account. We are working on a test 
environment for you to test your implementation, and we anticipate that will be 
ready on August 15, 2020. This will allow you to test your implementation ahead 
of our November 9 release date.

We need some information from you.

In order for you to test your implementation, we need two things:


  1.  A domain name from which you will link your users to our authentication 
service - We will need to whitelist your domain name for use in our test 
system. Example: www.yourwebsite.org<http://www.yourwebsite.org>.
  2.  An email address - We will need to configure a test account for you so 
that you can test user authentication.

If you have questions or concerns, please respond to this email. We appreciate 
your patience as we make improvements to UTS.

Regards,
Patrick McLaughlin
Head, Terminology QA & User Services
National Library of Medicine
8600 Rockville Pike, MSC 3831, Bethesda, MD  20894
Phone: 301-827-5063
patrick.mclaugh...@nih.gov<mailto:patrick.mclaugh...@nih.gov>

Implementation: 
 
Create a link and point it to:
•     https://uts.nlm.nih.gov/uts/login?service=mycallback
 
The value of mycallback is a URL that the federated system should redirect to. 
This is a webpage that you own. For example: 
•     https://www.example.com/myauthcallback
 
When the user navigates to 
https://uts.nlm.nih.gov/uts/login?service=mycallback, they will be asked to 
authenticate using one of several services. For testing purposes, choose 
“Google.” Sign in as you normally would with the Google account that you 
provided to us. 
 
The mycallback URL will be returned in the web browser with one query 
parameter: ‘ticket’. For example:
•     https://www.example.com/myauthcallback?ticket={ticket}
 
This ticket is valid for one and only one query and must be consumed within 10 
seconds after being received. You must consume this ticket to verify if the 
user has an active UMLS license. Do that by making a call to:
•     https://uts-ws.nlm.nih.gov/rest/isValidServiceValidate
 
Add 2 query parameters to this call:
•     ticket: the ticket you received in the callback
•     service: This is the exact same value you passed for service earlier 
(mycallback). 
 
For example: 
•     
https://uts-ws.nlm.nih.gov/rest/isValidServiceValidate?ticket={ticket}&service=https://www.example.com/myauthcallback
 
This service will return true or false. If the service returns true, the user 
has a valid UMLS license. If it returns false, the user does not have a valid 
UMLS license.  

The workflow above should handle both migrated and non-migrate UTS users. 
However, if you run into any issues with non-migrated users, you can point them 
directly to the UTS sign in page to migrate their accounts: 
https://uts.nlm.nih.gov/uts/login

Reply via email to