Hello, The UMLS Terminology Services (UTS) is moving from a username/password login to an NIH-federal identity provider system on Monday, November 9. UMLS users will begin migrating their accounts to the new system on this date with a migration deadline of January 15, 2021.
You will need to update any systems that use the UMLS user validation API<https://uts.nlm.nih.gov/help/license/validateumlsuserhelp.html>, as described in my previous emails. We recommend you implement the new workflow as soon as possible after November 9. Attached are instructions for implementing UMLS user validation with the new system. You MUST supply NLM with the domains (e.g., https://www.example.com in the instructions), so that we can whitelist the domains first. The UMLS user validation API<https://uts.nlm.nih.gov/help/license/validateumlsuserhelp.html> will remain functional through January 15, 2021; however, UMLS users that create their UTS accounts after November 9 will not have a password, and you will be unable to validate their accounts. Please let us know if you run into any issues or have any questions. Thank you! -Patrick From: McLaughlin, Patrick (NIH/NLM) [E] <patrick.mclaugh...@nih.gov> Sent: Wednesday, September 16, 2020 5:35 PM To: dev@ctakes.apache.org Cc: Pei Chen <p...@peistation.com> Subject: RE: Changes to UTS Authentication for Authorized Content Distributors Hello, I'm following up on my previous message about changes to the NLM UMLS Terminology Services (UTS) authentication. As an Authorized Content Distributor of UTS content, you will need to modify your implementation to accommodate these changes. Our testing environment is now available for you to test. We need some information from you. In order for you to test your implementation, we need two things: 1. A domain name from which you will link your users to our authentication service - We will need to whitelist your domain name for use in our test system. Example: www.yourwebsite.org<http://www.yourwebsite.org>. 2. A Google email address - We will need to configure a test account for you so that you can test user authentication. If you have questions or concerns, please respond to this email. We appreciate your patience as we make improvements to UTS. -Patrick Patrick McLaughlin Head, Terminology QA & User Services National Library of Medicine 8600 Rockville Pike, MSC 3831, Bethesda, MD 20894 patrick.mclaugh...@nih.gov<mailto:patrick.mclaugh...@nih.gov> From: McLaughlin, Patrick (NIH/NLM) [E] <patrick.mclaugh...@nih.gov<mailto:patrick.mclaugh...@nih.gov>> Sent: Friday, August 14, 2020 6:14 PM To: dev@ctakes.apache.org<mailto:dev@ctakes.apache.org> Cc: Pei Chen <p...@peistation.com<mailto:p...@peistation.com>> Subject: Changes to UTS Authentication for Authorized Content Distributors Dear UMLS Licensee, I'm contacting you from the U.S. National Library of Medicine because you are an Authorized Content Distributor of UMLS Terminology Services (UTS) content (https://uts.nlm.nih.gov/help/license/validateumlsuserhelp.html). We are contacting you because we are making changes to the way in which UTS users authenticate starting this November. What is changing? UTS users will no longer authenticate using a username and password. Instead, users will sign in using external authentication services like Login.gov, Google, Facebook, Microsoft, or one of several research organizations. We anticipate that users will begin migrating to external authentication services on November 9, 2020. Users who migrate to these services will no longer authenticate with a username and password. We also anticipate that passwords will be removed from UTS accounts on January 1, 2021. After that point, it will no longer be possible for Authorized Content Distributors to authenticate users with a username and password via https://uts.nlm.nih.gov/help/license/validateumlsuserhelp.html. What does this mean for Authorized Content Distributors? If you wish to continue to authenticate UTS users, you will need to implement a web-based authentication service. To do this, you will need to provide your users with a web interface that links to our authentication service. The user will navigate to your web interface using their web browser and click a link to our authentication service. Our service will then authenticate the user via an external authentication service (for example, Google or Facebook) and redirect the user back to your web interface. We will return true / false to you to let you know whether the user has an active UTS account. We are working on a test environment for you to test your implementation, and we anticipate that will be ready on August 15, 2020. This will allow you to test your implementation ahead of our November 9 release date. We need some information from you. In order for you to test your implementation, we need two things: 1. A domain name from which you will link your users to our authentication service - We will need to whitelist your domain name for use in our test system. Example: www.yourwebsite.org<http://www.yourwebsite.org>. 2. An email address - We will need to configure a test account for you so that you can test user authentication. If you have questions or concerns, please respond to this email. We appreciate your patience as we make improvements to UTS. Regards, Patrick McLaughlin Head, Terminology QA & User Services National Library of Medicine 8600 Rockville Pike, MSC 3831, Bethesda, MD 20894 Phone: 301-827-5063 patrick.mclaugh...@nih.gov<mailto:patrick.mclaugh...@nih.gov>
Implementation: Create a link and point it to: ⢠https://uts.nlm.nih.gov/uts/login?service=mycallback The value of mycallback is a URL that the federated system should redirect to. This is a webpage that you own. For example: ⢠https://www.example.com/myauthcallback When the user navigates to https://uts.nlm.nih.gov/uts/login?service=mycallback, they will be asked to authenticate using one of several services. For testing purposes, choose âGoogle.â Sign in as you normally would with the Google account that you provided to us. The mycallback URL will be returned in the web browser with one query parameter: âticketâ. For example: ⢠https://www.example.com/myauthcallback?ticket={ticket} This ticket is valid for one and only one query and must be consumed within 10 seconds after being received. You must consume this ticket to verify if the user has an active UMLS license. Do that by making a call to: ⢠https://uts-ws.nlm.nih.gov/rest/isValidServiceValidate Add 2 query parameters to this call: ⢠ticket: the ticket you received in the callback ⢠service: This is the exact same value you passed for service earlier (mycallback). For example: ⢠https://uts-ws.nlm.nih.gov/rest/isValidServiceValidate?ticket={ticket}&service=https://www.example.com/myauthcallback This service will return true or false. If the service returns true, the user has a valid UMLS license. If it returns false, the user does not have a valid UMLS license. The workflow above should handle both migrated and non-migrate UTS users. However, if you run into any issues with non-migrated users, you can point them directly to the UTS sign in page to migrate their accounts: https://uts.nlm.nih.gov/uts/login
