Version 1.2. ASAM CS Single Sign-On

Similar documents
Version 1.5. ASAM Web Services

Microsoft ADFS Configuration

Integration Documentation. Automated User Provisioning Common Logon, Single Sign On or Federated Identity Local File Repository Space Pinger

Integration of the platform. Technical specifications

Authorization and Authentication

Qualys SAML & Microsoft Active Directory Federation Services Integration

CS144: Sessions. Cookie : CS144: Web Applications

User Directories. Overview, Pros and Cons

Samples using API. User Guide

e Link Technical Specification Valid from 1 st of January, 2018

PeopleKeys 3 API (rev )

Unity SDK for Xiaomi (IAP) Unity IAP provides an easy way to integrate Xiaomi IAP with Unity.

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018

CS November 2018

Quintiles JReview Customer Access Guide. Version Number: 11. Document Version:

INTEGRATING OKTA: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Specification document for OCSP

STATS API: AN INTRODUCTION

SMS Outbound. SMTP interface - v1.1

Copyright

Configuring Alfresco Cloud with ADFS 3.0

Integrating YuJa Active Learning into ADFS via SAML

1WorldSync Content1 Web Services

The Merit Palk API allows 3rd party developers to expand and build on the Merit Palk platform.

SMS Outbound. HTTP interface - v1.1

Cloud Access Manager Configuration Guide

SSO Authentication with ADFS SAML 2.0. Ephesoft Transact Documentation

MxVision WeatherSentry Web Services REST Programming Guide

Office 365 and Azure Active Directory Identities In-depth

Single Sign-On Showdown

esignlive SAML Administrator's Guide Product Release: 6.5 Date: July 05, 2018 esignlive 8200 Decarie Blvd, Suite 300 Montreal, Quebec H4P 2P5

ideal QR - Merchant Implementation Guidelines (EN)

Developer Resources: PIN2

Tenable.io Container Security REST API. Last Revised: June 08, 2017

Specification document for OCSP

Qualys SAML 2.0 Single Sign-On (SSO) Technical Brief

Your Auth is open! Oversharing with OpenAuth & SAML

Integrating the YuJa Enterprise Video Platform with Dell Cloud Access Manager (SAML)

DCCKI Interface Design Specification. and. DCCKI Repository Interface Design Specification

Level 3 Media Portal API Guide

TECHNICAL GUIDE SSO JWT. At 360Learning, we don t make promises about technical solutions, we make commitments.

PERFORMANCE HORIZON PUBLISHER API INTRODUCTION

Configuration Guide - Single-Sign On for OneDesk

Business Chat Sending Authenticate Messages. June

Moxie Notifications Documentation

Preserving Electronic Mailing Lists as Scholarly Resources: The H-Net Archives

ENERGY MANAGEMENT INFORMATION SYSTEM. EMIS Web Service for Sensor Readings. Issue

1. Get 26AS Information

Direct Post Integration Guide

Integrating YuJa Active Learning with ADFS (SAML)

Integrating YuJa Active Learning into Google Apps via SAML

Integration Guide. PingFederate SAML Integration Guide (SP-Initiated Workflow)

Nimsoft Service Desk. Single Sign-On Configuration Guide. [assign the version number for your book]

Security. SWE 432, Fall 2017 Design and Implementation of Software for the Web

Single Sign-On (SSO)Technical Specification

SSO Plugin. HP Service Request Catalog. J System Solutions. Version 3.6

Hosted Payment Form. Credit & Debit Card Processing v

Combating Common Web App Authentication Threats

Datapower is both a security appliance & can provide a firewall mechanism to get into Systems of Record

Architecture Assessment Case Study. Single Sign on Approach Document PROBLEM: Technology for a Changing World

Report API v1.0 Splio Customer Platform

Requirements from the. Functional Package for Transport Layer Security (TLS)

DigiCert User Guide (GÉANT)

Technologies for Securing the Networked Supply Chain. Alex Deacon Advanced Products and Research Group VeriSign, Inc.

API Gateway. Version 7.5.1

Logging System for Longlifetime

Cookies, sessions and authentication

ArcGIS Server and Portal for ArcGIS An Introduction to Security

Integrating the YuJa Enterprise Video Platform with ADFS (SAML)

Oracle Database Security and Audit. Authentication and authorization

PRODUCT UNDER TEST TEST EVENT RESULT. Quality Manual ISO Test Lab Test Report

Configuring Single Sign-on from the VMware Identity Manager Service to Collibra

Common Event Format: Event Interoperability Standard

SafeNet Authentication Manager

AWS Support. API Reference API Version

BIG-IP Local Traffic Management: Getting Started with Policies. Version 13.0

MediaAUTH Draft Proposal

1) Revision history Revision 0 (Oct 29, 2008) First revision (r0)

TO: FROM: DATE: SUBJECT: Revisions General 2.1 The Mismatch does

PICANet WEB. User Guide. PICANet Web Quick User Guide. Logging-In

Design and Implementation of a RFC3161-Enhanced Time-Stamping Service

Nigori: Storing Secrets in the Cloud. Ben Laurie

Slybroadcast Global API Documentation Version 3.0 June 2018

Wisconsin Compensation Rating Bureau. WCUNDERWRITING WEB SERVICE User Guide

Unity SDK for Xiaomi (IAP) Unity IAP provides an easy way to integrate Xiaomi IAP with Unity.

ekashu Frequently Asked Questions

DirectLine for Business AS2 USER GUIDE

NIELSEN API PORTAL USER REGISTRATION GUIDE

Salesforce1 Mobile Security White Paper. Revised: April 2014

SortMyBooks API (Application programming

Integration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for PingFederate

MarkLogic Server. Common Criteria Evaluated Configuration Guide. MarkLogic 9 May, Copyright 2019 MarkLogic Corporation. All rights reserved.

Login with Amazon. Getting Started Guide for Websites

Black Box DCX3000 / DCX1000 Using the API

A human-readable summary of the X.509 PKI Time-Stamp Protocol (TSP)

TPM v.s. Embedded Board. James Y

Request for Comments: 2536 Category: Standards Track March DSA KEYs and SIGs in the Domain Name System (DNS)

Network Security CHAPTER 31. Solutions to Review Questions and Exercises. Review Questions

Validation Working Group: Proposed Revisions to

External HTTPS Trigger AXIS Camera Station 5.06 and above

Transcription:

Version 1.2 ASAM CS Single Sign-On 1

Table of Contents 1. Purpose... 3 2. Single Sign-On Overview... 3 3. Creating Token... 4 4. Release Notes... 5 2

1. Purpose This document aims at providing a guide for integrating a system with an installation of Continuum, The ASAM Criteria Decision Engine. This document assumes you are familiar with core concepts such as: RESTful Services HTTP Requests Certificates 2. Single Sign-On Overview The Continuum Integration API implements a simple and secure single sign on between a trusted web application and an installation of the ASAM CS that has been setup for integration mode. The Single Sign On API has been designed in a way to easily create a seamless experience for the user without having to have a federated security environment. Using this implementation the remote application can provide links for their users that will automatically redirect them into Continuum. This all works by making the remote application the trusted source for identifying the user and ensuring that user has access to the patients Continuum assessments. The user will not have to re-sign in with Continuum because the request to access the Continuum site will contain a digital signature verifying the request came from the remote application and that the request has not been tampered with in any way. Before access can be granted to Continuum, the client must send an HTTPS POST and if the authentication succeeds the client will be automatically redirected to the resource they are trying to access. The URL for this service typically looks like this: https://<server>/singlesignon/ There is a single route defined for the SingleSignOn that must include the following parameters. If you pass both a patientid and an assessmentid the system will open that assessment. If you do not pass an assessmentid it will take you to the patient list screen. This service will be called by creating a Form post containing the parameters defined below. The parameters must be passed in the same order as was used in creating the token. POST message Parameters: Name Description Required EhrId The Id of the EHR you are coming from Yes OrganizationId The Id of the Organization you are coming from Yes UserId The Id of the user who is requesting the resource. Yes 3

UserName The name of the user who is requesting the resource. Yes UserEmail The email of the user who is requesting the resource. Yes PatientId The Id of the patient you are trying to access. Yes Timestamp Timestamp the message was created. This must be within 1 minute of the current time for the single sign-on to be successful. The format should follow RFC 1123, "ddd, dd MMM yyyy HH':'mm':'ss 'GMT'" Yes AssessmentType The type of assessment. If AssessmentId AssessmentId Token The Id of the assessment being accessed. By specifying this Id the user will automatically be redirected to this Assessments Edit screen. This is the digitally signed SHA-1 hash of the current message. See below for instructions on creating this hash. No Yes An example of the form POST content would be: EhrId=1&OrganizationId=1&UserId=user-1&UserName=Fred Jones&UserEmail=fred.jones@test.com&PatientId=patient- 1&Timestamp=Fri%2C+30+Oct+2015+17%3A51%3A02+GMT&Token=UGF0aWVudElkPXBhdGllbnQtMSZVc2 VySWQ9dXNlci0xJlVzZXJOYW1lPUZyZWQgSm9uZXMmVXNlckVtYWlsPWZyZWQuam9uZXNAdGVzdC5jb20m VGltZXN0YW1wPTIwMDgtMTEtMDFUMTk6MzU6MDAuMDAwMDAwMC0wNzowMA== 3. Creating Token The Token parameter is created by hashing the concatenation of the rest of the parameters and then digitally signing that hash and finally converting the signed bytes to a Base64 string. We require the SHA-1 algorithm for performing the hash. You must have a valid API key for each organization and the API Key must be the last parameter. The names and values are case sensitive and must be posted in the same order as they are in the token. The format of the concatenation of the parameters is parameter-name=value with an & in-between each parameter: PatientId=123 &UserId=user-Id &UserName=Fred Jones &UserEmail=fred.jones@test.com &Timestamp=Fri, 30 Oct 2015 17:51:02 GMT &ApiKey=MKSL6EWVFQ3JZNDDJLLXRPVKPHOPQJBP9CF1O1SY2E Then you would use that string as input to the SHA-1 algorithm to create the hash value of that string. And then you would sign that hash using a Certificate. 4

After signing the string, the ApiKey should be removed from the string. Here is example C# code for performing the hashing and digital signature using a certificate: public static string SignWithCertificate(string text) { // Open certificate store of current user var my = new X509Store(StoreName.My, StoreLocation.LocalMachine); my.open(openflags.readonly); // Look for the certificate with specific subject var csp = my.certificates.cast<x509certificate2>().where(cert => cert.subject.contains("cn=trustedcert")).select(cert => (RSACryptoServiceProvider)cert.PrivateKey).FirstOrDefault(); // Hash the data var sha1 = new SHA1Managed(); var data = Encoding.Unicode.GetBytes(text); var hash = sha1.computehash(data); } // Sign the hash var signedbytes = csp.signhash(hash, CryptoConfig.MapNameToOID("SHA1")); return Convert.ToBase64String(signedBytes); 4. Release Notes V1.2 o AssessmentType was added and is required if AssessmentId is specified. o AssessmentId is optional again. V1.1 o UserEmail is no longer optional o AssessmentId is no longer optional, access to the patient list screen is no longer available. o Timestamp format was changed to use standard RFC 1123 "ddd, dd MMM yyyy HH':'mm':'ss 'GMT'" 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback