Skip to main content

HS.IHE.XUA.Config

persistent class HS.IHE.XUA.Config extends %Library.Persistent, %XML.Adaptor, HS.Sync.BaseClass, %Library.GlobalIdentifier

SQL Table Name: HS_IHE_XUA.Config

Property Inventory

Method Inventory

Parameters

parameter SYNCORDER = 80;
parameter XMLIGNOREINVALIDTAG = 1;
Inherited description: The XMLIGNOREINVALIDTAG parameter allows the programmer to control handling of unexpected elements in the XML input. The XMLIGNOREINVALIDTAG parameter will only take affect if XMLSEQUENCE = 0 (the default). By default (XMLIGNOREINVALIDTAG = 0), will treat an unexpected element as an error. If XMLIGNOREINVALIDTAG is set = 1 and XMLSEQUENCE = 0, then unexpected elements will be ignored.
parameter XMLIGNORENULL = inputonly;
Inherited description: XMLIGNORENULL allows the programmer to override the default XML handling of empty strings for properties of type %String. By default (XMLIGNORENULL = 0), empty strings in the XML input are stored as $c(0) and $c(0) is written to XML as an empty tag. A missing tag in the XML input is always stored as "" and "" is always output to XML as no tag.

If XMLIGNORENULL is set = 1, then both missing tags in the XML and empty strings are input as "", and both "" and $c(0) are output as empty tags (i.e. <tag></tag>).

If XMLIGNORENULL is set = "inputonly", then both missing tags in the XML and empty strings are input as "". Output of "" and $c(0) are for XMLIGNORENULL = 0: $c(0) is output as an empty tag (i.e. <tag></tag>) and "" is output as no tag.

If XMLIGNORENULL = "runtime" (runtime is not case sensitive), then the behavior of XMLIGNORENULL is determined by the format parameter of XMLExport, XMLImport and %XML.Reader.OpenFile. The default behavior for XMLIGNORENULL="runtime is the same as XMLIGNORENULL=0. Adding "ignorenull" to the format argument changes the behavior to that of XMLIGNORENULL=1. "ignorenull" shoud be separated by a comma from literal/encoded part of the format. Example values for format are "", ",ignorenull", "literal,ignorenull" and "encoded,ignorenull". Note that "inputonly" is equivalent to using ,ignorenull for XMLExport and not for %XML.Reader.

Properties

property CheckSignerIdentity as %Boolean [ InitialExpression = 1 ];
Processor
If this property is true and RequireSignature is true, inspect the KeyInfo on the signature as part of the signature validation. The assertion will only pass validation if it is possible to identify the signer from the KeyInfo and the signer's credentials are trusted.
If this setting is false, a signature which includes a reference to an X.509 certificate will still have the certificate checked against Cache's list of trusted certificates, but signatures which are signed with only an RSA public key, or with symmetric encryption, will pass validation without attempting to identify the signer.
It is strongly recommended to set CheckSignerIdentity to true if RequireSignature is set to true.
Property methods: CheckSignerIdentityDisplayToLogical(), CheckSignerIdentityGet(), CheckSignerIdentityGetStored(), CheckSignerIdentityIsValid(), CheckSignerIdentityLogicalToDisplay(), CheckSignerIdentityLogicalToXSD(), CheckSignerIdentityNormalize(), CheckSignerIdentitySet(), CheckSignerIdentityXSDToLogical()
property DefaultSecurityDomain as %String;
Processor default security domain
Property methods: DefaultSecurityDomainDisplayToLogical(), DefaultSecurityDomainGet(), DefaultSecurityDomainGetStored(), DefaultSecurityDomainIsValid(), DefaultSecurityDomainLogicalToDisplay(), DefaultSecurityDomainLogicalToOdbc(), DefaultSecurityDomainNormalize(), DefaultSecurityDomainSet()
property DomainPrefix as %String [ InitialExpression = "%HS " ];
Processor
Optional: A prefix to append to the security domain name. Use this to use "internal" HealthShare security domains which allow assigning roles/groups to a user
Property methods: DomainPrefixDisplayToLogical(), DomainPrefixGet(), DomainPrefixGetStored(), DomainPrefixIsValid(), DomainPrefixLogicalToDisplay(), DomainPrefixLogicalToOdbc(), DomainPrefixNormalize(), DomainPrefixSet()
property Issuer as %String (MAXLEN = 255);
String to use for the SAML Issuer's name. Either SAMLIssuer should be set to a string containing the distinguished name of the RHIO's certificate, OR SAMLIssuerX509 should contain the alias of an X.509 certificate which references the RHIO's certificate. If both are set to "", an error will be reported when creating new tokens. SAMLIssuer takes precedence over SAMLIssuerX509.
Property methods: IssuerDisplayToLogical(), IssuerGet(), IssuerGetStored(), IssuerIsValid(), IssuerLogicalToDisplay(), IssuerLogicalToOdbc(), IssuerNormalize(), IssuerSet(), IssuerX509DisplayToLogical(), IssuerX509Get(), IssuerX509GetStored(), IssuerX509IsValid(), IssuerX509LogicalToDisplay(), IssuerX509LogicalToOdbc(), IssuerX509Normalize(), IssuerX509Set()
property IssuerX509 as %String;
Alias for an X.509 certificate object which will be used for the SAML Issuer, and for signing the created token if the SignCreatedAssertion parameter is true. Either SAMLIssuer should be set to a string containing the distinguished name of the RHIO's certificate, OR SAMLIssuerX509 should contain the alias of an X509 certificate which references the RHIO's certificate. If both are set to "", an error will be reported when creating new tokens.
Property methods: IssuerX509DisplayToLogical(), IssuerX509Get(), IssuerX509GetStored(), IssuerX509IsValid(), IssuerX509LogicalToDisplay(), IssuerX509LogicalToOdbc(), IssuerX509Normalize(), IssuerX509Set()
property Name as %String [ Required ];
Configuration name MyRHIO, or A_RHIO_to_connect
Property methods: NameDisplayToLogical(), NameGet(), NameGetStored(), NameIndexExists(), NameIsValid(), NameLogicalToDisplay(), NameLogicalToOdbc(), NameNormalize(), NameSet()
property OrganizationOID as HS.Data.OIDMap;
The organization identified on an inbound message (could be an OID, could be a URL)
Property methods: OrganizationOIDGet(), OrganizationOIDGetObject(), OrganizationOIDGetObjectId(), OrganizationOIDGetStored(), OrganizationOIDGetSwizzled(), OrganizationOIDIndexCheck(), OrganizationOIDIndexCheckUnique(), OrganizationOIDIndexDelete(), OrganizationOIDIndexExists(), OrganizationOIDIndexOpen(), OrganizationOIDIndexSQLCheckUnique(), OrganizationOIDIndexSQLExists(), OrganizationOIDIndexSQLFindPKeyByConstraint(), OrganizationOIDIndexSQLFindRowIDByConstraint(), OrganizationOIDIsValid(), OrganizationOIDNewObject(), OrganizationOIDSet(), OrganizationOIDSetObject(), OrganizationOIDSetObjectId(), OrganizationOIDUnSwizzle()
property OrganizationURL as %String (MAXLEN = 255);
If the organization-id is a URL
Property methods: OrganizationURLDisplayToLogical(), OrganizationURLGet(), OrganizationURLGetStored(), OrganizationURLIsValid(), OrganizationURLLogicalToDisplay(), OrganizationURLLogicalToOdbc(), OrganizationURLNormalize(), OrganizationURLSet()
property RequireSignature as %Boolean;
Property methods: RequireSignatureDisplayToLogical(), RequireSignatureGet(), RequireSignatureGetStored(), RequireSignatureIsValid(), RequireSignatureLogicalToDisplay(), RequireSignatureLogicalToXSD(), RequireSignatureNormalize(), RequireSignatureSet(), RequireSignatureXSDToLogical()
property SAMLCreatorClass as %String (MAXLEN = 255);
When defined it will be the class used to create the SAML assertion
Property methods: SAMLCreatorClassDisplayToLogical(), SAMLCreatorClassGet(), SAMLCreatorClassGetStored(), SAMLCreatorClassIsValid(), SAMLCreatorClassLogicalToDisplay(), SAMLCreatorClassLogicalToOdbc(), SAMLCreatorClassNormalize(), SAMLCreatorClassSet()
property SAMLProcessorClass as %String (MAXLEN = 255);
The organization OID or organization URL will be used to locate the configuration entry and thus the Processor Class This is a class which extends HS.IHE.XUA.Creator or the older form of HS.CHIxP.SAML.SAMLProcessor
Property methods: SAMLProcessorClassDisplayToLogical(), SAMLProcessorClassGet(), SAMLProcessorClassGetStored(), SAMLProcessorClassIsValid(), SAMLProcessorClassLogicalToDisplay(), SAMLProcessorClassLogicalToOdbc(), SAMLProcessorClassNormalize(), SAMLProcessorClassSet()
property SignCreatedAssertion as %Boolean [ InitialExpression = 0 ];
Controls whether created Assertions will be signed. This requires the SAMLIssuerX509 parameter to refer to a valid set of X.509 credentials, and that SAMLIssuer = "", as SAMLIssuer takes precedence over SAMLIssuerX509.
Property methods: SignCreatedAssertionDisplayToLogical(), SignCreatedAssertionGet(), SignCreatedAssertionGetStored(), SignCreatedAssertionIsValid(), SignCreatedAssertionLogicalToDisplay(), SignCreatedAssertionLogicalToXSD(), SignCreatedAssertionNormalize(), SignCreatedAssertionSet(), SignCreatedAssertionXSDToLogical()
property UseWSSSignature as %Boolean [ InitialExpression = 1 ];
Creator
Controls whether created Assertions will be signed with the WSSecuritySignature or the Signature. Signing still requires SignCreatedAssertion to be set to true, and the IssuerX509 parameter to refer to a valid set of X.509 credentials.
Property methods: UseWSSSignatureDisplayToLogical(), UseWSSSignatureGet(), UseWSSSignatureGetStored(), UseWSSSignatureIsValid(), UseWSSSignatureLogicalToDisplay(), UseWSSSignatureLogicalToXSD(), UseWSSSignatureNormalize(), UseWSSSignatureSet(), UseWSSSignatureXSDToLogical()

Methods

method AddSAMLAssertions(pRequest As HS.Message.XMLMessage, pWebRequest As %SOAP.WebRequest, pSendSAMLAssertion As %Integer = 0) as %Status
Add SAML Assertions to the outgoing Security header based on the value of SendSAMLAssertions, SAMLIssuer.
classmethod FindConfiguration(pOrganizationID="") as HS.IHE.XUA.Config
classmethod GetProcessor(pOrganizationID) as HS.IHE.XUA.Processor

Queries

query ConfigurationInUseCount(pConfigID)
SQL Query:
SELECT Count(*) from HS_Registry_Service.SOAP where XUAConfiguration = :pConfigID
query Items()
SQL Query:
SELECT %ID,Name, OrganizationOID->IdentityCode as Organization,SAMLCreatorClass as CreatorClass, SAMLProcessorClass as ProcessorClass FROM Config ORDER BY Name

Indexes

index (IDKEY on ) [IdKey, Type = key];
Index methods: IDKEYCheck(), IDKEYDelete(), IDKEYExists(), IDKEYOpen(), IDKEYSQLCheckUnique(), IDKEYSQLExists(), IDKEYSQLFindPKeyByConstraint(), IDKEYSQLFindRowIDByConstraint()
index (NameIndex on Name);
Index methods: NameIndexExists()
index (OrganizationOIDIndex on OrganizationOID) [Unique];
Index methods: OrganizationOIDIndexCheck(), OrganizationOIDIndexCheckUnique(), OrganizationOIDIndexDelete(), OrganizationOIDIndexExists(), OrganizationOIDIndexOpen(), OrganizationOIDIndexSQLCheckUnique(), OrganizationOIDIndexSQLExists(), OrganizationOIDIndexSQLFindPKeyByConstraint(), OrganizationOIDIndexSQLFindRowIDByConstraint()

Inherited Members

Inherited Methods

Storage

Storage Model: Storage (HS.IHE.XUA.Config)

^HS.IHE.XUA.ConfigD(ID)
=
%%CLASSNAME
ConfigurationName
OrganizationOID
SAMLCreatorClass
SAMLProcessorClass
Host
Port
RHIOName
SAMLIssuer
SAMLIssuerX509
SignCreatedAssertion
SAMLSpecification
SendSAMLAssertion
Name
DefaultSecurityDomain
DomainPrefix
ValidationSpecification
Issuer
IssuerX509
Specification
SendingHost
OrganizationURL
RequireSignature
CheckSignerIdentity
UseWSSSignature
FeedbackOpens in a new tab