Skip to main content


persistent class HS.IHE.XUA.Config extends %Library.Persistent, %XML.Adaptor, HS.Sync.BaseClass, %Library.GlobalIdentifier

SQL Table Name: HS_IHE_XUA.Config

Property Inventory


parameter SYNCORDER = 80;
Inherited description: The XMLIGNOREINVALIDTAG parameter allows the programmer to control handling of unexpected elements in the XML input. The XMLIGNOREINVALIDTAG parameter will only take affect if XMLSEQUENCE = 0 (the default). By default (XMLIGNOREINVALIDTAG = 0), will treat an unexpected element as an error. If XMLIGNOREINVALIDTAG is set = 1 and XMLSEQUENCE = 0, then unexpected elements will be ignored.
parameter XMLIGNORENULL = inputonly;
Inherited description: XMLIGNORENULL allows the programmer to override the default XML handling of empty strings for properties of type %String. By default (XMLIGNORENULL = 0), empty strings in the XML input are stored as $c(0) and $c(0) is written to XML as an empty tag. A missing tag in the XML input is always stored as "" and "" is always output to XML as no tag.

If XMLIGNORENULL is set = 1, then both missing tags in the XML and empty strings are input as "", and both "" and $c(0) are output as empty tags (i.e. <tag></tag>).

If XMLIGNORENULL is set = "inputonly", then both missing tags in the XML and empty strings are input as "". Output of "" and $c(0) are for XMLIGNORENULL = 0: $c(0) is output as an empty tag (i.e. <tag></tag>) and "" is output as no tag.

If XMLIGNORENULL = "runtime" (runtime is not case sensitive), then the behavior of XMLIGNORENULL is determined by the format parameter of XMLExport, XMLImport and %XML.Reader.OpenFile. The default behavior for XMLIGNORENULL="runtime is the same as XMLIGNORENULL=0. Adding "ignorenull" to the format argument changes the behavior to that of XMLIGNORENULL=1. "ignorenull" shoud be separated by a comma from literal/encoded part of the format. Example values for format are "", ",ignorenull", "literal,ignorenull" and "encoded,ignorenull". Note that "inputonly" is equivalent to using ,ignorenull for XMLExport and not for %XML.Reader.


property CheckSignerIdentity as %Boolean [ InitialExpression = 1 ];
If this property is true and RequireSignature is true, inspect the KeyInfo on the signature as part of the signature validation. The assertion will only pass validation if it is possible to identify the signer from the KeyInfo and the signer's credentials are trusted.
If this setting is false, a signature which includes a reference to an X.509 certificate will still have the certificate checked against Cache's list of trusted certificates, but signatures which are signed with only an RSA public key, or with symmetric encryption, will pass validation without attempting to identify the signer.
It is strongly recommended to set CheckSignerIdentity to true if RequireSignature is set to true.
Property methods: CheckSignerIdentityDisplayToLogical(), CheckSignerIdentityGet(), CheckSignerIdentityGetStored(), CheckSignerIdentityIsValid(), CheckSignerIdentityLogicalToDisplay(), CheckSignerIdentityLogicalToXSD(), CheckSignerIdentityNormalize(), CheckSignerIdentitySet(), CheckSignerIdentityXSDToLogical()
property DefaultSecurityDomain as %String;
Processor default security domain
Property methods: DefaultSecurityDomainDisplayToLogical(), DefaultSecurityDomainGet(), DefaultSecurityDomainGetStored(), DefaultSecurityDomainIsValid(), DefaultSecurityDomainLogicalToDisplay(), DefaultSecurityDomainLogicalToOdbc(), DefaultSecurityDomainNormalize(), DefaultSecurityDomainSet()
property DomainPrefix as %String [ InitialExpression = "%HS " ];
Optional: A prefix to append to the security domain name. Use this to use "internal" HealthShare security domains which allow assigning roles/groups to a user
Property methods: DomainPrefixDisplayToLogical(), DomainPrefixGet(), DomainPrefixGetStored(), DomainPrefixIsValid(), DomainPrefixLogicalToDisplay(), DomainPrefixLogicalToOdbc(), DomainPrefixNormalize(), DomainPrefixSet()
property Issuer as %String (MAXLEN = 255);
String to use for the SAML Issuer's name. Either SAMLIssuer should be set to a string containing the distinguished name of the RHIO's certificate, OR SAMLIssuerX509 should contain the alias of an X.509 certificate which references the RHIO's certificate. If both are set to "", an error will be reported when creating new tokens. SAMLIssuer takes precedence over SAMLIssuerX509.
Property methods: IssuerDisplayToLogical(), IssuerGet(), IssuerGetStored(), IssuerIsValid(), IssuerLogicalToDisplay(), IssuerLogicalToOdbc(), IssuerNormalize(), IssuerSet()
property IssuerX509 as %String;
Alias for an X.509 certificate object which will be used for the SAML Issuer, and for signing the created token if the SignCreatedAssertion parameter is true. Either SAMLIssuer should be set to a string containing the distinguished name of the RHIO's certificate, OR SAMLIssuerX509 should contain the alias of an X509 certificate which references the RHIO's certificate. If both are set to "", an error will be reported when creating new tokens.
Property methods: IssuerX509DisplayToLogical(), IssuerX509Get(), IssuerX509GetStored(), IssuerX509IsValid(), IssuerX509LogicalToDisplay(), IssuerX509LogicalToOdbc(), IssuerX509Normalize(), IssuerX509Set()
property Name as %String [ Required ];
Configuration name MyRHIO, or A_RHIO_to_connect
Property methods: NameDisplayToLogical(), NameGet(), NameGetStored(), NameIsValid(), NameLogicalToDisplay(), NameLogicalToOdbc(), NameNormalize(), NameSet()
property OrganizationOID as HS.Data.OIDMap;
The organization identified on an inbound message (could be an OID, could be a URL)
Property methods: OrganizationOIDGet(), OrganizationOIDGetObject(), OrganizationOIDGetObjectId(), OrganizationOIDGetStored(), OrganizationOIDGetSwizzled(), OrganizationOIDIsValid(), OrganizationOIDNewObject(), OrganizationOIDSet(), OrganizationOIDSetObject(), OrganizationOIDSetObjectId(), OrganizationOIDUnSwizzle()
property OrganizationURL as %String (MAXLEN = 255);
If the organization-id is a URL
Property methods: OrganizationURLDisplayToLogical(), OrganizationURLGet(), OrganizationURLGetStored(), OrganizationURLIsValid(), OrganizationURLLogicalToDisplay(), OrganizationURLLogicalToOdbc(), OrganizationURLNormalize(), OrganizationURLSet()
property RequireSignature as %Boolean;
Property methods: RequireSignatureDisplayToLogical(), RequireSignatureGet(), RequireSignatureGetStored(), RequireSignatureIsValid(), RequireSignatureLogicalToDisplay(), RequireSignatureLogicalToXSD(), RequireSignatureNormalize(), RequireSignatureSet(), RequireSignatureXSDToLogical()
property SAMLCreatorClass as %String (MAXLEN = 255);
When defined it will be the class used to create the SAML assertion
Property methods: SAMLCreatorClassDisplayToLogical(), SAMLCreatorClassGet(), SAMLCreatorClassGetStored(), SAMLCreatorClassIsValid(), SAMLCreatorClassLogicalToDisplay(), SAMLCreatorClassLogicalToOdbc(), SAMLCreatorClassNormalize(), SAMLCreatorClassSet()
property SAMLProcessorClass as %String (MAXLEN = 255);
The organization OID or organization URL will be used to locate the configuration entry and thus the Processor Class This is a class which extends HS.IHE.XUA.Creator or the older form of HS.CHIxP.SAML.SAMLProcessor
Property methods: SAMLProcessorClassDisplayToLogical(), SAMLProcessorClassGet(), SAMLProcessorClassGetStored(), SAMLProcessorClassIsValid(), SAMLProcessorClassLogicalToDisplay(), SAMLProcessorClassLogicalToOdbc(), SAMLProcessorClassNormalize(), SAMLProcessorClassSet()
property SignCreatedAssertion as %Boolean [ InitialExpression = 0 ];
Controls whether created Assertions will be signed. This requires the SAMLIssuerX509 parameter to refer to a valid set of X.509 credentials, and that SAMLIssuer = "", as SAMLIssuer takes precedence over SAMLIssuerX509.
Property methods: SignCreatedAssertionDisplayToLogical(), SignCreatedAssertionGet(), SignCreatedAssertionGetStored(), SignCreatedAssertionIsValid(), SignCreatedAssertionLogicalToDisplay(), SignCreatedAssertionLogicalToXSD(), SignCreatedAssertionNormalize(), SignCreatedAssertionSet(), SignCreatedAssertionXSDToLogical()
property UseWSSSignature as %Boolean [ InitialExpression = 1 ];
Controls whether created Assertions will be signed with the WSSecuritySignature or the Signature. Signing still requires SignCreatedAssertion to be set to true, and the IssuerX509 parameter to refer to a valid set of X.509 credentials.
Property methods: UseWSSSignatureDisplayToLogical(), UseWSSSignatureGet(), UseWSSSignatureGetStored(), UseWSSSignatureIsValid(), UseWSSSignatureLogicalToDisplay(), UseWSSSignatureLogicalToXSD(), UseWSSSignatureNormalize(), UseWSSSignatureSet(), UseWSSSignatureXSDToLogical()


query ConfigurationInUseCount(pConfigID)
SQL Query:
SELECT Count(*) from HS_Registry_Service.SOAP where XUAConfiguration = :pConfigID
query Items()
SQL Query:
SELECT %ID,Name, OrganizationOID->IdentityCode as Organization,SAMLCreatorClass as CreatorClass, SAMLProcessorClass as ProcessorClass FROM Config ORDER BY Name


index (IDKEY on ) [IdKey, Type = key];
Index methods: IDKEYCheck(), IDKEYDelete(), IDKEYExists(), IDKEYOpen(), IDKEYSQLCheckUnique(), IDKEYSQLExists(), IDKEYSQLFindPKeyByConstraint(), IDKEYSQLFindRowIDByConstraint()
index (NameIndex on Name);
Index methods: NameIndexExists()
index (OrganizationOIDIndex on OrganizationOID) [Unique];
Index methods: OrganizationOIDIndexCheck(), OrganizationOIDIndexCheckUnique(), OrganizationOIDIndexDelete(), OrganizationOIDIndexExists(), OrganizationOIDIndexOpen(), OrganizationOIDIndexSQLCheckUnique(), OrganizationOIDIndexSQLExists(), OrganizationOIDIndexSQLFindPKeyByConstraint(), OrganizationOIDIndexSQLFindRowIDByConstraint()

Inherited Members

Inherited Methods


Storage Model: Storage (HS.IHE.XUA.Config)

FeedbackOpens in a new tab