Configuring Patient Window for AD FS - Legacy Authentication Methods - Foundation 23.1 - Foundation 23.1 - Ready - OnBase - Essential - Premier - Standard - external - Standard - Essential - Premier

Legacy Authentication Methods

Platform
OnBase
Product
Legacy Authentication Methods
Release
Foundation 23.1
License
Standard
Essential
Premier

Before configuring the OnBase Patient Window for AD FS, you must first create a separate Relying Party Trust on the AD FS server for the OnBase Patient Window.

To configure the OnBase Patient Window for AD FS:

  1. Create a backup of the OnBase Patient Window's Web.config file.
  2. Open the live Web.config file in a text editor.
  3. Within the system.web element, uncomment the following sections:

    <authentication mode="None" />

    <authorization>

    <deny users="?" />

    </authorization>

  4. Within the webServices element, uncomment the soapExtensionTypes element.
  5. Within the system.webServer element, uncomment the following sections:

    <add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />

    <add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />

  6. In the appSettings element, set EnableAutoLogin to true.
  7. In the Hyland.Authentication element, set Enabled to true.
  8. Uncomment the system.identityModel element. Configure the following settings within this element:
    1. Set the audienceUris value to the OnBase Patient Window address.
    2. Within the trustedIssuers element, set the thumbprint value to the thumbprint of the Token Signing Certificate. Set the name value to the name of the Federation Service Identifier. These values can be found in the Microsoft AD FS administration tool.
  9. Uncomment the system.identityModel.services element. Configure the following settings within this element:
    1. Within the wsFederation element, set the issuer value to your AD FS server address, and the realm value to your OnBase Patient Window address.
    2. Within the certificateReference element, set the findValue to the thumbprint of the encryption certificate used when adding the relying party trust.
    Tip:

    The thumbprint value can be found in the Microsoft AD FS administration utility. It is the same as the previous thumbprint value used in the trustedIssuers element.