Configuring IdP Settings for the Clinician Window BFF Server - Hyland Clinician Window - 23.1 - 23.1 - Other - external

Hyland Clinician Window

Platform
Other
Product
Hyland Clinician Window
Release
23.1
License

The Clinician Window BFF must be configured to share secrets with the Hyland IdP server for the Token Exchange client connection and the Token Introspection API resource. The Token Exchange client connection and the Token Introspection API resource must be created prior to performing these steps. See the following topics on creating these items:

To configure IdP settings for the Clinician Window BFF server:

  1. Open the appsettings.Production.json file of the Clinician Window BFF server in a plain-text editor. In a default installation, this file is located at: C:\Program Files\Hyland\CW_BFF
  2. Locate the IdP element.
  3. Enter the endpoint of the Hyland IdP server as the value for the Url attribute. This value is case sensitive. For example, if your domain is my.domain, the Hyland IdP application name is identityprovider, and the environment is configured for secure connections, then the value is: https://my.domain/identityprovider
  4. Locate the TokenExchangeConfiguration element.
  5. Configure the settings as indicated in the table:

    Setting

    Description

    ClientId

    Paste the token exchange client ID value you copied from the Hyland IdP server. For example:

    "ClientId": "02c62adb-e039-43f1-bfba-2c15ec750bf9"

    This is the unique ID of the token exchange client connection on the Hyland IdP server. This value is case sensitive and must match exactly the value on the Hyland IdP server.

    Scope

    Allowed scopes. Set to the following:

    "Scope": "openid evolution group"
    Note:

    If you are using an existing NilRead environment with Clinician Window, then you also must add the nilread scope.

    Secrets | Value

    The plain-text value of the client secret assigned to the token exchange client connection configured in the IdP Admin interface. You must enter the plain-text value, not the hashed value that is displayed after saving your client secret configuration settings in the IdP Admin interface. For example:

    "Name": "TokenExchangeClientSecret",
    "Value": "MyTokenExchangeClientConnectionSecret"
  6. Locate the TokenIntrospectionConfiguration element.
  7. Configure the settings as indicated in the table:

    Setting

    Description

    ApiResource

    Enter the name of the referencelogout API resource configured on the Hyland IdP server. For example:

    "ApiResource": "referencelogout",
    Secrets | Value

    The plain-text value of the referencelogout API resource secret configured in the IdP Admin interface. You must enter the plain-text value, not the hashed value that is displayed after saving your client secret configuration settings in the IdP Admin interface. For example:

    "Name": "TokenIntrospectionClientSecret",
    "Value": "MyAPIResourceSecret"
  8. Save and close the appsettings.Production.json file.
  9. Recycle the application pool of the Clinician Window BFF server for the changes to take effect.