The Clinician Window BFF server requires a separate token exchange client connection configured on the Hyland IdP server.
To configure an IdP client for token exchange:
-
Create a client connection on the Hyland IdP server for the Clinician Window
BFF server to use with token exchange.
Tip:
Complete details on configuring a client connection on the Hyland IdP server are documented in the separate Identity and Access Management Services documentation.
The client connection must have the following settings, as well as any standard required settings. All other settings can be left with the default values.
Setting
Value
Redirect URLs
Enter an asterisk (*) to allow all URLs to return token or authorization codes.
Protocol Type
oidc
Allowed Grant Types
Select Token Exchange
Allowed Scopes
evolution, group, onbaseapi, openid, profile, hc.config.read, hc.config.write
Note:If you are using an existing NilRead environment with Clinician Window, then you also must add the nilread scope.
Allow users to log in locally
Select Allow users to log in locally
Allow clients to request a refresh token
Select Allow clients to request a refresh token
Allow issuing access tokens to browsers
Select Allow issuing access tokens to browsers
Post Logout Redirect URLs
Enter an asterisk (*) to allow all URLs to return token or authorization codes.
Front Channel Logout requires session ID
Select Front Channel Logout requires session ID
Back Channel Logout requires session ID
Select Back Channel Logout requires session ID
Refresh Token Usage Select OneTimeOnly Include user claims in ID token
Select Include user claims in ID token
Client Secret must be present
Select Client Secret must be present
-
After saving the client connection, copy the Client ID
value to the clipboard by clicking the icon at the right of the
Client ID field.
You will need this value in the Configuring IdP Settings for the Clinician Window BFF Server procedure.
-
Create a client secret on the Hyland IdP server for the Clinician Window BFF
server client connection to use for token exchange.
Tip: Complete details on configuring a client secret on the Hyland IdP server are documented in the separate Identity and Access Management Services documentation.
- Recycle the application pool of the Hyland IdP server for the changes to take effect.