Configuring the IdP Client for Token Exchange - Hyland Clinician Window - 23.1 - 23.1 - Other - external

Hyland Clinician Window

Platform
Other
Product
Hyland Clinician Window
Release
23.1
License

The Clinician Window BFF server requires a separate token exchange client connection configured on the Hyland IdP server.

To configure an IdP client for token exchange:

  1. Create a client connection on the Hyland IdP server for the Clinician Window BFF server to use with token exchange.
    Tip:

    Complete details on configuring a client connection on the Hyland IdP server are documented in the separate Identity and Access Management Services documentation.

    The client connection must have the following settings, as well as any standard required settings. All other settings can be left with the default values.

    Setting

    Value

    Redirect URLs

    Enter an asterisk (*) to allow all URLs to return token or authorization codes.

    Protocol Type

    oidc

    Allowed Grant Types

    Select Token Exchange

    Allowed Scopes

    evolution, group, onbaseapi, openid, profile, hc.config.read, hc.config.write

    Note:

    If you are using an existing NilRead environment with Clinician Window, then you also must add the nilread scope.

    Allow users to log in locally

    Select Allow users to log in locally

    Allow clients to request a refresh token

    Select Allow clients to request a refresh token

    Allow issuing access tokens to browsers

    Select Allow issuing access tokens to browsers

    Post Logout Redirect URLs

    Enter an asterisk (*) to allow all URLs to return token or authorization codes.

    Front Channel Logout requires session ID

    Select Front Channel Logout requires session ID

    Back Channel Logout requires session ID

    Select Back Channel Logout requires session ID

    Refresh Token Usage Select OneTimeOnly

    Include user claims in ID token

    Select Include user claims in ID token

    Client Secret must be present

    Select Client Secret must be present

  2. After saving the client connection, copy the Client ID value to the clipboard by clicking the icon at the right of the Client ID field.

    You will need this value in the Configuring IdP Settings for the Clinician Window BFF Server procedure.

  3. Create a client secret on the Hyland IdP server for the Clinician Window BFF server client connection to use for token exchange.
    Tip: Complete details on configuring a client secret on the Hyland IdP server are documented in the separate Identity and Access Management Services documentation.
  4. Recycle the application pool of the Hyland IdP server for the changes to take effect.