This type of provider allows the Hyland IdP server to retrieve access tokens from the FHIR authentication server on behalf of the clients using the FHIR JWT Bearer Authorization grant type. For more information on configuring grant types for a client connection, see Configuring a Client Connection on the Hyland IdP Server.
To configure the Hyland IdP server to use FHIR JWT Bearer:
-
Launch the Hyland IdP Administration client and log in (see Accessing the Hyland IdP Administration Client).
Upon successfully logging in, the tenant, provider, client connection, and API resource information is displayed. In a wide display, the tenant information is in the left pane and the providers, client connections, and API resources configured for that tenant are listed in the right pane. In a narrow display, the tenant information is at the top of the page and the provider, client connection, and API resource information is below it.
-
Click the Provider tab to view the providers currently
configured for the tenant. The number of providers configured is displayed in
parenthesis in the tab heading.
-
If this is a new provider, click Add New at the upper
right of the providers list.
If you are configuring an existing provider, click its name in the list of providers.
The Provider configuration page is displayed. It is divided into the Basic Settings and Protocol areas. In a wide display, the Basic Settings area is on the left. In a narrow display, the Basic Settings area is at the top of the page.
- Under Protocol, select FHIR JWT Bearer from the Type drop-down list. The specific settings for FHIR JWT bearer providers are displayed.
- Under Basic Settings, enter a unique name for the provider. This value is required and must only contain alphanumeric characters, spaces, hyphens (-), or underscores ( _ ).
-
Under FHIR Client Configuration, configure the following
options.
Option
Description
Discovery Document Endpoint
The discovery document endpoint of the FHIR authentication server. This setting is required. The endpoint must begin with http:// or https://.
For example, if the base path of the FHIR authentication server is my.basepath, and the environment is configured for secure connections, then the value is: https://my.basepath/.well-known/openid-configuration
Client IDs
The list of client IDs registered on the FHIR authentication server. At least one client ID is required.
- Click Save in the lower right corner of the page.
- Recycle the application pool of the Hyland IdP server in IIS for the changes to take effect.