On this page:

14.2Associated Module Configurations

 

The Application Gallery module interacts with other modules in Smile CDR. It is important that the configurations of the associated modules be set accordingly so that the Application Gallery module will function correctly.

Configuration of JSON Admin API module

The admin_json module is in a standard Smile installation. If it is not installed, learn more about installing it here.

The admin_json module has several configurable sections.

Ensure the following are assigned for the respective configurable sections:

HTTP Listener

  • Listener Port (e.g., 19000)
  • Context Path (e.g., /json-admin)
  • Endpoint Health Path (e.g., /endpoint-health)
  • Respect Forward Headers toggled to “Yes”

Cross-Origin Resource Sharing (CORS)

  • CORS Enabled toggled to “Yes”
  • CORS Origins: [comma-separated list of allowable URLs is recommended, however the wildcard value “*” can be used for testing]

Auth: General for APIs

  • Allow Anonymous Access toggled to “Yes”
  • Anonymous Account Username: “ANONYMOUS”

Auth: HTTP Basic

  • HTTP Basic Security toggled to “Yes”
  • HTTP Basic Realm: Smile CDR (by default but configurable; learn more here

Auth: OpenID Connect

  • OpenID Connect Security toggled to “Yes”

Dependencies

  • Username/Password Authentication: from the dropdown, select local_security (Local Inbound Security)
  • OpenID Connect Authentication: from the dropdown, select smart_auth (SMART Outbound Security)

After the configurations have been made, select “Save” at the top of the page to get redirected to the “Configuration” page. A confirmation message would be displayed for the newly added module. It is recommended to “Restart” the module if any changes are made.

On the same page, the newly added admin_json module will be displayed under the “Manage Node Modules” table and in the Administrative Modules section in the menu pane on the left with a green checkmark :heavy_check_mark: icon to indicate a correctly functioning module.

Configuration of FHIR Endpoint Module

The fhir_endpoint module is included in a standard Smile installation. If it does not come pre-installed, learn more about installing it here

The fhir_endpoint module has the following configurable sections:

  • HTTP Listener
  • TLS / SSL (Encryption)
  • HTTP Request Pool
  • Cross-Origin Resource Sharing (CORS)
  • HTTP Security
  • HTTP Access Log
  • FHIR REST Endpoint
  • Interceptors
  • Browser Syntax Highlighting
  • Endpoint Validation: Request Validating
  • Auth: General for APIs
  • Auth: HTTP Basic
  • Auth: OpenID Connect
  • Trusted Client
  • FHIR Endpoint Partitioning
  • FHIR Endpoint Security
  • FHIR Endpoint Conversion
  • Endpoint Terminology
  • Consent Service
  • Capability Statement
  • Dependencies

Ensure the following are assigned for the respective configurable sections:

HTTP Listener section

  • Listener Port (e.g., 18000)
  • Context Path (e.g., /fhir-request)
  • Endpoint Health Path (e.g., /endpoint-health)
  • Respect Forward Headers toggled to “Yes”

Cross-Origin Resource Sharing (CORS)

  • CORS Enabled toggled to “Yes”
  • CORS Origins: [comma-separated list of allowable URLs is recommended, however the wildcard value “*” can be used for testing]

FHIR REST Endpoint

  • Pretty-Print by Default toggled to “Yes”
  • Default Encoding: from the dropdown select “JSON”
  • Default Prefer Return: from the dropdown, select “REPRESENTATION”

Browser Syntax Highlighting

  • Browser Syntax Highlighting Enabled toggled to “Yes”
  • Show Response Headers toggled to “Yes”

Auth: General for APIs

  • Allow Anonymous Access toggled to “Yes”
  • Anonymous Account Username: “ANONYMOUS”

Auth: HTTP Basic

  • HTTP Basic Security toggled to “Yes”
  • HTTP Basic Realm: Smile CDR (by default but configurable; learn more here

Auth: OpenID Connect

  • OpenID Connect Security toggled to “Yes”

FHIR Endpoint Partitioning

  • Tenant Identification Strategy: from the dropdown select “None”

Capability Statement

  • Implementation Description: “FHIR Endpoint powered by Smile CDR”
  • Enable OpenAPI/Swagger Support toggled to “Yes”

Dependencies

  • Username/Password Authentication: from the dropdown select local_security (Local Inbound Security)
  • FHIR R4 Storage: from the dropdown, select persistence (FHIR Storage (R4 Relational)) or as appropriate
  • OpenID Connect Authentication: from the dropdown, select smart_auth (SMART Outbound Security)

After the configurations have been made, select “Save” at the top of the page to get redirected to the “Configuration” page where a confirmation message would be displayed for the configurations made. It is also recommended to “Restart” the module if any changes are made.

On the same page, the module will be displayed under the “Manage Node Modules” table and in the FHIR Modules section in the menu pane on the left with a green checkmark :heavy_check_mark: icon to indicate a correctly functioning module.

Configuration of SMART Auth Module

The smart_auth module is included in a standard Smile installation. The module configuration is documented here

Ensure the following are assigned for the respective configurable sections:

HTTP Listener

  • Listener Port (e.g., 19200)
  • Context Path (e.g., /smartauth/) IMPORTANT NOTE: the / at the end of the context path is necessary.
  • Endpoint Health Path (e.g., /endpoint-health)
  • Respect Forward Headers toggled to “Yes”

Cross-Origin Resource Sharing (CORS)

  • CORS Enabled toggled to “Yes”
  • CORS Origins: [comma-separated list of allowable origins is recommended, however the wildcard value “*” can be used to allow CORS for all domains, however this is generally not considered a good practice for production systems serving sensitive data] .

JSON Web KeySet (JWKS)

  • Signing JWKS (File): provide it in either file or text format in order to load a JWKS (JSON Web KeySet) file that is used for signing OpenID Connect tokens. In the case of files placed in the Smile CDR classes directory, the format should be classpath:/filename.jwks, for e.g., classpath:/smilecdr-demo.jwks)

OIDC

  • Client Secret Encoding: from the dropdown, select “BCRYPT_12_Round”
  • Smile CDR generated Client Secret expiry duration in days: enter the expiry duration in days for Smile CDR generated client secrets (e.g., 365 days)
  • SMART Capabilities List: see here for more information
    1. launch-ehr
    2. client-public
    3. client-confidential-symmetric
    4. context-ehr-patient
    5. context-standalone-patient
    6. sso-openid-connect
    7. permission-patient
    8. launch-standalone
    9. permission-offline
  • PKCE Plain Challenge Supported toggled to “Yes”
  • Issuer URL: enter the URL to be placed in OpenID Connect tokens as the iss (issuer) token. The value should be the URL to the identity server (e.g., https://try.smilecdr.com/smartauth/)
  • Cache Authorizations in millis (e.g., 3000)

Sessions

  • Session Timeout: for the number of minutes that a user session can sit idle before it is eligible to expire (e.g., 30 min)
  • Session Scavenger Interval: for the number of milliseconds between session scavenger passes (e.g., 60,000 ms)

SMART Authorization

  • Enforce Approve Scopes to Restrict Permissions toggled to “Yes”
  • Scopes Supported: “openid fhirUser”

Dependencies

  • Username/Password Authentication: from the dropdown, select local_security (Local Inbound Security)
  • User Self Registration Provider: from the dropdown, select local_security (Local Inbound Security)

After the configurations have been made, select “Save” at the top of the page to get redirected to the “Configuration” page. A confirmation message would be displayed for the newly added module. It is recommended to “Restart” the module if any changes are made.

** IMPORTANT NOTE **

If the context path is changed in smart_auth, admin_json, or fhir_endpoint modules, the corresponding URLs in app_gallery module configuration must be changed accordingly.