On this page:
   37.83    Inbound SMART on FHIR Endpoints
  • Configuration Categories
  • 37.0 Web Admin Console Settings
  • 37.1 appSphere
  • 37.2 Initial appSphere Seeding
  • 37.3 Email Server
  • 37.4 appSphere Payer Configuration
  • 37.5 Authentication Callback Scripts
  • 37.6 Auth: General for APIs
  • 37.7 User Authentication
  • 37.8 Auth: HTTP Basic
  • 37.9 Auth: OpenID Connect
  • 37.10 Browser Syntax Highlighting
  • 37.11 Capability Statement (metadata)
  • 37.12 CDA Generation
  • 37.13 CDS Hooks
  • 37.14 Channel Import
  • 37.15 Channel Retry
  • 37.16 Cluster Manager Maintenance
  • 37.17 Cluster Manager Message Broker
  • 37.18 Cluster Manager Kafka
  • 37.19 Credentials
  • 37.20 Cross-Origin Resource Sharing (CORS)
  • 37.21 Database
  • 37.22 ETL Import: CSV Properties
  • 37.23 ETL Import: Source
  • 37.24 FHIR Binary Storage
  • 37.25 FHIR Bulk Operations
  • 37.26 FHIR Configuration
  • 37.27 FHIR Capability Statement
  • 37.28 FHIR Consent Service
  • 37.29 FHIR Endpoint Terminology
  • 37.30 FHIR LiveBundle Service
  • 37.31 FHIR Endpoint Conversion
  • 37.32 FHIR Endpoint Security
  • 37.33 Interceptors
  • 37.34 FHIR Endpoint Partitioning and Multitenancy
  • 37.35 FHIR Gateway Config
  • 37.36 FHIR MDM Server
  • 37.37 FHIR Storage Partitioning and Multitenancy
  • 37.38 FHIR Storage Package Registry
  • 37.39 Versioned References
  • 37.40 FHIR Performance
  • 37.41 FHIR Performance Tracing
  • 37.42 FHIR Storage Scheduled Tasks
  • 37.43 FHIR Realtime Export
  • 37.44 FHIR Resource Types
  • 37.45 FHIR REST Endpoint
  • 37.46 FHIR Search
  • 37.47 FHIR Interceptors
  • 37.48 FHIR Repository Validation
  • 37.49 FHIR Subscription Persistence
  • 37.50 FHIR Subscription Delivery
  • 37.51 FHIR Validation Services
  • 37.52 HL7 v2.x to FHIR Mapper - Forced Namespace Mode
  • 37.53 HL7 v2.x to FHIR Mapper - General
  • 37.54 HL7 v2.x Mapper - Medications
  • 37.55 HL7 v2.x Mapper - Contained Resource
  • 37.56 HL7 v2.x to FHIR Mapper - OBR
  • 37.57 HL7 v2.x to FHIR Mapper - OBSERVATION Group
  • 37.58 HL7 v2.x to FHIR Mapper - ORDER_OBSERVATION Group
  • 37.59 HL7 v2.x to FHIR Mapper - PV1
  • 37.60 HL7 v2.x to FHIR Mapper - PID
  • 37.61 HL7 v2.x Listener Script
  • 37.62 HL7 v2.x MLLP Listener
  • 37.63 FHIR to HL7 v2.x Mapper Script
  • 37.64 HL7 v2.x Outbound Mapping
  • 37.65 HL7 v2.x MLLP Sender
  • 37.66 HTTP Access Log
  • 37.67 HTTP Listener
  • 37.68 HTTP Request Pool
  • 37.69 HTTP Security
  • 37.70 Hybrid Providers Definitions
  • 37.71 Initial User Seeding
  • 37.72 JSON Web KeySet (JWKS)
  • 37.73 LDAP Authentication
  • 37.74 Lucene FullText Indexing
  • 37.75 Narrative Generator
  • 37.76 Master Data Management
  • 37.77 OpenID Connect (OIDC)
  • 37.78 Realtime Export
  • 37.79 Request Validating
  • 37.80 Search Parameter Seeding
  • 37.81 Security Inbound Script
  • 37.82 Inbound SMART on FHIR Authentication
  • 37.83 Inbound SMART on FHIR Endpoints
  • 37.84 OpenID Connect Token Validation
  • 37.85 SAML Provider
  • 37.86 OAuth2/OIDC Federation
  • 37.87 SMART Authorization
  • 37.88 SMART Definitions Seeding
  • 37.89 Sessions
  • 37.90 SMART Outbound Security: Callback Script
  • 37.91 SMART Outbound Security: CODAP
  • 37.92 SMART Outbound Security: Login Skin
  • 37.93 SMART Outbound Security: Terms of Service
  • 37.94 Two Factor Authentication
  • 37.95 TLS / SSL (Encryption)
  • 37.96 Trusted Client
  • 37.97 Transaction Log
  • 37.98 User Self Registration
    • 37.85    SAML Provider   
       Table of Contents

    OpenID Connect Token Validation

    37.84OpenID Connect Token Validation

     

    The OpenID Connect Token Validation configuration category includes the following configurable options:

    • Token Introspection Client: Truststore File

    • Token Introspection Client: Truststore Password

    37.84.1Property: Token Introspection Client: Truststore File

     
    Property Name Token Introspection Client: Truststore File
    Property Key
    Property Type Resource Path
    Description Specifies a TrustStore to use for outbound client connections from the OIDC server. This is only needed in cases where the remote OIDC server uses a self-signed certificate for TLS.
    Applies to Modules
    • SMART Inbound Security
    • SMART Outbound Security
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.introspection_client.truststore.file = classpath:truststore.p12

    37.84.2Property: Token Introspection Client: Truststore Password

     
    Property Name Token Introspection Client: Truststore Password
    Property Key
    Property Type PASSWORD
    Description The password to use to open the truststore, if specified.
    Applies to Modules
    • SMART Inbound Security
    • SMART Outbound Security
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.introspection_client.truststore.password =
       37.83    Inbound SMART on FHIR Endpoints
  • Configuration Categories
  • 37.0 Web Admin Console Settings
  • 37.1 appSphere
  • 37.2 Initial appSphere Seeding
  • 37.3 Email Server
  • 37.4 appSphere Payer Configuration
  • 37.5 Authentication Callback Scripts
  • 37.6 Auth: General for APIs
  • 37.7 User Authentication
  • 37.8 Auth: HTTP Basic
  • 37.9 Auth: OpenID Connect
  • 37.10 Browser Syntax Highlighting
  • 37.11 Capability Statement (metadata)
  • 37.12 CDA Generation
  • 37.13 CDS Hooks
  • 37.14 Channel Import
  • 37.15 Channel Retry
  • 37.16 Cluster Manager Maintenance
  • 37.17 Cluster Manager Message Broker
  • 37.18 Cluster Manager Kafka
  • 37.19 Credentials
  • 37.20 Cross-Origin Resource Sharing (CORS)
  • 37.21 Database
  • 37.22 ETL Import: CSV Properties
  • 37.23 ETL Import: Source
  • 37.24 FHIR Binary Storage
  • 37.25 FHIR Bulk Operations
  • 37.26 FHIR Configuration
  • 37.27 FHIR Capability Statement
  • 37.28 FHIR Consent Service
  • 37.29 FHIR Endpoint Terminology
  • 37.30 FHIR LiveBundle Service
  • 37.31 FHIR Endpoint Conversion
  • 37.32 FHIR Endpoint Security
  • 37.33 Interceptors
  • 37.34 FHIR Endpoint Partitioning and Multitenancy
  • 37.35 FHIR Gateway Config
  • 37.36 FHIR MDM Server
  • 37.37 FHIR Storage Partitioning and Multitenancy
  • 37.38 FHIR Storage Package Registry
  • 37.39 Versioned References
  • 37.40 FHIR Performance
  • 37.41 FHIR Performance Tracing
  • 37.42 FHIR Storage Scheduled Tasks
  • 37.43 FHIR Realtime Export
  • 37.44 FHIR Resource Types
  • 37.45 FHIR REST Endpoint
  • 37.46 FHIR Search
  • 37.47 FHIR Interceptors
  • 37.48 FHIR Repository Validation
  • 37.49 FHIR Subscription Persistence
  • 37.50 FHIR Subscription Delivery
  • 37.51 FHIR Validation Services
  • 37.52 HL7 v2.x to FHIR Mapper - Forced Namespace Mode
  • 37.53 HL7 v2.x to FHIR Mapper - General
  • 37.54 HL7 v2.x Mapper - Medications
  • 37.55 HL7 v2.x Mapper - Contained Resource
  • 37.56 HL7 v2.x to FHIR Mapper - OBR
  • 37.57 HL7 v2.x to FHIR Mapper - OBSERVATION Group
  • 37.58 HL7 v2.x to FHIR Mapper - ORDER_OBSERVATION Group
  • 37.59 HL7 v2.x to FHIR Mapper - PV1
  • 37.60 HL7 v2.x to FHIR Mapper - PID
  • 37.61 HL7 v2.x Listener Script
  • 37.62 HL7 v2.x MLLP Listener
  • 37.63 FHIR to HL7 v2.x Mapper Script
  • 37.64 HL7 v2.x Outbound Mapping
  • 37.65 HL7 v2.x MLLP Sender
  • 37.66 HTTP Access Log
  • 37.67 HTTP Listener
  • 37.68 HTTP Request Pool
  • 37.69 HTTP Security
  • 37.70 Hybrid Providers Definitions
  • 37.71 Initial User Seeding
  • 37.72 JSON Web KeySet (JWKS)
  • 37.73 LDAP Authentication
  • 37.74 Lucene FullText Indexing
  • 37.75 Narrative Generator
  • 37.76 Master Data Management
  • 37.77 OpenID Connect (OIDC)
  • 37.78 Realtime Export
  • 37.79 Request Validating
  • 37.80 Search Parameter Seeding
  • 37.81 Security Inbound Script
  • 37.82 Inbound SMART on FHIR Authentication
  • 37.83 Inbound SMART on FHIR Endpoints
  • 37.84 OpenID Connect Token Validation
  • 37.85 SAML Provider
  • 37.86 OAuth2/OIDC Federation
  • 37.87 SMART Authorization
  • 37.88 SMART Definitions Seeding
  • 37.89 Sessions
  • 37.90 SMART Outbound Security: Callback Script
  • 37.91 SMART Outbound Security: CODAP
  • 37.92 SMART Outbound Security: Login Skin
  • 37.93 SMART Outbound Security: Terms of Service
  • 37.94 Two Factor Authentication
  • 37.95 TLS / SSL (Encryption)
  • 37.96 Trusted Client
  • 37.97 Transaction Log
  • 37.98 User Self Registration
    • 37.85    SAML Provider