Smile CDR v2022.08.PRE
On this page:
   37.102    Two Factor Authentication
  • Configuration Categories
  • 37.0 Web Admin Console Settings
  • 37.1 appSphere
  • 37.2 Payer Config
  • 37.3 Initial appSphere Seeding
  • 37.4 Authentication Callback Scripts
  • 37.5 Auth: General for APIs
  • 37.6 User Authentication
  • 37.7 Auth: HTTP Basic
  • 37.8 Auth: OpenID Connect
  • 37.9 Browser Syntax Highlighting
  • 37.10 Capability Statement (metadata)
  • 37.11 CDA Generation
  • 37.12 CDA Import
  • 37.13 CDS Hooks Definitions
  • 37.14 Channel Import
  • 37.15 Channel Retry
  • 37.16 Kafka
  • 37.17 Smile CDR License
  • 37.18 Cluster Manager Maintenance
  • 37.19 Message Broker
  • 37.20 Cluster Level Security
  • 37.21 Credentials
  • 37.22 Cross-Origin Resource Sharing (CORS)
  • 37.23 Database
  • 37.24 Email Configuration
  • 37.25 ETL Import: CSV Properties
  • 37.26 ETL Import: Source
  • 37.27 FHIR Binary Storage
  • 37.28 FHIR Bulk Operations
  • 37.29 Capability Statement
  • 37.30 FHIR Configuration
  • 37.31 Consent Service
  • 37.32 FHIR Endpoint Conversion
  • 37.33 Interceptors
  • 37.34 FHIR Endpoint Partitioning
  • 37.35 Custom Resource Providers
  • 37.36 FHIR Endpoint Security
  • 37.37 Endpoint Terminology
  • 37.38 FHIR Gateway Configuration
  • 37.39 FHIR Interceptors
  • 37.40 LiveBundle Service
  • 37.41 FHIR MDM Server
  • 37.42 FHIR Performance
  • 37.43 FHIR Performance Tracing
  • 37.44 FHIR Realtime Export
  • 37.45 Repository Validation
  • 37.46 FHIR Resource Types
  • 37.47 FHIR REST Endpoint
  • 37.48 FHIR Search
  • 37.49 FHIR Storage Module Scheduled Tasks
  • 37.50 FHIR Validation Services
  • 37.51 FHIR Storage Package Registry
  • 37.52 FHIR Storage Partitioning
  • 37.53 Versioned References
  • 37.54 FHIR Subscription Delivery
  • 37.55 FHIR Subscription Persistence
  • 37.56 Amazon HealthLake REST Endpoint
  • 37.57 HL7 v2.x Mapper - Contained Resource
  • 37.58 HL7 v2.x Mapper - DG1
  • 37.59 HL7 v2.x Mapper - Forced Namespace Mode
  • 37.60 HL7 v2.x Mapper - General
  • 37.61 HL7 v2.x Mapper - Medications
  • 37.62 HL7 v2.x Mapper - OBR
  • 37.63 HL7 v2.x to FHIR Mapper - OBSERVATION Group
  • 37.64 HL7 v2.x to FHIR Mapper - ORDER_OBSERVATION Group
  • 37.65 HL7 v2.x Mapper - PID
  • 37.66 HL7 v2.x Mapper - PV1
  • 37.67 HL7 v2.x Listener Script
  • 37.68 HL7 v2.x MLLP Listener
  • 37.69 HL7 v2.x MLLP Sender
  • 37.70 FHIR to HL7 v2.x Mapper Script
  • 37.71 HL7 v2.x Outbound Mapping
  • 37.72 HTTP Access Log
  • 37.73 HTTP Listener
  • 37.74 HTTP Request Pool
  • 37.75 HTTP Security
  • 37.76 Hybrid Providers Definitions
  • 37.77 Initial User Seeding
  • 37.78 JavaScript Execution Environment
  • 37.79 JSON Web KeySet (JWKS)
  • 37.80 LDAP Authentication
  • 37.81 Lucene FullText Indexing
  • 37.82 MDM
  • 37.83 Narrative Generator
  • 37.84 OpenID Connect Token Validation
  • 37.85 OpenID Connect (OIDC)
  • 37.86 Provenance Injection
  • 37.87 Realtime Export
  • 37.88 Endpoint Validation: Request Validating
  • 37.89 Search Parameter Seeding
  • 37.90 SAML Provider
  • 37.91 Security Inbound Script
  • 37.92 Inbound SMART on FHIR Authentication
  • 37.93 Inbound SMART on FHIR Endpoints
  • 37.94 OAuth2/OIDC Federation
  • 37.95 SMART Callback Script
  • 37.96 Cross-Organizational Data Access Profile
  • 37.97 SMART Login Skin
  • 37.98 SMART Login Terms of Service
  • 37.99 SMART Authorization
  • 37.100 SMART Definitions Seeding
  • 37.101 Sessions
  • 37.102 Two Factor Authentication
  • 37.103 TLS / SSL (Encryption)
  • 37.104 Transaction Log
  • 37.105 Trusted Client
  • 37.106 User Self Registration
    • 37.104    Transaction Log   
       Table of Contents

    TLS / SSL (Encryption)

    37.103TLS / SSL (Encryption)

     

    The TLS / SSL (Encryption) configuration category includes the following configurable options:

    • TLS Client Authentication

    • TLS Enabled

    • TLS KeyStore Filename

    • TLS KeyStore Key Alias

    • TLS KeyStore Key Password

    • TLS KeyStore Password

    • TLS Cipher Blacklist

    • TLS Cipher Whitelist

    • TLS Protocol Blacklist

    • TLS Protocol Whitelist

    • TLS TrustStore Filename

    • TLS TrustStore Password

    37.103.1Property: TLS Client Authentication

     
    Property Name TLS Client Authentication
    Property Key
    Property Type BOOLEAN
    Description Should the listener for this module require incoming connections to authenticate using TLS Client Authentication?
    Applies to Modules
    • CDS Hooks REST Endpoint
    • FHIR Gateway REST Endpoint
    • FHIR REST Endpoint (DSTU2)
    • FHIR REST Endpoint (R3)
    • FHIR REST Endpoint (R4)
    • FHIRWeb Console
    • HL7 v2.x Listening Endpoint
    • HL7 v2.x Sending Endpoint
    • Hybrid Providers REST Endpoint
    • JSON Admin API
    • Package Registry Endpoint
    • Payer to Payer
    • SMART App Host (Deprecated)
    • SMART Outbound Security
    • Subscription Websocket Endpoint
    • appSphere
    Default Value false
    Example Property 
    module.[MODULE_ID].config.tls.clientauth.enabled = false

    37.103.2Property: TLS Enabled

     
    Property Name TLS Enabled
    Property Key
    Property Type BOOLEAN
    Description Should the listener for this module require TLS (i.e. SSL or HTTPS) encryption for incoming connections?
    Applies to Modules
    • CDS Hooks REST Endpoint
    • FHIR Gateway REST Endpoint
    • FHIR REST Endpoint (DSTU2)
    • FHIR REST Endpoint (R3)
    • FHIR REST Endpoint (R4)
    • FHIRWeb Console
    • HL7 v2.x Listening Endpoint
    • HL7 v2.x Sending Endpoint
    • Hybrid Providers REST Endpoint
    • JSON Admin API
    • Package Registry Endpoint
    • Payer to Payer
    • SMART App Host (Deprecated)
    • SMART Outbound Security
    • Subscription Websocket Endpoint
    • appSphere
    Default Value false
    Example Property 
    module.[MODULE_ID].config.tls.enabled = false

    37.103.3Property: TLS KeyStore Filename

     
    Property Name TLS KeyStore Filename
    Property Key
    Property Type Resource Path
    Description The filename for the TLS KeyStore used to hold private keys for TLS connections. This can be in the format classpath:path/to/file.p12 or file:///path/to/file.p12. Valid file extensions are .jks (Java Keystore) or .p12 (PKCS#12 store).
    Applies to Modules
    • CDS Hooks REST Endpoint
    • FHIR Gateway REST Endpoint
    • FHIR REST Endpoint (DSTU2)
    • FHIR REST Endpoint (R3)
    • FHIR REST Endpoint (R4)
    • FHIRWeb Console
    • HL7 v2.x Listening Endpoint
    • HL7 v2.x Sending Endpoint
    • Hybrid Providers REST Endpoint
    • JSON Admin API
    • Package Registry Endpoint
    • Payer to Payer
    • SMART App Host (Deprecated)
    • SMART Outbound Security
    • Subscription Websocket Endpoint
    • appSphere
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.keystore.file =

    37.103.4Property: TLS KeyStore Key Alias

     
    Property Name TLS KeyStore Key Alias
    Property Key
    Property Type STRING
    Description The alias for the specific key within the KeyStore that should be selected for incoming TLS connections.
    Applies to Modules
    • CDS Hooks REST Endpoint
    • FHIR Gateway REST Endpoint
    • FHIR REST Endpoint (DSTU2)
    • FHIR REST Endpoint (R3)
    • FHIR REST Endpoint (R4)
    • FHIRWeb Console
    • HL7 v2.x Listening Endpoint
    • HL7 v2.x Sending Endpoint
    • Hybrid Providers REST Endpoint
    • JSON Admin API
    • Package Registry Endpoint
    • Payer to Payer
    • SMART App Host (Deprecated)
    • SMART Outbound Security
    • Subscription Websocket Endpoint
    • appSphere
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.keystore.keyalias =

    37.103.5Property: TLS KeyStore Key Password

     
    Property Name TLS KeyStore Key Password
    Property Key
    Property Type PASSWORD
    Description The password for the specific key within the KeyStore (leave blank if the key has no password).
    Applies to Modules
    • CDS Hooks REST Endpoint
    • FHIR Gateway REST Endpoint
    • FHIR REST Endpoint (DSTU2)
    • FHIR REST Endpoint (R3)
    • FHIR REST Endpoint (R4)
    • FHIRWeb Console
    • HL7 v2.x Listening Endpoint
    • HL7 v2.x Sending Endpoint
    • Hybrid Providers REST Endpoint
    • JSON Admin API
    • Package Registry Endpoint
    • Payer to Payer
    • SMART App Host (Deprecated)
    • SMART Outbound Security
    • Subscription Websocket Endpoint
    • appSphere
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.keystore.keypass =

    37.103.6Property: TLS KeyStore Password

     
    Property Name TLS KeyStore Password
    Property Key
    Property Type PASSWORD
    Description The password for the TLS KeyStore (leave blank if the store has no password).
    Applies to Modules
    • CDS Hooks REST Endpoint
    • FHIR Gateway REST Endpoint
    • FHIR REST Endpoint (DSTU2)
    • FHIR REST Endpoint (R3)
    • FHIR REST Endpoint (R4)
    • FHIRWeb Console
    • HL7 v2.x Listening Endpoint
    • HL7 v2.x Sending Endpoint
    • Hybrid Providers REST Endpoint
    • JSON Admin API
    • Package Registry Endpoint
    • Payer to Payer
    • SMART App Host (Deprecated)
    • SMART Outbound Security
    • Subscription Websocket Endpoint
    • appSphere
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.keystore.password =

    37.103.7Property: TLS Cipher Blacklist

     
    Property Name TLS Cipher Blacklist
    Property Key
    Property Type STRING
    Description If specified, contains a space-separated list of ciphers that are not permitted for use by TLS clients. See Selecting Ciphers and Protocol for more information.
    Applies to Modules
    • CDS Hooks REST Endpoint
    • FHIR Gateway REST Endpoint
    • FHIR REST Endpoint (DSTU2)
    • FHIR REST Endpoint (R3)
    • FHIR REST Endpoint (R4)
    • FHIRWeb Console
    • HL7 v2.x Listening Endpoint
    • HL7 v2.x Sending Endpoint
    • Hybrid Providers REST Endpoint
    • JSON Admin API
    • Package Registry Endpoint
    • Payer to Payer
    • SMART App Host (Deprecated)
    • SMART Outbound Security
    • Subscription Websocket Endpoint
    • appSphere
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.protocol.cipher_blacklist =

    37.103.8Property: TLS Cipher Whitelist

     
    Property Name TLS Cipher Whitelist
    Property Key
    Property Type STRING
    Description If specified, contains a space-separated list of ciphers that are permitted for use by TLS clients. See Selecting Ciphers and Protocol for more information.
    Applies to Modules
    • CDS Hooks REST Endpoint
    • FHIR Gateway REST Endpoint
    • FHIR REST Endpoint (DSTU2)
    • FHIR REST Endpoint (R3)
    • FHIR REST Endpoint (R4)
    • FHIRWeb Console
    • HL7 v2.x Listening Endpoint
    • HL7 v2.x Sending Endpoint
    • Hybrid Providers REST Endpoint
    • JSON Admin API
    • Package Registry Endpoint
    • Payer to Payer
    • SMART App Host (Deprecated)
    • SMART Outbound Security
    • Subscription Websocket Endpoint
    • appSphere
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.protocol.cipher_whitelist =

    37.103.9Property: TLS Protocol Blacklist

     
    Property Name TLS Protocol Blacklist
    Property Key
    Property Type STRING
    Description If specified, contains a space-separated list of protocols that are not permitted for use by TLS clients. See Selecting Ciphers and Protocol for more information.
    Applies to Modules
    • CDS Hooks REST Endpoint
    • FHIR Gateway REST Endpoint
    • FHIR REST Endpoint (DSTU2)
    • FHIR REST Endpoint (R3)
    • FHIR REST Endpoint (R4)
    • FHIRWeb Console
    • HL7 v2.x Listening Endpoint
    • HL7 v2.x Sending Endpoint
    • Hybrid Providers REST Endpoint
    • JSON Admin API
    • Package Registry Endpoint
    • Payer to Payer
    • SMART App Host (Deprecated)
    • SMART Outbound Security
    • Subscription Websocket Endpoint
    • appSphere
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.protocol.protocol_blacklist =

    37.103.10Property: TLS Protocol Whitelist

     
    Property Name TLS Protocol Whitelist
    Property Key
    Property Type STRING
    Description If specified, contains a space-separated list of protocols that are permitted for use by TLS clients. See Selecting Ciphers and Protocol for more information.
    Applies to Modules
    • CDS Hooks REST Endpoint
    • FHIR Gateway REST Endpoint
    • FHIR REST Endpoint (DSTU2)
    • FHIR REST Endpoint (R3)
    • FHIR REST Endpoint (R4)
    • FHIRWeb Console
    • HL7 v2.x Listening Endpoint
    • HL7 v2.x Sending Endpoint
    • Hybrid Providers REST Endpoint
    • JSON Admin API
    • Package Registry Endpoint
    • Payer to Payer
    • SMART App Host (Deprecated)
    • SMART Outbound Security
    • Subscription Websocket Endpoint
    • appSphere
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.protocol.protocol_whitelist =

    37.103.11Property: TLS TrustStore Filename

     
    Property Name TLS TrustStore Filename
    Property Key
    Property Type Resource Path
    Description The filename for the TLS TrustStore used to hold trusted certificates for TLS connections. This can be in the format classpath:path/to/file.p12 or file:///path/to/file.p12. Valid file extensions are .jks (Java Keystore) or .p12 (PKCS#12 store).
    Applies to Modules
    • CDS Hooks REST Endpoint
    • FHIR Gateway REST Endpoint
    • FHIR REST Endpoint (DSTU2)
    • FHIR REST Endpoint (R3)
    • FHIR REST Endpoint (R4)
    • FHIRWeb Console
    • HL7 v2.x Listening Endpoint
    • HL7 v2.x Sending Endpoint
    • Hybrid Providers REST Endpoint
    • JSON Admin API
    • Package Registry Endpoint
    • Payer to Payer
    • SMART App Host (Deprecated)
    • SMART Outbound Security
    • Subscription Websocket Endpoint
    • appSphere
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.truststore.file = classpath:truststore.p12

    37.103.12Property: TLS TrustStore Password

     
    Property Name TLS TrustStore Password
    Property Key
    Property Type PASSWORD
    Description The password for the TLS TrustStore (leave blank if the store has no password).
    Applies to Modules
    • CDS Hooks REST Endpoint
    • FHIR Gateway REST Endpoint
    • FHIR REST Endpoint (DSTU2)
    • FHIR REST Endpoint (R3)
    • FHIR REST Endpoint (R4)
    • FHIRWeb Console
    • HL7 v2.x Listening Endpoint
    • HL7 v2.x Sending Endpoint
    • Hybrid Providers REST Endpoint
    • JSON Admin API
    • Package Registry Endpoint
    • Payer to Payer
    • SMART App Host (Deprecated)
    • SMART Outbound Security
    • Subscription Websocket Endpoint
    • appSphere
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.truststore.password =
       37.102    Two Factor Authentication
  • Configuration Categories
  • 37.0 Web Admin Console Settings
  • 37.1 appSphere
  • 37.2 Payer Config
  • 37.3 Initial appSphere Seeding
  • 37.4 Authentication Callback Scripts
  • 37.5 Auth: General for APIs
  • 37.6 User Authentication
  • 37.7 Auth: HTTP Basic
  • 37.8 Auth: OpenID Connect
  • 37.9 Browser Syntax Highlighting
  • 37.10 Capability Statement (metadata)
  • 37.11 CDA Generation
  • 37.12 CDA Import
  • 37.13 CDS Hooks Definitions
  • 37.14 Channel Import
  • 37.15 Channel Retry
  • 37.16 Kafka
  • 37.17 Smile CDR License
  • 37.18 Cluster Manager Maintenance
  • 37.19 Message Broker
  • 37.20 Cluster Level Security
  • 37.21 Credentials
  • 37.22 Cross-Origin Resource Sharing (CORS)
  • 37.23 Database
  • 37.24 Email Configuration
  • 37.25 ETL Import: CSV Properties
  • 37.26 ETL Import: Source
  • 37.27 FHIR Binary Storage
  • 37.28 FHIR Bulk Operations
  • 37.29 Capability Statement
  • 37.30 FHIR Configuration
  • 37.31 Consent Service
  • 37.32 FHIR Endpoint Conversion
  • 37.33 Interceptors
  • 37.34 FHIR Endpoint Partitioning
  • 37.35 Custom Resource Providers
  • 37.36 FHIR Endpoint Security
  • 37.37 Endpoint Terminology
  • 37.38 FHIR Gateway Configuration
  • 37.39 FHIR Interceptors
  • 37.40 LiveBundle Service
  • 37.41 FHIR MDM Server
  • 37.42 FHIR Performance
  • 37.43 FHIR Performance Tracing
  • 37.44 FHIR Realtime Export
  • 37.45 Repository Validation
  • 37.46 FHIR Resource Types
  • 37.47 FHIR REST Endpoint
  • 37.48 FHIR Search
  • 37.49 FHIR Storage Module Scheduled Tasks
  • 37.50 FHIR Validation Services
  • 37.51 FHIR Storage Package Registry
  • 37.52 FHIR Storage Partitioning
  • 37.53 Versioned References
  • 37.54 FHIR Subscription Delivery
  • 37.55 FHIR Subscription Persistence
  • 37.56 Amazon HealthLake REST Endpoint
  • 37.57 HL7 v2.x Mapper - Contained Resource
  • 37.58 HL7 v2.x Mapper - DG1
  • 37.59 HL7 v2.x Mapper - Forced Namespace Mode
  • 37.60 HL7 v2.x Mapper - General
  • 37.61 HL7 v2.x Mapper - Medications
  • 37.62 HL7 v2.x Mapper - OBR
  • 37.63 HL7 v2.x to FHIR Mapper - OBSERVATION Group
  • 37.64 HL7 v2.x to FHIR Mapper - ORDER_OBSERVATION Group
  • 37.65 HL7 v2.x Mapper - PID
  • 37.66 HL7 v2.x Mapper - PV1
  • 37.67 HL7 v2.x Listener Script
  • 37.68 HL7 v2.x MLLP Listener
  • 37.69 HL7 v2.x MLLP Sender
  • 37.70 FHIR to HL7 v2.x Mapper Script
  • 37.71 HL7 v2.x Outbound Mapping
  • 37.72 HTTP Access Log
  • 37.73 HTTP Listener
  • 37.74 HTTP Request Pool
  • 37.75 HTTP Security
  • 37.76 Hybrid Providers Definitions
  • 37.77 Initial User Seeding
  • 37.78 JavaScript Execution Environment
  • 37.79 JSON Web KeySet (JWKS)
  • 37.80 LDAP Authentication
  • 37.81 Lucene FullText Indexing
  • 37.82 MDM
  • 37.83 Narrative Generator
  • 37.84 OpenID Connect Token Validation
  • 37.85 OpenID Connect (OIDC)
  • 37.86 Provenance Injection
  • 37.87 Realtime Export
  • 37.88 Endpoint Validation: Request Validating
  • 37.89 Search Parameter Seeding
  • 37.90 SAML Provider
  • 37.91 Security Inbound Script
  • 37.92 Inbound SMART on FHIR Authentication
  • 37.93 Inbound SMART on FHIR Endpoints
  • 37.94 OAuth2/OIDC Federation
  • 37.95 SMART Callback Script
  • 37.96 Cross-Organizational Data Access Profile
  • 37.97 SMART Login Skin
  • 37.98 SMART Login Terms of Service
  • 37.99 SMART Authorization
  • 37.100 SMART Definitions Seeding
  • 37.101 Sessions
  • 37.102 Two Factor Authentication
  • 37.103 TLS / SSL (Encryption)
  • 37.104 Transaction Log
  • 37.105 Trusted Client
  • 37.106 User Self Registration
    • 37.104    Transaction Log