Smile CDR v2023.05.PRE
On this page:
   41.112    Two Factor Authentication
  • Configuration Categories
  • 41.0 Web Admin Console Settings
  • 41.1 appSphere
  • 41.2 Payer Config
  • 41.3 Initial appSphere Seeding
  • 41.4 Authentication Callback Scripts
  • 41.5 Auth: General for APIs
  • 41.6 User Authentication
  • 41.7 Auth: HTTP Basic
  • 41.8 Auth: OpenID Connect
  • 41.9 Browser Syntax Highlighting
  • 41.10 Capability Statement (metadata)
  • 41.11 CDA Generation
  • 41.12 CDA Import
  • 41.13 CDA JavaScript Execution Scripts
  • 41.14 CDS Hooks Definitions
  • 41.15 Channel Import
  • 41.16 Channel Retry
  • 41.17 Kafka
  • 41.18 Cluster Manager Maintenance
  • 41.19 Message Broker
  • 41.20 Cluster Level Security
  • 41.21 Credentials
  • 41.22 Cross-Origin Resource Sharing (CORS)
  • 41.23 Database
  • 41.24 Da Vinci Health Record Exchange
  • 41.25 DQM
  • 41.26 Email Configuration
  • 41.27 ETL Import: CSV Properties
  • 41.28 ETL Import: Source
  • 41.29 FHIR Binary Storage
  • 41.30 FHIR Bulk Operations
  • 41.31 Capability Statement
  • 41.32 FHIR Configuration
  • 41.33 Consent Service
  • 41.34 FHIR Endpoint Conversion
  • 41.35 Interceptors
  • 41.36 FHIR Endpoint Partitioning
  • 41.37 Resource Providers
  • 41.38 FHIR Endpoint Security
  • 41.39 Endpoint Terminology
  • 41.40 FHIR Gateway Configuration
  • 41.41 FHIR Interceptors
  • 41.42 LiveBundle Service
  • 41.43 FHIR MDM Server
  • 41.44 FHIR Performance
  • 41.45 FHIR Performance Tracing
  • 41.46 FHIR Realtime Export
  • 41.47 Repository Validation
  • 41.48 FHIR Resource Types
  • 41.49 FHIR REST Endpoint
  • 41.50 FHIR Search
  • 41.51 Custom Resource Types
  • 41.52 IG Support
  • 41.53 MegaScale
  • 41.54 FHIR Storage Module Scheduled Tasks
  • 41.55 FHIR Validation Services
  • 41.56 FHIR Storage Package Registry
  • 41.57 FHIR Storage Partitioning
  • 41.58 Versioned References
  • 41.59 FHIR Subscription Delivery
  • 41.60 FHIR Subscription Persistence
  • 41.61 Amazon HealthLake REST Endpoint
  • 41.62 HL7 v2.x Mapper - Contained Resource
  • 41.63 HL7 v2.x Mapper - DG1
  • 41.64 HL7 v2.x Mapper - Forced Namespace Mode
  • 41.65 HL7 v2.x Mapper - General
  • 41.66 HL7 v2.x Mapper - Medications
  • 41.67 HL7 v2.x Mapper - OBR
  • 41.68 HL7 v2.x to FHIR Mapper - OBSERVATION Group
  • 41.69 HL7 v2.x to FHIR Mapper - ORDER_OBSERVATION Group
  • 41.70 HL7 v2.x Mapper - PID
  • 41.71 HL7 v2.x Mapper - PV1
  • 41.72 HL7 v2.x Listener Script
  • 41.73 HL7 v2.x MLLP Listener
  • 41.74 HL7 v2.x MLLP Sender
  • 41.75 FHIR to HL7 v2.x Mapper Script
  • 41.76 HL7 v2.x Outbound Mapping
  • 41.77 Da Vinci Health Record Exchange (HRex)
  • 41.78 HTTP Access Log
  • 41.79 HTTP Listener
  • 41.80 HTTP Request Pool
  • 41.81 HTTP Security
  • 41.82 Hybrid Providers Definitions
  • 41.83 Initial User Seeding
  • 41.84 JavaScript Execution Environment
  • 41.85 JSON Web KeySet (JWKS)
  • 41.86 LDAP Authentication
  • 41.87 Smile CDR License
  • 41.88 Lucene FullText Indexing
  • 41.89 MDM
  • 41.90 Narrative Generator
  • 41.91 OpenID Connect Token Validation
  • 41.92 OpenID Connect (OIDC)
  • 41.93 Payer to Payer
  • 41.94 Privacy Security Notice
  • 41.95 Provenance Injection
  • 41.96 Realtime Export
  • 41.97 Endpoint Validation: Request Validating
  • 41.98 Scheduler Configuration
  • 41.99 Search Parameter Seeding
  • 41.100 SAML Provider
  • 41.101 Security Inbound Script
  • 41.102 Inbound SMART on FHIR Authentication
  • 41.103 Inbound SMART on FHIR Endpoints
  • 41.104 OAuth2/OIDC Federation
  • 41.105 SMART Callback Script
  • 41.106 Cross-Organizational Data Access Profile
  • 41.107 SMART Login Skin
  • 41.108 SMART Login Terms of Service
  • 41.109 SMART Authorization
  • 41.110 SMART Definitions Seeding
  • 41.111 Sessions
  • 41.112 Two Factor Authentication
  • 41.113 TLS / SSL (Encryption)
  • 41.114 Transaction Log
  • 41.115 Trusted Client
  • 41.116 User Self Registration
    • 41.114    Transaction Log   
       Table of Contents

    TLS / SSL (Encryption)

    41.113TLS / SSL (Encryption)

     

    The TLS / SSL (Encryption) configuration category includes the following configurable options:

    • TLS Client Authentication

    • TLS Enabled

    • TLS KeyStore Filename

    • TLS KeyStore Key Alias

    • TLS KeyStore Key Password

    • TLS KeyStore Password

    • TLS Cipher Blacklist

    • TLS Cipher Whitelist

    • TLS Protocol Blacklist

    • TLS Protocol Whitelist

    • TLS TrustStore Filename

    • TLS TrustStore Password

    41.113.1Property: TLS Client Authentication

     
    Property Name TLS Client Authentication
    Property Key
    Property Type BOOLEAN
    Description Should the listener for this module require incoming connections to authenticate using TLS Client Authentication?
    Applies to Modules
    • CDS Hooks REST Endpoint
    • FHIR Gateway REST Endpoint
    • FHIR REST Endpoint (DSTU2)
    • FHIR REST Endpoint (R3)
    • FHIR REST Endpoint (R4)
    • FHIRWeb Console
    • HL7 v2.x Listening Endpoint
    • HL7 v2.x Sending Endpoint
    • Hybrid Providers REST Endpoint
    • JSON Admin API
    • Package Registry Endpoint
    • Payer to Payer
    • SMART App Host (Deprecated)
    • SMART Outbound Security
    • Subscription Websocket Endpoint
    • appSphere
    Default Value false
    Example Property 
    module.[MODULE_ID].config.tls.clientauth.enabled = false

    41.113.2Property: TLS Enabled

     
    Property Name TLS Enabled
    Property Key
    Property Type BOOLEAN
    Description Should the listener for this module require TLS (i.e. SSL or HTTPS) encryption for incoming connections?
    Applies to Modules
    • CDS Hooks REST Endpoint
    • FHIR Gateway REST Endpoint
    • FHIR REST Endpoint (DSTU2)
    • FHIR REST Endpoint (R3)
    • FHIR REST Endpoint (R4)
    • FHIRWeb Console
    • HL7 v2.x Listening Endpoint
    • HL7 v2.x Sending Endpoint
    • Hybrid Providers REST Endpoint
    • JSON Admin API
    • Package Registry Endpoint
    • Payer to Payer
    • SMART App Host (Deprecated)
    • SMART Outbound Security
    • Subscription Websocket Endpoint
    • appSphere
    Default Value false
    Example Property 
    module.[MODULE_ID].config.tls.enabled = false

    41.113.3Property: TLS KeyStore Filename

     
    Property Name TLS KeyStore Filename
    Property Key
    Property Type Resource Path
    Description The filename for the TLS KeyStore used to hold private keys for TLS connections. This can be in the format classpath:path/to/file.p12 or file:///path/to/file.p12. Valid file extensions are .jks (Java Keystore) or .p12 (PKCS#12 store).
    Applies to Modules
    • CDS Hooks REST Endpoint
    • FHIR Gateway REST Endpoint
    • FHIR REST Endpoint (DSTU2)
    • FHIR REST Endpoint (R3)
    • FHIR REST Endpoint (R4)
    • FHIRWeb Console
    • HL7 v2.x Listening Endpoint
    • Hybrid Providers REST Endpoint
    • JSON Admin API
    • Package Registry Endpoint
    • Payer to Payer
    • SMART App Host (Deprecated)
    • SMART Outbound Security
    • Subscription Websocket Endpoint
    • appSphere
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.keystore.file =

    41.113.4Property: TLS KeyStore Key Alias

     
    Property Name TLS KeyStore Key Alias
    Property Key
    Property Type STRING
    Description The alias for the specific key within the KeyStore that should be selected for incoming TLS connections.
    Applies to Modules
    • CDS Hooks REST Endpoint
    • FHIR Gateway REST Endpoint
    • FHIR REST Endpoint (DSTU2)
    • FHIR REST Endpoint (R3)
    • FHIR REST Endpoint (R4)
    • FHIRWeb Console
    • HL7 v2.x Listening Endpoint
    • Hybrid Providers REST Endpoint
    • JSON Admin API
    • Package Registry Endpoint
    • Payer to Payer
    • SMART App Host (Deprecated)
    • SMART Outbound Security
    • Subscription Websocket Endpoint
    • appSphere
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.keystore.keyalias =

    41.113.5Property: TLS KeyStore Key Password

     
    Property Name TLS KeyStore Key Password
    Property Key
    Property Type PASSWORD
    Description The password for the specific key within the KeyStore (leave blank if the key has no password).
    Applies to Modules
    • CDS Hooks REST Endpoint
    • FHIR Gateway REST Endpoint
    • FHIR REST Endpoint (DSTU2)
    • FHIR REST Endpoint (R3)
    • FHIR REST Endpoint (R4)
    • FHIRWeb Console
    • HL7 v2.x Listening Endpoint
    • Hybrid Providers REST Endpoint
    • JSON Admin API
    • Package Registry Endpoint
    • Payer to Payer
    • SMART App Host (Deprecated)
    • SMART Outbound Security
    • Subscription Websocket Endpoint
    • appSphere
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.keystore.keypass =

    41.113.6Property: TLS KeyStore Password

     
    Property Name TLS KeyStore Password
    Property Key
    Property Type PASSWORD
    Description The password for the TLS KeyStore (leave blank if the store has no password).
    Applies to Modules
    • CDS Hooks REST Endpoint
    • FHIR Gateway REST Endpoint
    • FHIR REST Endpoint (DSTU2)
    • FHIR REST Endpoint (R3)
    • FHIR REST Endpoint (R4)
    • FHIRWeb Console
    • HL7 v2.x Listening Endpoint
    • Hybrid Providers REST Endpoint
    • JSON Admin API
    • Package Registry Endpoint
    • Payer to Payer
    • SMART App Host (Deprecated)
    • SMART Outbound Security
    • Subscription Websocket Endpoint
    • appSphere
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.keystore.password =

    41.113.7Property: TLS Cipher Blacklist

     
    Property Name TLS Cipher Blacklist
    Property Key
    Property Type STRING
    Description If specified, contains a space-separated list of ciphers that are not permitted for use by TLS clients. See Selecting Ciphers and Protocol for more information.
    Applies to Modules
    • CDS Hooks REST Endpoint
    • FHIR Gateway REST Endpoint
    • FHIR REST Endpoint (DSTU2)
    • FHIR REST Endpoint (R3)
    • FHIR REST Endpoint (R4)
    • FHIRWeb Console
    • HL7 v2.x Listening Endpoint
    • HL7 v2.x Sending Endpoint
    • Hybrid Providers REST Endpoint
    • JSON Admin API
    • Package Registry Endpoint
    • Payer to Payer
    • SMART App Host (Deprecated)
    • SMART Outbound Security
    • Subscription Websocket Endpoint
    • appSphere
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.protocol.cipher_blacklist =

    41.113.8Property: TLS Cipher Whitelist

     
    Property Name TLS Cipher Whitelist
    Property Key
    Property Type STRING
    Description If specified, contains a space-separated list of ciphers that are permitted for use by TLS clients. See Selecting Ciphers and Protocol for more information.
    Applies to Modules
    • CDS Hooks REST Endpoint
    • FHIR Gateway REST Endpoint
    • FHIR REST Endpoint (DSTU2)
    • FHIR REST Endpoint (R3)
    • FHIR REST Endpoint (R4)
    • FHIRWeb Console
    • HL7 v2.x Listening Endpoint
    • HL7 v2.x Sending Endpoint
    • Hybrid Providers REST Endpoint
    • JSON Admin API
    • Package Registry Endpoint
    • Payer to Payer
    • SMART App Host (Deprecated)
    • SMART Outbound Security
    • Subscription Websocket Endpoint
    • appSphere
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.protocol.cipher_whitelist =

    41.113.9Property: TLS Protocol Blacklist

     
    Property Name TLS Protocol Blacklist
    Property Key
    Property Type STRING
    Description If specified, contains a space-separated list of protocols that are not permitted for use by TLS clients. See Selecting Ciphers and Protocol for more information.
    Applies to Modules
    • CDS Hooks REST Endpoint
    • FHIR Gateway REST Endpoint
    • FHIR REST Endpoint (DSTU2)
    • FHIR REST Endpoint (R3)
    • FHIR REST Endpoint (R4)
    • FHIRWeb Console
    • HL7 v2.x Listening Endpoint
    • HL7 v2.x Sending Endpoint
    • Hybrid Providers REST Endpoint
    • JSON Admin API
    • Package Registry Endpoint
    • Payer to Payer
    • SMART App Host (Deprecated)
    • SMART Outbound Security
    • Subscription Websocket Endpoint
    • appSphere
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.protocol.protocol_blacklist =

    41.113.10Property: TLS Protocol Whitelist

     
    Property Name TLS Protocol Whitelist
    Property Key
    Property Type STRING
    Description If specified, contains a space-separated list of protocols that are permitted for use by TLS clients. See Selecting Ciphers and Protocol for more information.
    Applies to Modules
    • CDS Hooks REST Endpoint
    • FHIR Gateway REST Endpoint
    • FHIR REST Endpoint (DSTU2)
    • FHIR REST Endpoint (R3)
    • FHIR REST Endpoint (R4)
    • FHIRWeb Console
    • HL7 v2.x Listening Endpoint
    • HL7 v2.x Sending Endpoint
    • Hybrid Providers REST Endpoint
    • JSON Admin API
    • Package Registry Endpoint
    • Payer to Payer
    • SMART App Host (Deprecated)
    • SMART Outbound Security
    • Subscription Websocket Endpoint
    • appSphere
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.protocol.protocol_whitelist =

    41.113.11Property: TLS TrustStore Filename

     
    Property Name TLS TrustStore Filename
    Property Key
    Property Type Resource Path
    Description The filename for the TLS TrustStore used to hold trusted certificates for TLS connections. This can be in the format classpath:path/to/file.p12 or file:///path/to/file.p12. Valid file extensions are .jks (Java Keystore) or .p12 (PKCS#12 store).
    Applies to Modules
    • CDS Hooks REST Endpoint
    • FHIR Gateway REST Endpoint
    • FHIR REST Endpoint (DSTU2)
    • FHIR REST Endpoint (R3)
    • FHIR REST Endpoint (R4)
    • FHIRWeb Console
    • HL7 v2.x Listening Endpoint
    • HL7 v2.x Sending Endpoint
    • Hybrid Providers REST Endpoint
    • JSON Admin API
    • Package Registry Endpoint
    • Payer to Payer
    • SMART App Host (Deprecated)
    • SMART Outbound Security
    • Subscription Websocket Endpoint
    • appSphere
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.truststore.file = classpath:truststore.p12

    41.113.12Property: TLS TrustStore Password

     
    Property Name TLS TrustStore Password
    Property Key
    Property Type PASSWORD
    Description The password for the TLS TrustStore (leave blank if the store has no password).
    Applies to Modules
    • CDS Hooks REST Endpoint
    • FHIR Gateway REST Endpoint
    • FHIR REST Endpoint (DSTU2)
    • FHIR REST Endpoint (R3)
    • FHIR REST Endpoint (R4)
    • FHIRWeb Console
    • HL7 v2.x Listening Endpoint
    • HL7 v2.x Sending Endpoint
    • Hybrid Providers REST Endpoint
    • JSON Admin API
    • Package Registry Endpoint
    • Payer to Payer
    • SMART App Host (Deprecated)
    • SMART Outbound Security
    • Subscription Websocket Endpoint
    • appSphere
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.truststore.password =
       41.112    Two Factor Authentication
  • Configuration Categories
  • 41.0 Web Admin Console Settings
  • 41.1 appSphere
  • 41.2 Payer Config
  • 41.3 Initial appSphere Seeding
  • 41.4 Authentication Callback Scripts
  • 41.5 Auth: General for APIs
  • 41.6 User Authentication
  • 41.7 Auth: HTTP Basic
  • 41.8 Auth: OpenID Connect
  • 41.9 Browser Syntax Highlighting
  • 41.10 Capability Statement (metadata)
  • 41.11 CDA Generation
  • 41.12 CDA Import
  • 41.13 CDA JavaScript Execution Scripts
  • 41.14 CDS Hooks Definitions
  • 41.15 Channel Import
  • 41.16 Channel Retry
  • 41.17 Kafka
  • 41.18 Cluster Manager Maintenance
  • 41.19 Message Broker
  • 41.20 Cluster Level Security
  • 41.21 Credentials
  • 41.22 Cross-Origin Resource Sharing (CORS)
  • 41.23 Database
  • 41.24 Da Vinci Health Record Exchange
  • 41.25 DQM
  • 41.26 Email Configuration
  • 41.27 ETL Import: CSV Properties
  • 41.28 ETL Import: Source
  • 41.29 FHIR Binary Storage
  • 41.30 FHIR Bulk Operations
  • 41.31 Capability Statement
  • 41.32 FHIR Configuration
  • 41.33 Consent Service
  • 41.34 FHIR Endpoint Conversion
  • 41.35 Interceptors
  • 41.36 FHIR Endpoint Partitioning
  • 41.37 Resource Providers
  • 41.38 FHIR Endpoint Security
  • 41.39 Endpoint Terminology
  • 41.40 FHIR Gateway Configuration
  • 41.41 FHIR Interceptors
  • 41.42 LiveBundle Service
  • 41.43 FHIR MDM Server
  • 41.44 FHIR Performance
  • 41.45 FHIR Performance Tracing
  • 41.46 FHIR Realtime Export
  • 41.47 Repository Validation
  • 41.48 FHIR Resource Types
  • 41.49 FHIR REST Endpoint
  • 41.50 FHIR Search
  • 41.51 Custom Resource Types
  • 41.52 IG Support
  • 41.53 MegaScale
  • 41.54 FHIR Storage Module Scheduled Tasks
  • 41.55 FHIR Validation Services
  • 41.56 FHIR Storage Package Registry
  • 41.57 FHIR Storage Partitioning
  • 41.58 Versioned References
  • 41.59 FHIR Subscription Delivery
  • 41.60 FHIR Subscription Persistence
  • 41.61 Amazon HealthLake REST Endpoint
  • 41.62 HL7 v2.x Mapper - Contained Resource
  • 41.63 HL7 v2.x Mapper - DG1
  • 41.64 HL7 v2.x Mapper - Forced Namespace Mode
  • 41.65 HL7 v2.x Mapper - General
  • 41.66 HL7 v2.x Mapper - Medications
  • 41.67 HL7 v2.x Mapper - OBR
  • 41.68 HL7 v2.x to FHIR Mapper - OBSERVATION Group
  • 41.69 HL7 v2.x to FHIR Mapper - ORDER_OBSERVATION Group
  • 41.70 HL7 v2.x Mapper - PID
  • 41.71 HL7 v2.x Mapper - PV1
  • 41.72 HL7 v2.x Listener Script
  • 41.73 HL7 v2.x MLLP Listener
  • 41.74 HL7 v2.x MLLP Sender
  • 41.75 FHIR to HL7 v2.x Mapper Script
  • 41.76 HL7 v2.x Outbound Mapping
  • 41.77 Da Vinci Health Record Exchange (HRex)
  • 41.78 HTTP Access Log
  • 41.79 HTTP Listener
  • 41.80 HTTP Request Pool
  • 41.81 HTTP Security
  • 41.82 Hybrid Providers Definitions
  • 41.83 Initial User Seeding
  • 41.84 JavaScript Execution Environment
  • 41.85 JSON Web KeySet (JWKS)
  • 41.86 LDAP Authentication
  • 41.87 Smile CDR License
  • 41.88 Lucene FullText Indexing
  • 41.89 MDM
  • 41.90 Narrative Generator
  • 41.91 OpenID Connect Token Validation
  • 41.92 OpenID Connect (OIDC)
  • 41.93 Payer to Payer
  • 41.94 Privacy Security Notice
  • 41.95 Provenance Injection
  • 41.96 Realtime Export
  • 41.97 Endpoint Validation: Request Validating
  • 41.98 Scheduler Configuration
  • 41.99 Search Parameter Seeding
  • 41.100 SAML Provider
  • 41.101 Security Inbound Script
  • 41.102 Inbound SMART on FHIR Authentication
  • 41.103 Inbound SMART on FHIR Endpoints
  • 41.104 OAuth2/OIDC Federation
  • 41.105 SMART Callback Script
  • 41.106 Cross-Organizational Data Access Profile
  • 41.107 SMART Login Skin
  • 41.108 SMART Login Terms of Service
  • 41.109 SMART Authorization
  • 41.110 SMART Definitions Seeding
  • 41.111 Sessions
  • 41.112 Two Factor Authentication
  • 41.113 TLS / SSL (Encryption)
  • 41.114 Transaction Log
  • 41.115 Trusted Client
  • 41.116 User Self Registration
    • 41.114    Transaction Log