15.1.1Authentication Protocols

 

Smile CDR supports several mechanisms for authenticating users and systems that are communicating with Smile CDR.

The following diagram shows the various ways you can authenticate with different Smile CDR modules.

Authentication Types

15.1.2HTTP Basic

 

HTTP Basic Access Authentication is a mechanism that includes credentials (a username and password) included in an HTTP header with each request. The credentials are joined by a : (colon character) and then base64 encoded.

The following example shows a Basic Authentication request header.

Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l 

This mechanism is usable only for non-interactive endpoints (i.e. API calls to Smile CDR). Using HTTP Basic requires transmitting raw credentials within the request headers, so it must always be combined with TLS/HTTPS and must not be used in an environment where HTTP headers might be intercepted.

15.1.3OpenID Connect (OIDC) and SMART on FHIR

 

OpenID Connect (OIDC) is a specialization of the OAuth2 protocol. The SMART on FHIR specification for connected health applications requires the use of OIDC for authenticating these applications.

Learn more about SMART on FHIR in the SMART on FHIR Overview.

15.1.4Security Access Markup Language (SAML)

 

SAML is an older standard then OIDC, but is still widely used. It is most commonly used as an enterprise single-sign-on (SSO) provider, allowing users in a corporate environment to authenticate against multiple applications using a central identity provider.

SAML works by passing digitally signed authentication requests and responses in XML document payloads.

Learn more about SAML in the SAML Inbound Security Module documentation.