On this page:

13.4Local Inbound Security Module

 

The Local Inbound Security module stores user accounts locally in Smile CDR's administrative database. When using this module, Smile CDR acts as a completely self-contained CDR and User Management system. This can be useful when deploying Smile CDR in circumstances where no existing user database or identity management platform is present.

By default Smile CDR creates a Local Inbound Security module, and seeds it with a single administrative user named admin. You may use the Web Admin Console or the JSON Admin API to create and modify users.

13.4.1Configuration: Credentials

  Credentials

When storing usernames in the database, the module can optionally normalize them so that checks will be case insensitive. This is disabled by default, and it can be enabled by setting Username Case Sensitive to true.

When storing passwords in the database, the module can optionally normalize them so that checks will be case insensitive. This is enabled by default, and it can be disabled by setting Password Case Sensitive to false.

Passwords will be stored in the database using a salted hash, and the salt is randomly generated for each individual password. By default the hashing algorithm used is a 10-round bcrypt. This can be changed by modifying the Password Encoding Scheme value.

13.4.2Caching

 

One important thing to note when updating user accounts is that the system caches user credential hashes for a short period of time in order to improve performance. Any changes to a user account (i.e. changing a password, modifying the user's permissions, etc.) may take a few seconds to propagate across the cluster.

13.4.3User Self Registration

 

This module can optionally be configured to allow users to self-register. Self registration is available via the SMART Outbound Security module when it is paired with the Local Inbound Security module.

To enable self registration, the Self Registration Enabled setting must be enabled. In addition, a callback script must be supplied using the User Self Registration Script properties.

Function: onUserSelfRegistrationRequest

This function is called when a user requests a self-registration. It is used to generate an account for the new user.

Parameters

  • theInputUser – This object will be populated with the details as supplied by the user who filled out the self registration form. Object is of type UserDetails. At this time, the following properties are populated:

    • Username
    • Family Name
    • Given Name
    • Email Address
  • theOutputUser – This object should be populated by the script with the actual details that should be stored in the created user object. Any properties except for the username and password need to be explicitly copied from theInputUser to theOutputUser by the script. Object is of type UserDetails.

Example

function onUserSelfRegistrationRequest(theInputUser, theOutputUser) {

    // Copy standard demographics
    theOutputUser.familyName = theInputUser.familyName;
    theOutputUser.givenName = theInputUser.givenName;
    theOutputUser.email = theInputUser.email;

    // Add any permissions you want the user to have by default
    // in a newly created account. Be very careful not to 
    // assign permissions that would be inappropriate for a new
    // user to have!
    theOutputUser.addAuthority('FHIR_CAPABILITIES');

}