HS.HC.IHE.XUA.Processor
class HS.HC.IHE.XUA.Processor extends %Library.RegisteredObject
SOAPServer.Base calls (in OnPreWebMethod - ValidateSAML, ProcessSAML) then ProcessRequestProperty Inventory
Method Inventory
- BuildSAMLData()
- CheckSignerId()
- CreateSAMLData()
- ExtendedValidation()
- GetAssertion()
- GetAssertionFromMessage()
- GetDomain()
- GetExpectedAttributes()
- GetProcessor()
- MapPurposeOfUse()
- MapRoles()
- ProcessRequest()
- ProcessSAML()
- ProcessSignature()
- ValidateOtherKeyInfo()
- ValidateSAML()
- ValidateSignature()
- ValidateX509()
- validateAttributes()
- validateAuthnStatement()
- validateStatements()
- validateSubject()
Parameters
parameter DOMAIN = HS;
Domain used for localization.
parameter HSDEPLOY = 0;
parameter UISETTINGS;
parameter ValidateUser = 0;
Boolean whether the SAML user should be validated against the user registry
Properties
property CheckSignerIdentity as %Boolean [ InitialExpression = 1 ];
If this property is true and RequireSignature is true, inspect the KeyInfo on the signature
as part of the signature validation. The assertion will only pass validation if it is
possible to identify the signer from the KeyInfo and the signer's credentials are trusted.
If this setting is false, a signature which includes a reference to an X.509 certificate will still have the certificate checked against Caché's list of trusted certificates, but signatures which are signed with only an RSA public key, or with symmetric encryption, will pass validation without attempting to identify the signer.
It is strongly recommended to set CheckSignerIdentity to true if RequireSignature is set to true.
If this setting is false, a signature which includes a reference to an X.509 certificate will still have the certificate checked against Caché's list of trusted certificates, but signatures which are signed with only an RSA public key, or with symmetric encryption, will pass validation without attempting to identify the signer.
It is strongly recommended to set CheckSignerIdentity to true if RequireSignature is set to true.
Property methods: CheckSignerIdentityDisplayToLogical(), CheckSignerIdentityGet(), CheckSignerIdentityIsValid(), CheckSignerIdentityLogicalToDisplay(), CheckSignerIdentityNormalize(), CheckSignerIdentitySet()
property DefaultSecurityDomain as %String [ InitialExpression = "SAML" ];
Property methods: DefaultSecurityDomainDisplayToLogical(), DefaultSecurityDomainGet(), DefaultSecurityDomainIsValid(), DefaultSecurityDomainLogicalToDisplay(), DefaultSecurityDomainLogicalToOdbc(), DefaultSecurityDomainNormalize(), DefaultSecurityDomainSet()
property DomainPrefix as %String [ InitialExpression = "%HS " ];
Optional: A prefix to append to the security domain name. Use this to use "internal"
HealthShare security domains which allow assigning roles/groups to a user
Property methods: DomainPrefixDisplayToLogical(), DomainPrefixGet(), DomainPrefixIsValid(), DomainPrefixLogicalToDisplay(), DomainPrefixLogicalToOdbc(), DomainPrefixNormalize(), DomainPrefixSet()
property RequireSignature as %Boolean [ InitialExpression = 0 ];
Property methods: RequireSignatureDisplayToLogical(), RequireSignatureGet(), RequireSignatureIsValid(), RequireSignatureLogicalToDisplay(), RequireSignatureNormalize(), RequireSignatureSet()
Methods
method BuildSAMLData(ByRef pAssertion As %SAML.Assertion, ByRef pSAMLData As HS.IHE.XUA.SAMLData) as %Status
Build the HS.IHE.XUA.SAMLData which will be stored in the ..SAMLData in the web server request
method CheckSignerId(pSignature As %XML.Security.Signature, pAssertion As %SAML.Assertion) as %String
method CreateSAMLData(pAssertion As %SAML.Assertion = "", pImportHandler As %SOAP.WebBase, Output pSAMLData As HS.IHE.XUA.SAMLData) as %Status
method ExtendedValidation(pAssertion, pSAMLData) as %Status
Optionally validate values parsed from assertion and return status
classmethod GetAssertion(pStreamOrString) as %SAML.Assertion
Utility method to return an assertion object from a stream or string token
classmethod GetAssertionFromMessage(pMessageId) as %SAML.Assertion
Utility method to return an assertion from a token within a XMLMessage
method GetDomain(pSAMLData As HS.IHE.XUA.SAMLData) as %String
method GetExpectedAttributes(ByRef pExpected)
classmethod GetProcessor(pXUAConfig As HS.IHE.XUA.Config) as Processor
Called by HS.IHE.Common.Services.SOAPServer.Base:GetProcessor once the processor class is determined
method MapPurposeOfUse(pSAMLData As HS.IHE.XUA.SAMLData) as %Status
method MapRoles(pSAMLData As HS.IHE.XUA.SAMLData) as %Status
method ProcessRequest(pRequest As HS.Message.XMLMessage) as %Status
Override this method to provide customized user authentication
Authenticate user and determine roles. Return an error status if user is not authenticated
Update
pRequest.AdditionalInfo.SetAt(username,"USER:UserID")
pRequest.AdditionalInfo.SetAt(username,"USER:Roles")
Authenticate user and determine roles. Return an error status if user is not authenticated
Update
pRequest.AdditionalInfo.SetAt(username,"USER:UserID")
pRequest.AdditionalInfo.SetAt(username,"USER:Roles")
method ProcessSAML(pAssertion As %SAML.Assertion = "", Output pSAMLData As HS.IHE.XUA.SAMLData = "") as %Status
Called during the OnPreWeb method of SOAPServer.Base
Extract the Attribute fields insert them into pSAMLData to be returned and assigned to ..SAMLData which
will be copied to the pRequest
method ProcessSignature(pAssertion, pSAMLData As HS.IHE.XUA.SAMLData) as %Status
Called by BuildSAMLData
method ValidateOtherKeyInfo(pAssertion As %SAML.Assertion, Output pReason) as %Status
method ValidateSAML(pAssertion As %SAML.Assertion = "", Output pReason As %String, pImportHandler As %SOAP.WebBase, Output pSAMLData As HS.IHE.XUA.SAMLData) as %Boolean
Validate incoming SAML Assertion based on XUA specifications.
method ValidateSignature(pAssertion, Output pReason) as %Status
Called by ValidateSAML
classmethod ValidateX509(pCreds As %SYS.X509Credentials) as %Status
Copied from %SYS.X509Credentials::Validate in Cache 2016.4 for use in earlier versions
method validateAttributes(pStatement, Output pReason, Output pData) as %Status
called by validateStatements
method validateAuthnStatement(pStatement, Output pReason, Output pData) as %Status
Called by validateStatements
Called by ValidateSAML
method validateSubject(pAssertion, Output pReason) as %Status
Called by ValidateSAML
Inherited Members
Inherited Methods
- %AddToSaveSet()
- %ClassIsLatestVersion()
- %ClassName()
- %ConstructClone()
- %DispatchClassMethod()
- %DispatchGetModified()
- %DispatchGetProperty()
- %DispatchMethod()
- %DispatchSetModified()
- %DispatchSetMultidimProperty()
- %DispatchSetProperty()
- %Extends()
- %GetParameter()
- %IsA()
- %IsModified()
- %New()
- %NormalizeObject()
- %ObjectModified()
- %OriginalNamespace()
- %PackageName()
- %RemoveFromSaveSet()
- %SerializeObject()
- %SetModified()
- %ValidateObject()