This repository has been archived by the owner on Nov 17, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 20
Authentication
Alexander Kiel edited this page Jan 16, 2021
·
8 revisions
Authentication of organizations withing the HiGHmed DSF is handled by the use of X.509 client and server certificates. Currently only the certificate authority run by DFN (Deutsches Forschungsnetz) is supported. All participating organizations are entered in a distributed and synchronized allow-list of valid organizations and certificates.
A webserver certificate is needed to run the FHIR endpoint and a 802.1X client certificate is used to authenticate against other organizations endpoints and as a server certificate for the business process engine. For available certificate profiles see DFN-PKI-Zertifikatprofile_Global.pdf
- Purpose: Server certificate to authenticate the FHIR endpoint on the local network and against other organizations
- DFN certificate profile: Web Server
- Common name: FQDN of the server used while accessing from other organizations (external FQDN)
- Subject alternative DNS entries: Use additional alternative FQDNs if a different name is used while accessing the Server from the local Network (local FQDN)
- Purpose: Client certificate to authenticate against remote FHIR endpoints (when either the BPE Server or the FHIR Endpoint Server is acting as a client), server certificate to authenticate the business process engine server on the local network
- DFN certificate profile: 802.1X Client
- Common name: FQDN of the server used while accessing from the local network (local FQDN)