0
0

Written by

Fabrizio Campari
Sales Engineer at InterSystems Italy
STAFF
Follow
Question Fabrizio Campari · Dec 24, 2024

Federated SSO for Clinical Viewer demo is not working

#HealthShare #Authentication #Deployment #OAuth2

Hi!   

I'm trying to set up a Clinical Viewer demo env with HealthShare 2024.2. 
I've done the standard installation following the doc : 

Everything works until I get to the point where I have to enable federated SSO (UCR demo - Federated SSO). Once it is activated, I can no longer access the instance through the portal, and the browser displays the following error:

Checking the messages.log, I see that every time I try to enable federated SSO and access the portal, I encounter the following error:

12/24/24-10:51:55:639 (98515) 2 [Utility.Event] Error in %ZHS.OAuth2.UI.Login:OnPreHTTP- ERROR #5809: Object to Load not found, class 'OAuth2.Client', ID '172.24.40.31-443-ucr-hs-instance'

I followed the doc step by step. Am I missing something here?

Thanks!

Product version: HealthShare 2024.1
$ZV: HealthShare Unified Care Record 2024.2.0 Build: 1012 [HealthShare Modules: Health Insight:28.0 + Core:28.0 + Patient Index:28.0] - IRIS for UNIX (Red Hat Enterprise Linux 9 for x86-64) 2024.1 (Build 267_2_23734U) Thu Sep 26 2024 20:14:32 EDT [Health Insig
Discussion (0)0
Log in or sign up to continue

Comments

Jeffrey Drumm · Dec 24, 2024

I ran into the same issue. I think it's related to the order in which the access gateway for the CV is activated; if you do it before setting up security (SSL/TLS) it won't register properly with the hub. I deactivated and reactivated the access gateway and that resolved the problem.

0
Fabrizio Campari  Dec 24, 2024 to Jeffrey Drumm

Hi Jeffrey, thank you for the reply.
Unfortunately, that doesn't seem to be the issue.
According to the documentation, I first install the demo UCR instance (with IHE) and then the CV instance. The SSO activation takes place right after the UCR installation, and I encounter the problem even before installing the CV instance. Once the SSO is enabled, I log out to check if it works, and I get the error I showed in the post.

I also tried to stop and start the accesd gateways on the UCR instance but doesn't solve the problem unfortunatly.

0
Jeffrey Drumm  Dec 24, 2024 to Fabrizio Campari

Are both instances on the same host, and if yes, have you set them up with instance prefixes (it looks like you have based on the screenshot). You may want to check all of your service entries in the registry and verify that they're pointing at the right instance.

And I know some of the OAuth2 artifacts are created on production start ... is at least the registry/hub running?

0
Fabrizio Campari  Jan 5 to Jeffrey Drumm

Yes, both are on the same host with the prefix.
The service registry is fine, all services have the FQDN and the instance prefix.
Yes, all the productiond are running. 

0
David.M · Dec 30, 2024

I've never tried this with an IP address. When you configured Network Host Name and Secure Communication in the Installer Wizard, didn't you use a hostname?

0
Fabrizio Campari  Jan 5 to David.M

Yes I used a host name on the instance VM.
I use the IP adress whem I'm connecting to the instance from the browser my local machine.

0
Enrico Parisi  Jan 5 to Fabrizio Campari

Ciao Fabrizio,

in your machine edit the hosts file and add the FQDN of your HS server so it can be resolved and then use the FQDN in the browser instead of the IP address.

0
Fabrizio Campari  Jan 7 to Enrico Parisi

Hi Enrico,

yes that was the issue, I modified the host file and everything works. 
Thank you!

0
Fabrizio Campari · Jan 7

Using the FQDN from my machine resolved the problem.
Thanks to everyone for the help!

0