Validation

Interoperability Connector Suite User Guide

Generation

When WS-Security Generation is enabled in a destination connector, a Security section will be generated according to the WS-Security settings and placed in the SOAP header of the outgoing message. SAML Assertions, Timestamp, and signatures will be generated per NHIN specifications. Similarly, when WS-Security Generation is enabled in a source connector, a Security section will be generated and placed in the SOAP header of the response according to NHIN specifications. Generation Settings Parent topic: WS-Security

Interoperability Connector Suite User Guide

WS-Security

All Interoperability Connectors support WS-Security (web service security) for message validation. Note: It's important to note that, while managing certificates for use with WS-Security is much easier with the SSL Manager plugin, the SSL Manager plugin is not required. If the SSL Manager plugin is not installed, there are fewer options available for WS-Security and the Interoperability Connectors will use the default java keystore for certificate validation. Validation Generation

Interoperability Connector Suite User Guide

Source Connector Options

Option Name Description Convert to JSON If enabled, automatically convert SOAP response payloads to JSON. Expanded JSON Envelope If enabled, the JSON version of the incoming envelope will always use an expanded format where all children are expanded into arrays and objects. The JSON document will be larger and more verbose, but it will also be in a more consistent structure which can make transformation easier. Convert JSON Response to XML If enabled, responses will be converted from JSON to XML. Must Understand If enabled, the mustUnderstand attribute will be added to the To, RelatesTo, Action, and MessageID header elements on all SOAP responses. Validate WS-Security If enabled, a Security section must be present in the SOAP header of any incoming requests. The SAML Assertion and Timestamp will be validated according to NHIN standards. If the Security node isn't present or doesn't pass validation, the request will not be processed through the channel. See WS-Security for more informat

Interoperability Connector Suite User Guide

Destination Connector Options

Option Name Description Use Default WSDL If enabled, will use standard WSDL and operations. To use custom operations, disable this option, provide a WSDL URL, and select Get Operations. WSDL URL The full URL to the WSDL describing the web service method to be called. Select the Get Operations after entering a URL. Use UDDI Select Yes to use a UDDI provider to determine the Location URI. Select No to use the default Location URI or provide your own. See UDDI for more information. Location URI The dispatch location for the port / endpoint defined in the Connector. This field is filled in automatically when you select Get Operations and does not usually need to be changed. If left blank, the default URI defined in the WSDL will be used. Convert Response to JSON If enabled, responses will be converted from XML to JSON. Expanded JSON Response If enabled, the JSON version of the response envelope will always use an expanded format where all children are expanded into arrays and objects. The

Interoperability Connector Suite User Guide

Generation Settings

The WS-Security Generation settings for destinations allow specifying a certificate through SSL Manager or manually to an alias in a keystore. SAML assertions and HL7 coded element attributes are also specified in the Generation Settings and include a simple set of entries to start with. An image of WS-Security Generation settings for destinations Parent topic: Generation

SSL Manager User Guide

Apply Destination Connector SSL Settings

On the Channels page, double-click a channel in the Channel list. Select the Destinations tab. In the Connector Type field, select the connector type that supports the SSL Manager (HTTP Sender, Web Service Sender, File Writer in FTP mode). In the SSL Settings section, the SSL Manager is inactive. If you populate the URL field in the HTTP Sender Settings section, the field turns yellow with a Lock icon next to the URL. If you move the pointer over the Lock icon, a tool tip appears that explains the reason for the situation. (Selecting the Lock icon opens a window with the same content as the tool tip.) Adding a URL while the Manager is Inactive In the SSL Settings section - Use SSL Manager field, select Yes to nullify the locked condition and enable all security options and two-way authentication. (The URL field turns green to reflect the change.) Enabling SSL Manager Select the wrench icon to open the SSL Settings window: Items on the SSL Settings Window Item Name Default Value Descrip

Validation

Recommendations

Generation

WS-Security

Source Connector Options

Destination Connector Options

Generation Settings

Apply Destination Connector SSL Settings

Generation

WS-Security

Source Connector Options

Destination Connector Options

Generation Settings

Apply Destination Connector SSL Settings