Using the Duo Universal API Integration

Multi-Factor Authentication User Guide

Using the Duo API Integration

After invoking the /users/_login endpoint, you will receive a payload like this: <com.mirth.connect.plugins.mfa.model.DuoLoginStatus> ... <primaryStatus>SUCCESS</primaryStatus> <apiHostname>api-f9248ffb.duosecurity.com</apiHostname> <signedRequest>TX|...:APP|...</signedRequest></com.mirth.connect.plugins.mfa.model.DuoLoginStatus> Take note of the primaryStatus, which lets you know whether primary authentication (username and password) succeeded. You should only proceed if the primary status is SUCCESS or SUCCESS_GRACE_PERIOD. Note the apiHostname and signedRequest, as those will be passed into the Duo iframe. The next step is to show the Duo iframe to the user, and retrieve the signed response string. Instructions are here: https://duo.com/docs/duoweb. After you retrieve the signed response string, call the /users/_login endpoint again. On this second leg of authentication, only the username is required, not the password. Concatenate the username, primary status, and signed response wi

Multi-Factor Authentication User Guide

Using the TOTP API Integration

After invoking the /users/_login endpoint, you will receive a payload like this: <com.mirth.connect.plugins.mfa.model.MfaLoginStatus> ... <primaryStatus>SUCCESS</primaryStatus></com.mirth.connect.plugins.mfa.model.MfaLoginStatus> Take note of primaryStatus, which lets you know whether primary authentication (username and password) succeeded. You should only proceed if the primary status is SUCCESS or SUCCESS_GRACE_PERIOD. Generate a new verification code by using the secret key you previously stored. Call the /users/_login endpoint again. On this second leg of authentication, only the username is required, not the password. Concatenate the username, primary status, and verification code with colons (":"). Then send the string as a custom header, X-Mirth-Login-Data. If the login call was successful, the server returns a JSESSIONID cookie for you to use on subsequent requests. Once you no longer need the session, call the /users/_logout endpoint to clear the session data on the server. P

Mirth® Connect by NextGen Healthcare User Guide

Authentication

Mirth® Connect supports both session-based cookie authentication and basic authentication. Basic Authentication: Simply include an Authorization header on all API requests, with basic credentials. Example (for admin/admin): Authorization: Basic YWRtaW46YWRtaW4= Session-Based Authentication: First, invoke the POST /users/_login endpoint, passing in your login credentials. If successful, the server will respond with a cookie (Set-Cookie header) like the following: Set-Cookie: JSESSIONID=uysqrtx9lle36ernybizstps;Path=/api;Secure Invoke the actual API endpoints of your choice, passing in the same cookie as a header: Cookie: JSESSIONID=uysqrtx9lle36ernybizstps;Path=/api;Secure Once you are done, make sure to call the POST /users/_logout endpoint, making sure to pass in the same cookie. Session-based Authentication is preferred since you only need to transmit your login credentials once. Note that the API documentation page invokes the same endpoint automatically when you login at the top: I

Mirth® Connect by NextGen Healthcare User Guide

Mirth® Connect REST API

The Administrator and Command Line Interface both use a well-defined API to communicate with the Mirth® Connect server. You can also use the same API to create custom integrations of your own. The API is documented at https://localhost:8443/api (change the IP / port as needed), or you can select View Client API in Administrator via Other Tasks: Select the View Client API action to open the API documentation in your default browser. Note: You may see a warning in your browser if your Mirth® Connect instance is still using the auto-generated self-signed certificate. You can select Advanced and allow the browser to continue to the page. To resolve this warning, look at Application Data Directory for instructions on installing your own certificate. Select the arrow button on one of the endpoint group rows to view its operations. This list shows the operation's HTTP method type, request URL, and a description for each endpoint. Select on one of the endpoint rows to view its details. If desi

Multi-Factor Authentication User Guide

Configure Duo Integration Settings

Log on to the Mirth® Connect by NextGen Healthcare Administrator, and open the Settings view: Selecting the Settings View Select the MFA settings tab to view the current Multi-Factor Authentication Settings. Next to Enabled, select Yes to enable MFA. Next to MFA Type, select Duo. Copy the Client ID, Client Secret, and API Hostname from the Duo Admin Panel. Copying Values from the Duo Admin Panel When you are done, select the Save task on the left-hand side to save changes. Parent topic: Using Duo Multi-Factor Authentication

Mirth® Connect by NextGen Healthcare User Guide

4.5.0 Upgrade Notes

Improvements and new features included in Mirth® Connect version 4.5.0. Updated DUO Authentication to use the Universal Prompt We have updated the DUO Authentication to use the new Universal Prompt because the Traditional Prompt will no longer be accessible after March 30, 2024. If you are using DUO Authentication with the Multi-Factor Authentication Plugin, do the following: Upgrade to 4.5.0 from a previous version. Start Mirth® Connect (login will look the same for DUO authentication). Go to your DUO Account. Select Applications and Mirth® Connect Application. Select Show New Universal Prompt. Restart Mirth® Connect (login will change to the new prompt). If you choose not to upgrade before March 30, 2024, you need to disable your DUO setting. Removed Libraries We have removed and replaced the following libraries from all Mirth® Connect Components: Apache commons-lang-2.6.jar -> Apache commons-lang3-3.13.0.jar Apache commons-digester-2.0.jar -> Apache commons-digester3-3.2.jar jdom-1.

Using the Duo Universal API Integration

First Call

Second Call

Recommendations

Using the Duo API Integration

Using the TOTP API Integration

Authentication

Mirth® Connect REST API

Configure Duo Integration Settings

4.5.0 Upgrade Notes

Using the Duo API Integration

Using the TOTP API Integration

Authentication

Mirth® Connect REST API

Configure Duo Integration Settings

4.5.0 Upgrade Notes