If your deployment does no leverage client certificates for authentication, then your configuration must supply a configuration in the
securityattribute for the configuration. It can have one of the values drawn from the list below, which impact the method with which clients are authenticated.
Noneauthentication method is specified, then the SanteDB server will use the value of
MSH-3as an application identity, and the configured
noAuthSecretas the client secret.
Msh8option is specified for security mode, then SanteDB server will use the following authentication strategy:
Sft4is used as the security mode, then SanteDB server will use the following authentication strategy:
If your use case requires remote servers to enforce client authentication using X.509 certificates, the configuration is modified to add a client certificate or client certificate authority as:
<add address="sllp://0.0.0.0:2200" receiveTimeout="0" name="SanteMPI IHE SLLP">
<sllp checkCrl="true" requireClientCert="true">
<serverCertificate findType="FindByThumbprint" storeLocation="LocalMachine" findValue="467808134ADFFA873694261C707016EC03080A86" />
<clientAuthorityCertificate findType="FindByThumbprint" storeLocation="LocalMachine" findValue="F62FBFA197D0B71207D504D1C7B39598B72C47FD" />
When using X.509 authentication the HL7 message handler will use the
MSH-3|MSH-4value as the device name and the thumbprint of the selected X.509 certificate as the secret. Additionally, the X.509 certificate must have a chain which includes the certificate indicated in
When node authentication is perform using certificates, the value of the
securityModeattribute dictates the authentication strategy for the application (