Installation Qualification

After installing a SanteDB iCDR product, such as SanteMPI or SanteIMS, there is often a need to validate that the software is setup and functioning correctly. This page provides reference materials for running these installation qualification tests.

User Interface Testing

The Security Administration Testing wiki article provides test steps that users can perform to validate that the security environment of SanteDB is running correctly.
If you're running the iCDR and the web host portal you can use the User Interface Test Cases , if you're operating SanteDB iCDR in a headless environment the Admin Console tests provide equivalent tests using the sdbac tooling.

SanteMPI Functional Testing

If you've installed the SanteMPI solution you can use the Master Patient Index / Client Registry test cases to validate your configuration of SanteMPI.
The test cases cover:
It is important that you use the default configurations for SanteMPI when running these tests. Changes in configuration should be performed after the qualification testing is completed. This applies to:
  • Matching Configuration Changes
  • Queueing or Dispatching Changes
  • Pub-Sub Behavior Changes

Security Environment Qualification

It is recommended that, after Securing SanteDB APIs is performed that a complete network scan be performed to ensure that the attack surface area of the environment is minimal.
  • Perform a security scan of the applications involved (see: OWASP ZAP) to ensure SSL, XSS, CORS, and other web security practices have been configured appropriately
    • Add any blocking scripts to browser headers your Application Firewall may be adding
    • Ensure proper caching policies and login policies are in place
  • Perform a network port scan/attach tool to ensure that opened ports and services are minimal (see: NMAP)
    • Ensure that only ports you want opened are open
    • Ensure that ports that are open are secured.
  • Use OpenSSL to validate that your SSL certificates are properly configured
openssl s_client -connect -showcerts
depth=2 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
verify return:1
depth=1 C = BE, O = GlobalSign nv-sa, CN = AlphaSSL CA - SHA256 - G2
verify return:1
depth=0 CN = *
verify return:1
Certificate chain
0 s:CN = *
i:C = BE, O = GlobalSign nv-sa, CN = AlphaSSL CA - SHA256 - G2