Security Settings

he Security Settings group on the SanteDB configuration tool are used to control the security subsystems in the SanteDB host context.

Core Server Security

The core security panel allows the control of the settings related to core security functions such as the validation of passwords and security policies.

The options which can be configured in the security panel are:


Password Regex

The regular expression that all passwords in the SanteDB iCDR security realm should have.

PEP Exemption Policy

The exemption policies for the Policy Enforcement Point. This allows administrators to exempt certain principals from being subjected to data privacy enforcement.

None - All principals are subject to policy privacy enforcement (recommended for most deployments)

DevicePrincipalsExempt - Device principals used by synchronization software is exempt (recommended in highly deployed dCDR environments)

Signing Keys

The collection of keys which should be used for signing data generated by the iCDR.

Security Policy Configuration

Ignore this - use the Policies panel.

Password Hasher

Once peppered, the hashing service to use to securely store data in the database.

SHA256 is recommended unless you're porting over passwords from another system which uses an alternate algorithm.

Policy Decision Provider

Allows the changing of the PDP the iCDR will use. If running in a XACML context, this can be an external provider.

Policy Information Provider

If using the iCDR in a context where third party policy information services are available - this is the implementation of the PIP to use.

Password Validator

If using a custom validation strategy (password history, password complexity, etc.) - the validation service to use.


The maximum age of a password (in days) before the password is expired.

Note: Your user interface should be able to handle this condition.


When true, users will not be able to use a previous password as a current password.


The maximum failed logins before the system locks an account.


The length of a session expressed as an ISO period (PT30M is 30 minutes, PT1H is 1 hour, etc.)


The maximum length that a refresh token is valid.

Signing Keys

The signing keys configuration allows you to specify keys that the iCDR server will use for generating digital signatures. Plugins can request specific named keys for signing data, these are:

  • default : The default server key used for signing sessions, security data in the database, etc.

  • jwskey : The key to use for the JWS pointer service - This data is used to sign data in JWS generated payloads on the server.

Other keys may be used by specific plugins. Additionally, if an external trading partner uses a kid attribute in the JWS header, you can configure the specific kid to X509 or HMAC key.

The options when configuring a key:



The X509 certificate to use to sign data. You must have the private key for the certificate in your store.

Certificate Search

The method which should be used to locate the certificate in the central certificate store.

HMAC256 Secret

If using HS256 or another symmetric signature algorithm, this is the shared secret to use to sign the data.


The name of the system which issues data signed with this key. This is used if the kid is not passed in a payload - the iss is used to locate the key.

Key ID

The internal key identifier used by SanteDB and its plugins to reference the key. This is also matched to the kid in JWS payloads.

Signing Algorithm

The method to use to sign data whenever this key identifier is used by SanteDB to generate signatures.

HS256 - HMAC 256

RS256 - RSA + SHA256

RS512 - RSA + SHA512

Last updated