FHIR Chat · SAML assertion with FHIR · implementers

Stream: implementers

Topic: SAML assertion with FHIR

view this post on Zulip sanjay bhupathiraju (Aug 31 2021 at 15:49):

I believe AthenaHealth doesn't support SMART on FHIR today. But they do support SAML SSO. Is there any way to make SAML work with FHIR, by passing on the SAML assertion tokens to FHIR? or perhaps an abstracted way of generating an OAuth2 token from SAML assertion that is created using Athena Health id, secret pair? One of the OAuth2 profiles has a way to form an OAuth2 token acceptable by the Reliable Party from the SAML assertion. Did anyone from this group try this out to support SAML with FHIR?

view this post on Zulip Lloyd McKenzie (Aug 31 2021 at 15:56):

@John Moehrke

view this post on Zulip John Moehrke (Aug 31 2021 at 15:57):

Yes there is.

view this post on Zulip John Moehrke (Aug 31 2021 at 15:59):

First choice is to use a OASIS profile of SAML "SAML SSO Profile" that shows how to refer to a SAML token in a http REST interaction

view this post on Zulip John Moehrke (Aug 31 2021 at 16:01):

Second choice is to use the IHE Implementation Guide for OAuth -- https://profiles.ihe.net/ITI/IUA/index.html Which includes a SAML tunneling (ish) solution

view this post on Zulip John Moehrke (Aug 31 2021 at 16:02):

There may be others. The base concept of OAuth is that it converts input into a token. That input can be many possible things. In the case of SMART-on-FHIR they indicate that one of the inputs might be an OpenID-Connect user authentication token. But it might just as easily be a SAML token using SAML-SSO-Profile.

view this post on Zulip John Moehrke (Aug 31 2021 at 16:03):

you might want to ask on the #Security and Privacy stream

view this post on Zulip sanjay bhupathiraju (Aug 31 2021 at 16:06):

Thank you very much @John Moehrke for sharing these details along with specifications. I will surely prepare ahead on these resources and post any other questions in the Security and privacy stream. Is there a sandbox for me try these methods for AthenaHealth that you are aware of?

view this post on Zulip John Moehrke (Aug 31 2021 at 16:07):

I am not aware

view this post on Zulip Michele Mottini (Aug 31 2021 at 17:47):

Athenahealth support SMART-on-FHIR for patient apps. See https://developer.api.athena.io/

Last updated: Apr 12 2022 at 19:14 UTC


An HL7 Website -