Federated SSO for Clinical Viewer demo is not working

Question

Question

#Authentication #Deployment #OAuth2 #HealthShare

Hi!

I'm trying to set up a Clinical Viewer demo env with HealthShare 2024.2.
I've done the standard installation following the doc :

UCR - UCR demo with IHE
CV - CV demo

Everything works until I get to the point where I have to enable federated SSO (UCR demo - Federated SSO). Once it is activated, I can no longer access the instance through the portal, and the browser displays the following error:

Checking the messages.log, I see that every time I try to enable federated SSO and access the portal, I encounter the following error:

12/24/24-10:51:55:639 (98515) 2 [Utility.Event] Error in %ZHS.OAuth2.UI.Login:OnPreHTTP- ERROR #5809: Object to Load not found, class 'OAuth2.Client', ID '172.24.40.31-443-ucr-hs-instance'

I followed the doc step by step. Am I missing something here?

Thanks!

Product version: HealthShare 2024.1

$ZV: HealthShare Unified Care Record 2024.2.0 Build: 1012 [HealthShare Modules: Health Insight:28.0 + Core:28.0 + Patient Index:28.0] - IRIS for UNIX (Red Hat Enterprise Linux 9 for x86-64) 2024.1 (Build 267_2_23734U) Thu Sep 26 2024 20:14:32 EDT [Health Insig

Discussion (3)2

Log in or sign up to continue

score 0 · Answer 1 · 2024-12-24T07:13:52-05:00

I ran into the same issue. I think it's related to the order in which the access gateway for the CV is activated; if you do it before setting up security (SSL/TLS) it won't register properly with the hub. I deactivated and reactivated the access gateway and that resolved the problem.

score 0 · Answer 2 · 2024-12-24T11:11:20-05:00

Hi Jeffrey, thank you for the reply.
Unfortunately, that doesn't seem to be the issue.
According to the documentation, I first install the demo UCR instance (with IHE) and then the CV instance. The SSO activation takes place right after the UCR installation, and I encounter the problem even before installing the CV instance. Once the SSO is enabled, I log out to check if it works, and I get the error I showed in the post.

I also tried to stop and start the accesd gateways on the UCR instance but doesn't solve the problem unfortunatly.

score 0 · Answer 3 · 2024-12-24T12:54:58-05:00

Are both instances on the same host, and if yes, have you set them up with instance prefixes (it looks like you have based on the screenshot). You may want to check all of your service entries in the registry and verify that they're pointing at the right instance.

And I know some of the OAuth2 artifacts are created on production start ... is at least the registry/hub running?