SMART on FHIR well-known configuration returning 403, but listed as unauthenticated in MP

Question

Question

So I have been working in Healthcare Interops for about a month now and in IRIS. I am looking to implement SMART on FHIR and I am currently working to make an endpoint that works as the discovery endpoint. It is a custom dispatch class and unauthenticated is selected for access. I am trying to make a simple get request from Postman to test that the proper JSON is sent, but I receive a 403 Forbidden error. It is reaching IRIS it seems so I know its not a reverse proxy error. Here is an example of my custom Dispatch Class. Then also there is a screenshot of my web application I made specifically for the discovery endpoint. I have read some mentioning roles regarding unknown users and some mention about headers but nothing seems to get passed the 403 error.

Product version: HealthShare 2024.1

Discussion (2)3

Log in or sign up to continue

Aaron Laferty · Jul 14

Hey David! Thanks for the response to this! I managed to find a simpler solution. It seems that when you want to use the .well-known and metadata endpoints, you need to define the smart on fhir capabilities setting in the fhir server configuration. I figured I had to set those endpoints up manually but including those capabilities makes those endpoints work so now, I have them working!

0 0

score 0 · Answer 1 · 2025-07-14T13:52:04-04:00

I think the Web app has to be /csp/healthshare/fhirdemo, i.e., you can't include .well-known in the Web app. At least, I've never seen a Web app like that. Do the docs say to do that?

If you do Management Poral > System Administration > Security > Auditing > View Audit database, it may tell you something about the error. You may first have to enable the %System/%Security/Protect error in Auditing > Configure System Events.