This technology provides means for HyperDoc Online authentication using encrypted string in URL (theoretically it could be used for POST
method too). Sample usage can look like this:
http://localhost/HIS20/hislogin.asp?TPID=MIGUBgkrBgEEAYI3WAOggYYwgYMGCisGAQQBgjdYAwGgdTBzAgMCAAECAmYQAgIB%0D%0AAAQQAAAAAAAAAAAAAAAAAAAAAAQQGHMaK%2Fam0JOpIZeAiF0zHQRA0KjSi6tQy6lc%0D%0AoQEf4FleormI6OppPZ4OjYgOd%2By4zEe3LKgHy55sgeCf3V6iDGB4WQuk8sCJumaM%0D%0A3GJiLley5Q%3D%3D%0D%0A
Please note that it should be rather considered as short term solution with limited security.
Basically client is supposed to supply TPID
parameter with encrypted user, password and UTC time.
Server decrypts parameter, extracts user, password and time.
Warning
Time (which must be UTC time) is checked against server time. Only if difference is less than one hour, parameter is regarded to be valid.
Parameter is encrypted using AES algorithm in Microsoft CAPICOM EncryptedData format.
Of course, client application can (and should) use provided component for generating value of TPID
parameter.
Sample ASP page in the section called “Example of ASP page” shows how to do it.
Generally one should create Authentication object from HyperDoc Administration Base component (HDAdmBase.Authentication
) and call two methods on it.
Important
Please note that HyperDoc Online server part (HyperDoc Internet server) must be installed on client
machine too.
Following steps should be performed on client machine. Please note that client machine
is a computer where you will call HIS application.
This means that SE Arkivtjanst or NO Arkivtjanst or any other site in use is a client side
.
Install HyperDoc Online (HyperDoc Internet server) version 4.71 or newer,
Copy TPID folder with SingleSignOn files from
Tessel Software Line\ASPPages\TPID
to new place on your disc,The files provided are:
WriteSecKeyToReg.vbs - script, which adds to registry Secret Key for TPID
Important
On 64-bit systems you must use Secret Key this way:
Click Start\run and type:
%windir%\SysWoW64\cmd.exe
Then change location to TPID folder and type
csscript WriteSecKeyToReg.vbs
index.asp - SP page, which contains user name and password. Please remember to set this parameters and the others like ObjID, DocID, Hierarchy etc. Additionally you have to set proper Secret Password mode and server name.
OpenHISfolder that contains:
index.html - You have to change path to GenerateTPID.asp file, user name, password and destination HIS page,
GenerateTPID.asp - you have to change secret password mode to proper one only.
Note
index.asp page in root folder (TPID) is an old version of TSL Passport that we recommend for use.
Files in OpenHIS folder creates new possibility to use TSL Passport.
Please note that OpenHIS way allows a user can to see UserName and Password in his browser before it is redirected to HyperHouse. It is possible tho to generate the link on server side so a user will get the links with encrypted password.
Both ways are valid and working.
Create new web application (Virtual Folder) pointing to
TPID
folder on disk,Important
On 64-bit systems you must create Application - not Virtual Folder and set option "Enable 32-bit Applications" to
True
in Application pool - advanced settings.Install Microsoft CAPICOM SDK version 2.1.0.2 (you may download it from here),
Register C:\Program\Microsoft CAPICOM 2.1.0.2 SDK\Lib\X86\capicom.dll library using following command:
regsvr32 C:\Program\Microsoft CAPICOM 2.1.0.2 SDK\Lib\X86\capicom.dll
You can now modify contents of index.html or prepare own html page to invoke HIS. Simple call to open HIS is as following example for open demo database at HyperHouse:
<button onclick="window.open('http://yourserver/OpenHis/GenerateTPID.asp?name=username&password=password&url=' + encodeURIComponent('http://client.hyperhouse.se/Archive/'));" value="Open HIS">Open demo on HyperHouse</button>
If using HOPAStartUI.asp add to above example the name of this ASP file with desired parameters and values like in this example for the demo database at HyperHouse site.
See the section called “HOPAStartUI.asp” for description of parameters and values for HOPAStartUI.asp (and other ASP files available in HOPA).
<button onclick="window.open('http://yourserver/OpenHis/GenerateTPID.asp?name=username&password=password&url=' + encodeURIComponent(http://client.hyperhouse.se/Archive/HOPAStartUI.asp?HN=HDocHierarchyDefinition&OC=HDV_H1_SPACE&DFS=1&ID=10000912 '));" value="Open HIS">Open demo on HyperHouse with HOPAStartUI</button>
Replace values for HN (HierName), OC (ObjectClass), and ID (ID for object) that apply to Your HyperDoc database (require knowledge of HyperDoc database structure).
You may put url address and user credentials here and then invoke any HyperHouse web application. Please note that GenerateTPID.asp contains hard-coded secret password. Please do not change it, because it is common for client and server side.
Tip
TPID components writes down messages to Windows EventLog. If TPID doesn't work please run EventViewer and look at Application log. You should have Warning logged by HDAdmBase.Authentication
.
- GetEncryptedData(UserName, Pwd, [Time])
This method encrypts HyperDoc's user name and password together with UTC time. If time is not supplied current time is used. Remember to 'URLEncode' obtained data before using it in URL.
Example:
TPID = Server.URLEncode(oAuth.GetEncryptedData(UserName, Pwd))
- HDAdmBase.Authentication
To create HDAdmBase.Authentication object you should put in your ASP page code following line:
Set oAuth = Server.CreateObject("HDAdmBase.Authentication")
- SetSecretPwdMode Mode, RegSuffixOrSecretKey
It sets required operating mode and (optionally) required parameters. Mode can be one of:
0 - Tessel Passport functionality is disabled at all (obviously this mode is useless on client side).
1 - secret password required for encryption/decryption is taken from registry; optional parameter allows multiple registry keys for different HyperDocs Online sitting on one server; so secret key should be placed in value "secdata" for key "HKLM\Software\Tessel Systems\HyperDoc Online\TPID"; if object was initiated with additional registry suffix, one is appended to above registry key (value to be read - "secdata" remains unchanged); attached VBS script simplifies task of adding/modifying secret key in registry.
2 - secret password required for encryption/decryption is supplied directly as parameter to this call.
3 - predefined, hard-coded secret password is used (this mode is intended for debugging).
Of course, value of secret key has to be same on client and server.
Example:
oAuth.SetSecretPwdMode 2
To start HIS application, HIS on server side must be configured to work in this manner.
To do so new entry in ini
file is needed. All ini
files were modified on HyperHouse, so you can reach any HIS application using Tessel Passport.
We expect periodical changes of secret code for security reasons in future.
To enable Tessel Passport on server side one should add following entries in [General]
section of HyperDoc Online INI file:
-
EnableTesselPassport=[0 | 1 | 2 | 3]
This entry sets operation mode for server side component - this is equivalent of first (
Mode
) parameter ofSetSecretPwdMode
method (meaning is described in client side part). Value 0 is default, so without this entry Tessel Passport is disabled. If you want to use mode 1 (secret password required for encryption/decryption is taken from registry) you can use script WriteSecKeyToReg.vbs.Warning
To minimize security threat, do not enable it if you are not going to use it.
- TesselPassportParam
This entry sets additional info for server side component - this is equivalent of second (
RegSuffixOrSecretKey
) parameter ofSetSecretPwdMode
method (meaning is described in client side part).
<%@ LANGUAGE = VBScript %> <% Dim oAuth Dim UserName, Pwd, URLString Dim SecData dim req On Error Resume Next Set oAuth = Server.CreateObject("HDAdmBase.Authentication") UserName = "admin" Pwd = "admin" URLString = "demo.hyperhouse.se" oAuth.SetSecretPwdMode 2, "HIS" SecData = Server.URLEncode(oAuth.GetEncryptedData(UserName, Pwd)) if err.number <> 0 then Response.write("<html><body>" & Err.Description & "</body></html>") else %> <html> <body> <div>Tessel Passport Example File</div> <br/> <form> <div>Start SSL enabled sites:</div> <button onclick="window.open('https://<% = URLString%>/?TPID=<% = SecData%>')" value="Open HIS">SSL Netman - plain start</button> <br/> <button onclick="window.open('https://<% = URLString%>/HOPAStartUI.asp?ObjID=HDocHierarchyDefinition|1|Regions|41_O0021001&TPID=<% = SecData%>')" value="Open HIS">SSL start UI with object</button> <br/> <br/> <div>Start non-SSL sites:</div> <button onclick="window.open('http://<% = URLString%>/?TPID=<% = SecData%>')" value="Open HIS">Non SSL Netman - plain start</button> <br/> <button onclick="window.open('http://<% = URLString%>/HOPAStartUI.asp?ObjID=HDocHierarchyDefinition|1|Regions|41_O0021001&TPID=<% = SecData%>')" value="Open HIS">Non SSL start UI with object</button> <br/> <br/> <div>HOPA Calls with Tessel Passport and SSL:</div> <button onclick="window.open('https://<% = URLString%>/HOPAGetView4Doc.asp?SOO=1&SR=0&FM=2&W=800&BD=24&DID=10001446&TPID=<% = SecData%>')" value="Open HIS">HOPA with SSL</button> </form> </body> </html> <% end if On Error Goto 0 %>
<%@ LANGUAGE = VBScript %> <% Dim oAuth Dim UserName, Pwd Dim SecData on error resume next Set oAuth = Server.CreateObject("HDAdmBase.Authentication") ' set username and password UserName = "admin" Pwd = "admin" ' set parameters (please remember, that this string should end with '&' sign) parameters = "ObjID=HDocHierarchyDefinition|1|Buildings|Building003&" oAuth.SetSecretPwdMode 2, "HIS" SecData = Replace(oAuth.GetEncryptedData(UserName, Pwd), vbCrLf, "") SecData = Server.URLEncode(SecData) if err.number <> 0 then Response.write("<html><body>" & Err.Description & "</body></html>") else onloadString = "http://server_name/his/HOPAStartUI.asp?" & parameters & "TPID=" & SecData end if on error goto 0 %> <html> <body> <a href="<% = onloadString %>">Click</a> </body> </html>