Okta is one of the most popular identity providers of single sign on (SSO) that you can enable for the Medical Web Viewer demo. Potentially, your organization may choose to authenticate using this service in other applications. To enable Okta in the Medical Web Viewer demo, proceed as follows:
Create an Okta account. If your organization is already set up, skip to step 2.
On Okta — Admin's page, add a Web application with the following options:
Name / label: MedicalViewer20
Authorization Code
Implicit
Allow ID Token with implicit grant type
Allow Access Token with implicit grant type
Login redirect URIs: "http://localhost/MedicalViewerIdPLink/authorization-code/callback"
Logout redirect URIs: "http://localhost/MedicalViewerIdPLink/Account/PostLogout"
Login initiated by: either Okta or App
Login flow: Redirect to app to initiate login (OIDC Compliant)
Copy the client credentials and use in the following step:
Create/Add users to the application you created. You can use the email address as the user name.
Configure the MedicalViewerIdPLink
web service
The service is installed at: Examples\DotNet\PACSFramework\MedicalWebViewer\Leadtools.Medical.WebViewer.IdP\IdP
Modify the web.config
as follows:
Set the okta:ClientId
value to the client id you obtained when setting up the application on Okta
Set the okta:ClientSecret
value to the client secret you obtained from setting up the application on Okta
Set the okta:OrgUri
value to the Uri of the oauth2
service on Okta: https://**account**.okta.com/oauth2/default
Make sure this is not the admin account.
On the Medical Web Viewer demo, log in as Admin. Proceed to the Permission Management option and add the user you added to the application on Okta. You need to add the same user (e.g., the email address), type the user name, and select the Federated IdP Authentication check box. After that go to the Update User section and assign permissions to the newly added user as needed.
On the Medical Web Viewer demo, log in as Admin. Proceed to the Config Admin Options section, scroll to the bottom, and enable the Sign in using Okta option.
To test it, log out and try logging in using Okta. A button with that option should be available in the login screen.
The button will take you to the Okta sign-in page and will redirect you once the sign in is successful.