Running InfoButtons using HTTPS, instead of HTTP.

[DSSUSER]

We have been working with OIB for more than 2 years now, as an HTTP service, in DEV and QA environments.

We are finally ready to deploy everything to production, but we are being told by our security group, and from a SOC2 compliance aspect, that we can not use HTTP to interface with our production servers.

What are the chances of enabling HTTPS in the InfoButtons application?

NOTE: We are using the Docker container image for all of our deployments and environments.

[aniskand]

Yeah, you can run OIB in HTTPS. We use it with https in our public instance and it works just fine.

[DSSUSER]

I am trying to configure InfoButtons to use HTTPS.

We can get to the basic webpage now using HTTPS, but we are getting the following error when we attempt to login:

In the server.xml file, we used the following entry:

Is there anything else you can think of that we need to modify?

Any help in figuring out what we're doing wrong, would be greatly appreciated.

[DSSUSER]

I need to update this ticket.

BACKEND CLIENT HTTPS CALL:

The backend client is able to connect to the HTTPS service, and we are getting a response from the InfoButtons service.

However, the external calls to the document providers is going out via HTTP, instead of HTTPS.

We are not able to open the supplied URL's because the HTTPS originating request, will not allow an HTTP request, over an HTTPS connection.

Here are some of the errors that we get, when we try to access the URL / supplied link:

---

SITE LITE GUI LOGIN:

We can get to the GUI Login screen, but as you can see from the errors below, the "getUser" function is being called, using an HTTP request.

Our HTTPS call will not allow mis-matched HTTPS and HTTP requests to be mixed in the same request.

---

How can we get rid of this mismatch?

Note, that if I take any of the supplied URLs, and simply replace HTTP with HTTPS, they all work!

I can access all of the HTTP pages supplied, by simply converting them to HTTPS.

Again, if we tell the application to use HTTPS, how can we ensure that all subsequent calls use HTTPS instead of HTTP?

[aniskand]

I'm not sure how we handle this in our environments, I think we have httpd configured to redirect all requests to https. I'm going to update the Docker image to fix these issues as well as include my new code for handling the changes to UTS authentication .

[DSSUSER]

Hi Andrew,

Thank you very much.

Going forward, for security purposes, we will probably use HTTPS in all of our environments.

It does not make sense for us to use HTTP in DEV and QA, if we need HTTPS in production.

As such, if you want to convert the code to always use HTTPS, we would definitely not object.

Have a great weekend.

[DSSUSER]

Good morning Andrew,

I was just checking in, to see if you have any kind of status update yet.

Have a great day.

[aniskand]

I'm hoping I can get to this before the end of the week.

[DSSUSER]

Thanks Andrew.

Just a reminder that the UMLS UTS site will officially switch to the new login method this Friday, the 15th.

[DSSUSER]

GM Andrew,

Do you have any updates for this issue?

[DSSUSER]

For testing purposes, does your public deployment of InfoButtons use HTTPS?

If so, until we can get our internal HTTPS version working, can we point to your public version?

If yes, what is that URL?

[gdelfiol]

We do support https on our public server and you are welcome to use it. Here is the base url:

https://service.oib.utah.edu/infobutton-service/infoRequest?

From: DSSUSER notifications@github.com Reply-To: logicahealth/InfoButtons reply@reply.github.com Date: Thursday, January 21, 2021 at 7:45 AM To: logicahealth/InfoButtons InfoButtons@noreply.github.com Cc: Subscribed subscribed@noreply.github.com Subject: Re: [logicahealth/InfoButtons] Running InfoButtons using HTTPS, instead of HTTP. (#39)

For testing purposes, does your public deployment of InfoButtons use HTTPS?

If so, until we can get our internal HTTPS version working, can we point to your public version?

If yes, what is that URL?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/logicahealth/InfoButtons/issues/39#issuecomment-764692359, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AA7KXWNVPX3WZSHMV773VFDS3A4ZNANCNFSM4VOW4EYA.

[DSSUSER]

We pointed our application to your public interface.

We are getting the following error:

[gdelfiol]

Can you send a couple sample URLs generated by your application?

From: DSSUSER notifications@github.com Reply-To: logicahealth/InfoButtons reply@reply.github.com Date: Thursday, January 21, 2021 at 1:11 PM To: logicahealth/InfoButtons InfoButtons@noreply.github.com Cc: Guilherme Del Fiol guilherme.delfiol@utah.edu, Comment comment@noreply.github.com Subject: Re: [logicahealth/InfoButtons] Running InfoButtons using HTTPS, instead of HTTP. (#39)

We pointed our application to your public interface.

We are getting the following error:

[image]https://user-images.githubusercontent.com/15932860/105406803-ec56df80-5bfa-11eb-894b-624ad2673649.png

— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/logicahealth/InfoButtons/issues/39#issuecomment-764907489, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AA7KXWPPS4L54MGAW66IPZ3S3CDAFANCNFSM4VOW4EYA.

[DSSUSER]

Please ignore the previous post.

Our developer made a change a few days ago that caused the error.

Everything is working as expected right now.

[gdelfiol]

Perfect, let us know if you need any help.

From: DSSUSER notifications@github.com Reply-To: logicahealth/InfoButtons reply@reply.github.com Date: Thursday, January 21, 2021 at 3:19 PM To: logicahealth/InfoButtons InfoButtons@noreply.github.com Cc: Guilherme Del Fiol guilherme.delfiol@utah.edu, Comment comment@noreply.github.com Subject: Re: [logicahealth/InfoButtons] Running InfoButtons using HTTPS, instead of HTTP. (#39)

Please ignore the previous post.

Our developer made a change a few days ago that caused the error.

Everything is working as expected right now.

— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/logicahealth/InfoButtons/issues/39#issuecomment-764977804, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AA7KXWL7MEQD42XQSN2EQLTS3CR63ANCNFSM4VOW4EYA.

[DSSUSER]

Andrew was supporting a Docker container image with InfoButtons completely configured.

Is anyone there able to support this Docker image?

Is anyone there able to modify the Docker image to use HTTPS instead of HTTP?

Is anyone there able to modify the Docker image to incorporate the new UMLS UTS login requirements that went into effect on the 15th of January?

Is anyone there able to modify the Docker image to incorporate the same changes that went into the main InfoButtons configuration?

[DSSUSER]

Are there any updates for this issue?

Are there any updates for this issue, as they pertain to the Docker image?