Merge pull request #4126 from LinuxForHealth/issue-4003

issue-4003 - Updating documentation with step to disable basic authen…
LinuxForHealth · Dec 14, 2022 · 15ceac5 · 15ceac5
2 parents 52b686f + ddb6ac0
commit 15ceac5
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/docs/src/pages/guides/FHIRServerUsersGuide.md b/docs/src/pages/guides/FHIRServerUsersGuide.md
@@ -2792,6 +2792,19 @@ Here are some notes related to these authentication schemes:
 *   OAuth 2.0 authentication can only be used in conjunction with an HTTPS endpoint because the OAuth authorization steps rely on SSL handshake negotiations.
 *   Client certificate-based authentication can only be used in conjunction with an HTTPS endpoint since it involves SSL handshake negotiations. The main value of client authentication is that the server is able to securely authenticate the client through the use of certificates.
 
+To disable basic authentication, add the below snippet under configDropins/overrides:
+```xml
+<server>
+    <webApplication id="fhir-server-webapp">
+        <application-bnd id="bind">
+            <security-role id="users" name="FHIRUsers">
+                <special-subject type="EVERYONE"/>
+            </security-role>
+        </application-bnd>
+    </webApplication>
+</server>
+```
+
 ### 5.2.3 Configuring mutual TLS authentication
 To properly configure the FHIR server's keystore and truststore files, perform the following steps.