TLDR
In a recent HealthTech engagement, we had the task of integrating Healthcare Bluebook's Single Sign-On (SSO) into a client's product. As a byproduct, we developed the AppStream.HealthcareBluebook open-source library, making SSO integration in .NET Core applications easy. Now, you don't have to build it from scratch yourself.
Before you begin
To get started with the AppStream.HealthcareBluebook library, you'll need to directly engage with Healthcare Bluebook and register your application as an Identity Provider in their system. When reaching out, you'll be asked to provide essential values such as the Issuer value for the <Assertion> tag, the intended Audience for the Assertion, and the X509 Certificate -- the public key of your code signing certificate used to sign the SAMLResponse. In return, Healthcare Bluebook will furnish you with a clientid, serving as a unique identifier for your application within their system. You'll use these values to fill in the configuration in the appsettings.json file.
You'll also decide on how the memberid value is constructed which will be used to identify your app's users.
Getting started
Installation
Kickstart your integration journey by installing the AppStream.HealthcareBluebook NuGet package. Run the following command in your .NET Core web application:
Configuration
Configure the library in your web application's startup code. Depending on your certificate storage preference, choose one of the following options:
If your signing certificate is in a file on your machine:
If your signing certificate is in Azure Key Vault:
If your signing certificate is installed in the Windows Certificate Store:
Or create and use your own implementation of ISigningCertificateProvider**: **
App Settings
Configure your app settings in your appsettings.json or equivalent configuration file:
Integration
Inject IHcbbSamlResponseGenerator into your controller and return the SAML response to the browser:
And you're good to go!
Your users can now log into Healthcare Bluebook using your application as the Identity Provider.
Should you have any questions or problems, feel free to open an issue or create a pull request to contribute to this library.
Ready to explore the future of AI? Let's talk about how we can help.