The eHealth Infrastructure provides a login component, which is the client systems' access to user authentication and authorization. This functionality is implemented in the Authorization Servicehas two Autorization Service (AS) instances providing authentication and authorization for client systems and internal use. The login protocol between the client systems and the login component is the OpenID Authentication Code Flow of OpenID Connect 1.0.
...
The eHealth Infrastructure performs federated authentication (and sometimes authorization) using Security Assertion Markup Language (SAML) based, external infrastructure. This is described in Federated Authentication and Authorization and subpages.After successful authentication, three tokens are issued for separate purposes:
...