...
The Infrastructure Authorization Service (AS) redirects a login as SAML AuthNRequest to SEB
SEB forwards the SAML AuthNRequest to municipal and regional Identity Providers (IdP), respectively.
As apparent in Federated Authentication and Authorization for Municipal Users and Federated Authentication and Authorization for Regional Users there are differences in what systems are involved.
What is returned to SEB and the Infrastructure AS is a SAML AuthNResponse conforming to OIO BPP
| Info |
|---|
Technically speaking, authorization is performed in the Infrastructure Authorization Service while the municipal and regional IdP provide claims. In effect, however, the IdPs provide the decisions behind the authorization in the form of system roles. |
Clinical SAML Attributes
Clinical access to the eHealth Infrastructure goes through SEB. SEB provides a SAML AuthNResponse containing a set of SAML attributes in a SAML assertion which is used to identify the clinical user.
...