Note |
---|
UNDER CONSTRUCTION |
Indledning
SAML Proxy befinder sig imellem SEB og Context Handler i nedenstående figur.
...
Excerpt |
---|
The SAML proxy is between the KOMBIT Context Handler and the eHealth Keycloak authorization server. The service is an eHealth service and is responsible for:
|
Content
Table of Contents | ||||
---|---|---|---|---|
|
Dokumentation fra Digital Identity
Digital Identity har udviklet den oprindelige udgave af SAML Proxy. Deres dokumentation er vedhæftet her:
View file | ||
---|---|---|
|
Udvidelser til SAML Proxy
De følgende beskrivelser udgør udvidelser til den oprindelige SAML Proxy-funktionalitet.
Mapning af privilegier og constraints
SAML Proxy mapper privilegier og følgende constraints fra Kombit KOMBIT format til det format, der benyttes i Ehealth infrastruktureneHealth-infrastrukturens OIO BPP SAML-attributter.
KOMBIT format |
---|
eHealth-infrastrukturens OIO BPP SAML-attributnavn | |
---|---|
|
|
|
|
|
|
|
|
|
|
/roles/usersystemrole/order_placer/1
urn:dk:sundhed:ehealth:role:order_placer
/roles/usersystemrole/citizen_enroller/1
urn:dk:sundhed:ehealth:role:citizen_enroller
/roles/usersystemrole/careteam_administrator/1
urn:dk:sundhed:ehealth:role:careteam_administrator
/roles/usersystemrole/incident_reporter/1
urn:dk:sundhed:ehealth:role:incident_reporter
/roles/usersystemrole/clinical_viewer/1
urn:dk:sundhed:ehealth:role:clinical_viewer
/roles/usersystemrole/clinical_supporter/1
urn:dk:sundhed:ehealth:role:clinical_supporter
/roles/usersystemrole/monitoring_assistor/1
urn:dk:sundhed:ehealth:role:monitoring_assistor
/roles/usersystemrole/monitoring_adjuster/1
urn:dk:sundhed:ehealth:role:monitoring_adjuster
/roles/usersystemrole/report_user/1
urn:dk:sundhed:ehealth:role:report_user
/roles/usersystemrole/clinical_administrator/1
urn:dk:sundhed:ehealth:role:clinical_administrator
/roles/usersystemrole/service_and_logistics/1
urn:dk:sundhed:ehealth:role:service_and_logistics
/roles/usersystemrole/questionnaire_editor/1
urn:dk:sundhed:ehealth:role:questionnaire_editor
/roles/usersystemrole/incident_manager/1
urn:dk:sundhed:ehealth:role:incident_manager
/roles/usersystemrole/terminology_administrator/1
urn:dk:sundhed:ehealth:role:terminology_administrator
/roles/usersystemrole/ssl_catalogue_responsible/1
urn:dk:sundhed:ehealth:role:ssl_catalogue_responsible
/roles/usersystemrole/ssl_catalogue_annotator/1
urn:dk:sundhed:ehealth:role:ssl_catalogue_annotator
/roles/usersystemrole/ssl_contract_responsible/1
urn:dk:sundhed:ehealth:role:ssl_contract_responsible
Mapningen understøtter følgende namespaces:
...
SAML Proxy mapper KOMBIT-udgaverne af brugersystemroller for eHealth-infrastrukturen nævnt i https://ehealth-dk.atlassian.net/wiki/spaces/EDTW/pages/2211577858/Federated+Authentication+and+Authorization+for+Municipal+Users#KOMBIT-flavored-user-system-roles-for-the-eHealth-Infrastructure , så en Constraint med navn:
<namespace> appended med <KOMBIT brugersystemrolle for eHealth-infrastrukturen mappes til en tilsvarende https://ehealth-dk.atlassian.net/wiki/spaces/EDTW/pages/291176482/Tokens+Roles+and+RBAC+ABAC#Privilege-Roles .
Mapningen understøtter følgende namespaces:
eHealth-infrastrukturmiljø INTTEST:
saml-proxy.inttest.ehealth.sundhed.dk
ExttesteHealth-infrastrukturmiljø EXTTEST:
saml-proxy.exttest.ehealth.sundhed.dk
PreprodeHealth-infrastrukturmiljø PPREPROD:
saml-proxy.preprod.ehealth.sundhed.dk
ProdeHealth-infrastrukturmiljø TEST002:
saml-proxy.test002.ehealth.sundhed.dk
eHealth-infrastrukturmiljø PROD:
ehealth.sundhed.dk
For orgenhed/orgUnit understøttes yderligere:
sts.kombit.dk
- TBD: Hvad er dette?
Konsolidering af rettigheder
...
Eksempel:
Input:
Code Block | ||
---|---|---|
| ||
<PrivilegeGroup Scope="urn:dk:gov:saml:cvrNumberIdentifier:29189714"> <Privilege>http://ehealth.sundhed.dk/roles/usersystemrole/citizen_enroller/1</Privilege> <Constraint Name="http://ehealth.sundhed.dk/constraints/orgUnit/1">c3e836da-403a-4a44-99f9-d4c85a15b861</Constraint> <Constraint Name="http://ehealth.sundhed.dk/constraints/sorIdentifier/1">b91314d5-3954-45c2-8f24-b984d6d9fdb9</Constraint> </PrivilegeGroup> <PrivilegeGroup Scope="urn:dk:gov:saml:cvrNumberIdentifier:29189714"> <Privilege>http://ehealth.sundhed.dk/roles/usersystemrole/careteam_administrator/1</Privilege> <Constraint Name="http://ehealth.sundhed.dk/constraints/orgUnit/1">c3e836da-403a-4a44-99f9-d4c85a15b861</Constraint> <Constraint Name="http://ehealth.sundhed.dk/constraints/sorIdentifier/1">b91314d5-3954-45c2-8f24-b984d6d9fdb9</Constraint> </PrivilegeGroup> |
Output:
Code Block | ||
---|---|---|
| ||
<PrivilegeGroup xmlns="" Scope="urn:dk:gov:saml:cvrNumberIdentifier:29189714"> <Constraint Name="urn:dk:gov:saml:sorIdentifier">b91314d5-3954-45c2-8f24-b984d6d9fdb9</Constraint> <Constraint Name="urn:dk:kombit:orgUnit">c3e836da-403a-4a44-99f9-d4c85a15b861</Constraint> <Privilege>urn:dk:sundhed:ehealth:role:citizen_enroller</Privilege> <Privilege>urn:dk:sundhed:ehealth:role:careteam_administrator</Privilege> </PrivilegeGroup> |
...