...
| Child pages (Children Display) | ||||
|---|---|---|---|---|
|
Authorization Service Configurations
...
Further details on the client’s initiation are described in Client UseApplication use of eHealth Infrastructure authentification server (AS). As a reaction, the Authorization Service initiates a federation of authentication and possibly authorization depending on the realm:
realm nemlogin is federated to Nemlogin
realm eHealth is federated to SEB (in Danish: Sundhedsvæsenets Elektroniske Brugerstyring shortened SEB) which is a common platform for user administration of the solutions provided by the National Health Data Authority
realm SSL is/can be federated to SSL suppliers' IdPs
| Info |
|---|
In non-production environments, login without this federation actually taking place can be simulated through use of the so-called mocked users. Mocked users are authenticated (and authorized depending on variant) in the eHealth Authentication Services. |
After successful authentication, three tokens are issued for separate purposes:
...
Organization Context
Careteam Context
Patient Context
Episode of Care Context
| Info |
|---|
The following is an informative overview of user types must present what contexts. The normative mapping is described in Access Control in eHealth Services. |
Citizen User Type and Contexts
A citizen user type is authorized to see almost all data pertaining to about the citizen.
This user type will have the Patient Context set.
...
Clinical and/or Administrative Employee User Type and Contexts
| Info |
|---|
Whenever clinicians passes a successful loginflow the data from the SAML assertion is parsed and converted to the matching FHIR resources Practitioner, PractitionerRole and CareTeam which are updated in the infrastructure. This means that clinicians (FHIR Practitioners) will be present after login. This also means that clinicians that haven't logged in, won't be present as FHIR resources. Besides the creation and update of the FHIR resources, the loginflow also results in short lived session within the AS (Keycloak). The lifetime of the Keycloak session follows the lifetime of the Refresh Token. |