Versions Compared

Old Version 9

changes.mady.by.user Erik Nielsen

Saved on

compared with

New Version Current

changes.mady.by.user John Schneider

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Contents
Excerpt

Description of how to mock context.

Setting the available context

In order to set the available context, the AS can be requested with a base64 encoded PrivilegeList xml XML document. This is enabled on a special test client with the id "oio_mock".

Mocking context supports acces access token requests using either a refresh token or username/password.

Pararmeter name

Description

Since

vesion

version

client_id

Required. The OAuth2 client id


grant_type

Required. Value ‘refresh_token’ or 'password'


refresh_token (grant_type = refresh_token )

Required. The refresh token of the current session


username (grant_type = password)

Required. The username of a keycloak user.


password (grant_type = password)

Required. The password of the keycloak user.


oio_bpp (available context)

Optional. Base 64 encode PrivilegeList xml document


practitioner_upn (available context)

Optional. An unique identifier of a Practitioner. Maps to a FHIR Practitioner resource. 


practitioner_name (available context)

Optianal. The name of the pratitioner. Sets the name of the FHIR Practitioner.


practitioner_email (available context)

Optional. The email of the practitioner.


practitioner_authcode

Optional. The authorization code of the practitioner, e. g. "FUT01"

1.8.8

practitioner_cpr

Optional. The CPR of the practitioner.

1.8.8

user_type

Optional. The user type. "SSL"  or "PRACTITIONER" (default)

1.7.8

care_team_id (context)

Optional. A valid absolute FHIR URI pointing to a Careteam resource. This adds implicit organization context given the organization constraint in the OIO BPP structure


organization_id (context)

Optional. A valid absolute FHIR URI pointing to an Organization resource


episode_of_care_id (context)

Optional. This adds implicit patient context. A valid absolute FHIR URI pointing to an Episode of Care resource


patient_id (context)

Optional. A valid absolute FHIR URI pointing to a Patient resource

...


Example of PrivilegeList

...

Code Block
languagexml
<?xml version="1.0"?>
<PrivilegeList xmlns="http://itst.dk/oiosaml/basic_privilege_profile">
  <PrivilegeGroup Scope="urn:dk:gov:saml:cvrNumberIdentifier:20921897">
    <Constraint Name="urn:dk:gov:saml:sorIdentifier">eeeeeeee-b760-11e9-a2a3-2a2ae2dbcce4</Constraint>
    <Constraint Name="urn:dk:sundhed:ehealth:careteam">cccccccc-b760-11e9-a2a3-2a2ae2dbcce4</Constraint>
    <Privilege>urn:dk:sundhed:healthcareehealth:role:futTreatmentResponsiblemonitoring_0_3<assistor</Privilege>
    <Privilege>urn:dk:healthcare:futMonitoringResponsible_0_3<sundhed:ehealth:role:citizen_enroller</Privilege>
  </PrivilegeGroup>
  <PrivilegeGroup Scope="urn:dk:gov:saml:cvrNumberIdentifier:20921897">
    ...
  </PrivilegeGroup>
</PrivilegeList>

...

A PrivilegeGroup has the following elements:

  • Exactly one Constraint specifying an organization identifier (see Organization Constraints)

  • At most one Constraint specifying a care team identifier (see Care Team Constraints)

  • At least one Privilege element

Organization Constraints

An organization constraint identifies an Organization resource by an external identifier and type.

There are three types of organizations:

  1. SOR organizations: 

    • Identified by Constraints with Name attribute = "urn:dk:gov:saml:sorIdentifier" and value = {sor-id}

    • Refers to Fhir Organization with Identifier.system = "urn:oid:1.2.208.176.1.1" and Identifier.value = {sor-id}

    • Example:

      • Constraint:

        • <Constraint

...

        • Name="urn:dk:gov:saml:sorIdentifier">950531000016003</Constraint>

      • Refers to Organization with: 

        • "Identifier": [{"system":

...

        • "urn:oid:1.2.208.176.1.1",

...

        • "value":

...

        • "950531000016003"}]

  2. STS organizations

    • Identified by Constraints with Name attribute = "urn:dk:kombit:orgUnit" and value = {sts-id}

    • Refers to Fhir Organization with Identifier.system = "https://www.kombit.dk/sts/organisation" and Identifier.value = {sts-id}

    • Example:

...

      • Constraint:

        • <Constraint

...

        • Name="urn:dk:kombit:orgUnit">eeeeeeee-b760-11e9-a2a3-2a2ae2dbcce4</Constraint>

      • Refers to Organization with: 

        • "Identifier": [{"system":

...

        • "https://www.kombit.dk/sts/organisation",

...

        • "value":

...

        • "eeeeeeee-b760-11e9-a2a3-2a2ae2dbcce4"}]

  2. SSL organizations

    • Identified by Constraints with Name attribute =  "urn:dk:sundhed:ehealth:sslOrg"

    • Refers to Fhir Organization with Identifier.system = "http://ehealth.sundhed.dk/organization/ssl" and Identifier.value = {ssl-id}

    • Example:

      • Constraint:

        • <Constraint

...

        • Name="urn:dk:sundhed:ehealth:sslOrg">aaaaaaaa-b760-11e9-a2a3-2a2ae2dbcce4</Constraint>

      • Refers to Organization with: 

        • "Identifier": [{"system":

...

        • "http://ehealth.sundhed.dk/organization/ssl",

...

        • "value":

...

        • "aaaaaaaa-b760-11e9-a2a3-2a2ae2dbcce4"}]

Care Team Constraints

A care team constraint identifies a CareTeam resource by an external identifier.

...

A care team constraint with value = {careteam-id} refers to Fhir CareTeam with Identifier.system =  "urn:ietf:rfc:3986" and Identifier.value = {careteam-id}

Example:

  • Constraint: 

    • <Constraint

      Name="urn:dk:sundhed:ehealth:careteam">cccccccc-b760-11e9-a2a3-2a2ae2dbcce4</Constraint>

  • Refers to CareTeam with: 

    • "Identifier": [{"system":

      "urn:ietf:rfc:3986",

      "value":

      "cccccccc-b760-11e9-a2a3-2a2ae2dbcce4"}]

Privileges

...

Allowed privileges, see Tokens, Roles and RBAC/ABAC#Privilege Token Based Security#Privilege-Roles.