Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

The SAML proxy is responsible for substituting and translating SAML Attributes from the municipal KOMBIT Context Handler. Furthermore, it enriches SAML Attributes with e.g. employees CPR number based on a lookup to the KOMBIT FK Organisation system.

Dokumentation fra Digital Identity

Digital Identity har udviklet den oprindelige udgave af SAML Proxy. Deres dokumentation er vedhæftet her:

Udvidelser til SAML Proxy

Mapning af privilegier og constraints

SAML Proxy mapper privilegier og constraints fra KOMBIT format til det format der benyttes i Ehealth infrastrukturen.

Kombit format

Ehealth format

/constraints/careteam/1

urn:dk:sundhed:ehealth:careteam

/constraints/orgUnit/1

urn:dk:kombit:orgUnit

/constraints/orgenhed/1

urn:dk:kombit:orgUnit

/constraints/sorIdentifier/1

urn:dk:gov:saml:sorIdentifier

/constraints/sslOrg/1

urn:dk:kombit:sslOrg

/roles/usersystemrole/order_placer/1

urn:dk:sundhed:ehealth:role:order_placer

/roles/usersystemrole/citizen_enroller/1

urn:dk:sundhed:ehealth:role:citizen_enroller

/roles/usersystemrole/careteam_administrator/1

urn:dk:sundhed:ehealth:role:careteam_administrator

/roles/usersystemrole/incident_reporter/1

urn:dk:sundhed:ehealth:role:incident_reporter

/roles/usersystemrole/clinical_viewer/1

urn:dk:sundhed:ehealth:role:clinical_viewer

/roles/usersystemrole/clinical_supporter/1

urn:dk:sundhed:ehealth:role:clinical_supporter

/roles/usersystemrole/monitoring_assistor/1

urn:dk:sundhed:ehealth:role:monitoring_assistor

/roles/usersystemrole/monitoring_adjuster/1

urn:dk:sundhed:ehealth:role:monitoring_adjuster

/roles/usersystemrole/report_user/1

urn:dk:sundhed:ehealth:role:report_user

/roles/usersystemrole/clinical_administrator/1

urn:dk:sundhed:ehealth:role:clinical_administrator

/roles/usersystemrole/service_and_logistics/1

urn:dk:sundhed:ehealth:role:service_and_logistics

/roles/usersystemrole/questionnaire_editor/1

urn:dk:sundhed:ehealth:role:questionnaire_editor

/roles/usersystemrole/incident_manager/1

urn:dk:sundhed:ehealth:role:incident_manager

/roles/usersystemrole/terminology_administrator/1

urn:dk:sundhed:ehealth:role:terminology_administrator

/roles/usersystemrole/ssl_catalogue_responsible/1

urn:dk:sundhed:ehealth:role:ssl_catalogue_responsible

/roles/usersystemrole/ssl_catalogue_annotator/1

urn:dk:sundhed:ehealth:role:ssl_catalogue_annotator

/roles/usersystemrole/ssl_contract_responsible/1

urn:dk:sundhed:ehealth:role:ssl_contract_responsible

Mapningen understøtter følgende namespaces:

  • Inttest: saml-proxy.inttest.ehealth.sundhed.dk

  • Exttest: saml-proxy.exttest.ehealth.sundhed.dk

  • Preprod: saml-proxy.preprod.ehealth.sundhed.dk

  • Prod: ehealth.sundhed.dk

  • For orgenhed/orgUnit understøttes yderligere: sts.kombit.dk

Konsolidering af rettigheder

Privilegier med identisk scope og constraints grupperes.

Eksempel:

Input:

	<PrivilegeGroup Scope="urn:dk:gov:saml:cvrNumberIdentifier:29189714">
		<Privilege>http://ehealth.sundhed.dk/roles/usersystemrole/citizen_enroller/1</Privilege>
		<Constraint Name="http://ehealth.sundhed.dk/constraints/orgUnit/1">c3e836da-403a-4a44-99f9-d4c85a15b861</Constraint>
		<Constraint Name="http://ehealth.sundhed.dk/constraints/sorIdentifier/1">b91314d5-3954-45c2-8f24-b984d6d9fdb9</Constraint>
	</PrivilegeGroup>
	<PrivilegeGroup Scope="urn:dk:gov:saml:cvrNumberIdentifier:29189714">
		<Privilege>http://ehealth.sundhed.dk/roles/usersystemrole/careteam_administrator/1</Privilege>
		<Constraint Name="http://ehealth.sundhed.dk/constraints/orgUnit/1">c3e836da-403a-4a44-99f9-d4c85a15b861</Constraint>
		<Constraint Name="http://ehealth.sundhed.dk/constraints/sorIdentifier/1">b91314d5-3954-45c2-8f24-b984d6d9fdb9</Constraint>
	</PrivilegeGroup>

Output:

	<PrivilegeGroup xmlns="" Scope="urn:dk:gov:saml:cvrNumberIdentifier:29189714">
		<Constraint Name="urn:dk:gov:saml:sorIdentifier">b91314d5-3954-45c2-8f24-b984d6d9fdb9</Constraint>
		<Constraint Name="urn:dk:kombit:orgUnit">c3e836da-403a-4a44-99f9-d4c85a15b861</Constraint>
		<Privilege>urn:dk:sundhed:ehealth:role:citizen_enroller</Privilege>
		<Privilege>urn:dk:sundhed:ehealth:role:careteam_administrator</Privilege>
	</PrivilegeGroup>

Som det ses er privilegier og constraint navne mappet fra Kombit til Ehealth format. Derudover er de to privilegier samlet i én PrivilegeGroup da Scope og Constraints er identisk.

  • No labels