Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

The SAML proxy is responsible for enriching the SAML tokens from Municipal IdP with e.g. CPR (only relevant for Municipal context).

UNDER CONSTRUCTION

Indledning

SAML Proxy befinder sig imellem SEB og Context Handler i nedenstående figur.

Dokumentation fra Digital Identiy

Digital Identity har udviklet den oprindelige udgave af SAML Proxy. Deres dokumentation er vedhæftet her:

Udvidelser til SAML Proxy

Mapning af privilegier og constraints

SAML Proxy mapper privilegier og constraints fra KOMBIT format til det format der benyttes i Ehealth infrastrukturen.

Kombit format

Ehealth format

/constraints/careteam/1

urn:dk:sundhed:ehealth:careteam

/constraints/orgUnit/1

urn:dk:kombit:orgUnit

/constraints/orgenhed/1

urn:dk:kombit:orgUnit

/constraints/sorIdentifier/1

urn:dk:gov:saml:sorIdentifier

/constraints/sslOrg/1

urn:dk:kombit:sslOrg

/roles/usersystemrole/order_placer/1

urn:dk:sundhed:ehealth:role:order_placer

/roles/usersystemrole/citizen_enroller/1

urn:dk:sundhed:ehealth:role:citizen_enroller

/roles/usersystemrole/careteam_administrator/1

urn:dk:sundhed:ehealth:role:careteam_administrator

/roles/usersystemrole/incident_reporter/1

urn:dk:sundhed:ehealth:role:incident_reporter

/roles/usersystemrole/clinical_viewer/1

urn:dk:sundhed:ehealth:role:clinical_viewer

/roles/usersystemrole/clinical_supporter/1

urn:dk:sundhed:ehealth:role:clinical_supporter

/roles/usersystemrole/monitoring_assistor/1

urn:dk:sundhed:ehealth:role:monitoring_assistor

/roles/usersystemrole/monitoring_adjuster/1

urn:dk:sundhed:ehealth:role:monitoring_adjuster

/roles/usersystemrole/report_user/1

urn:dk:sundhed:ehealth:role:report_user

/roles/usersystemrole/clinical_administrator/1

urn:dk:sundhed:ehealth:role:clinical_administrator

/roles/usersystemrole/service_and_logistics/1

urn:dk:sundhed:ehealth:role:service_and_logistics

/roles/usersystemrole/questionnaire_editor/1

urn:dk:sundhed:ehealth:role:questionnaire_editor

/roles/usersystemrole/incident_manager/1

urn:dk:sundhed:ehealth:role:incident_manager

/roles/usersystemrole/terminology_administrator/1

urn:dk:sundhed:ehealth:role:terminology_administrator

/roles/usersystemrole/ssl_catalogue_responsible/1

urn:dk:sundhed:ehealth:role:ssl_catalogue_responsible

/roles/usersystemrole/ssl_catalogue_annotator/1

urn:dk:sundhed:ehealth:role:ssl_catalogue_annotator

/roles/usersystemrole/ssl_contract_responsible/1

urn:dk:sundhed:ehealth:role:ssl_contract_responsible

Mapningen understøtter følgende namespaces:

  • Inttest: saml-proxy.inttest.ehealth.sundhed.dk

  • Exttest: saml-proxy.exttest.ehealth.sundhed.dk

  • Preprod: saml-proxy.preprod.ehealth.sundhed.dk

  • Prod: ehealth.sundhed.dk

  • For orgenhed/orgUnit understøttes yderligere: sts.kombit.dk

Konsolidering af rettigheder

Privilegier med identisk scope og constraints grupperes.

Eksempel:

Input:

	<PrivilegeGroup Scope="urn:dk:gov:saml:cvrNumberIdentifier:29189714">
		<Privilege>http://ehealth.sundhed.dk/roles/usersystemrole/citizen_enroller/1</Privilege>
		<Constraint Name="http://ehealth.sundhed.dk/constraints/orgUnit/1">c3e836da-403a-4a44-99f9-d4c85a15b861</Constraint>
		<Constraint Name="http://ehealth.sundhed.dk/constraints/sorIdentifier/1">b91314d5-3954-45c2-8f24-b984d6d9fdb9</Constraint>
	</PrivilegeGroup>
	<PrivilegeGroup Scope="urn:dk:gov:saml:cvrNumberIdentifier:29189714">
		<Privilege>http://ehealth.sundhed.dk/roles/usersystemrole/careteam_administrator/1</Privilege>
		<Constraint Name="http://ehealth.sundhed.dk/constraints/orgUnit/1">c3e836da-403a-4a44-99f9-d4c85a15b861</Constraint>
		<Constraint Name="http://ehealth.sundhed.dk/constraints/sorIdentifier/1">b91314d5-3954-45c2-8f24-b984d6d9fdb9</Constraint>
	</PrivilegeGroup>

Output:

	<PrivilegeGroup xmlns="" Scope="urn:dk:gov:saml:cvrNumberIdentifier:29189714">
		<Constraint Name="urn:dk:gov:saml:sorIdentifier">b91314d5-3954-45c2-8f24-b984d6d9fdb9</Constraint>
		<Constraint Name="urn:dk:kombit:orgUnit">c3e836da-403a-4a44-99f9-d4c85a15b861</Constraint>
		<Privilege>urn:dk:sundhed:ehealth:role:citizen_enroller</Privilege>
		<Privilege>urn:dk:sundhed:ehealth:role:careteam_administrator</Privilege>
	</PrivilegeGroup>

Som det ses er privilegier og constraint navne mappet fra Kombit til Ehealth format. Derudover er de to privilegier samlet i én PrivilegeGroup da Scope og Constraints er identisk.

  • No labels