Client to the ehealth infrastructure should implement an OpenID Connect "code flow" in order to login and get a set of tokens.
The loginserver of the infrastructure will delegate parts of the login to other servers, but that is transparent for the client (provided the login is handled by a generic browser window that can handle redirects).
For employees it is expected that the total login flow will look somewhat like this. Details can vary depending on the organization of the user (region, municipality or service/support/logistics organization).
For citizens, a similar login flow could look like this:
