cdaefa:EFA Context Manager SFM

Aus Hl7wiki
Wechseln zu: Navigation, Suche

Authn Options.png

Method openContext(credential Object) :

ContextIdentifer
fault AuthenticationFailedException

Description This method establishes a security context for a user that wants to get access to an eCR peer. The security context holds the Identity Assertion [SAML2.0core] necessary for invoking service operations from business services. A credential MUST be passed.
Input Parameters credential Object which MAY be a username/password combination, a subject identifier, a health card handle, or a SAML assertion that guarantees for an authentication.
Return Value ContextIdentifier The identifier used to refer to the security context when issuing EFA activities within that context
Preconditions
  1. Credentials (i.e., username/password) are present.
  2. No previously established security context with the same credentials is present.
Sequence (Main success scenario)
  1. If a username/password combination is passed, the connector/ECRRequestor constructs a UsernameToken [WSSUsername] and invokes the RequestSecurityToken [WSTrust] operation of the eCR Identity Provider [eCR SecArch 1.2] for issuing an Identity Assertion.
  2. If a subject identifier is passed and a local Guarantor Token Service is configured, a local au-thentication assertion is issued and forwarded to the eCR Identity Provider.
  3. If the credential is already an Authentication Assertion, it will be forwarded as a security token to the eCR Identity Provider.
  4. If the authentication was successful, the Identity Assertion is stored in the session context within the eCR-Connector for later use. Otherwise an exception is thrown.
Exception AuthenticationFailedException Authentication failed due to wrong credentials.