SSO implementation into OpenEMR

Hi @stephenwaite and @brady.miller ,

I am implementing SSO into OpenEMR there another healthcare application user want to login automatically into OpenEMR I have implemented below flow into OpenEMR @stephenwaite and @brady.miller can you please tell if that is correct or not

  1. Created same user and password into OpenEMR
  2. Then I have updated the token api we have into OpenEMR
  3. And added the emr_token object property into it and that property is coming from the api_token table
  4. From other application I have hitting to main_screen.php with emr_token, username and auth(SSOLogin)
  5. Also I have modified the global.php, auth.inic.php, AuthorizationController.php, AuthUtils.php

I will share code with you as well @stephenwaite


hi @Nilesh_Hake , have you looked into this issue?

Wouldn’t backend auth mechanism provided as part of FHIR be a better option?

1 Like

Yes, yes, yes
I put the mechanism in the authorization and authentication server login dialog.
It’d be treated like openemr is a third party provider would be one way to go.

@stephenwaite yes I will take the look of issue

Yes I did name way @sjpadgett and its working fine on the server

I would also like to implement SSO - currently running 7.0.3-dev - in particular to be able to get log-in via Keycloak using the OAuth2 protocol. If you have any code to share, or suggestions, i’d be very grateful,

many thanks - perhaps i should start a new topic?

Below is location I have enter the OTP for patient portal login

hi nilesh,
i’m not sure but i think i’m trying to implement something similar:

  • i’m doing SSO
  • so that an openemr user can log in to openemr by using keycloak to authenticate them
  • this is similar to the google sign in option that is already implemented (and i’ve added a button in admin/config/security to enable keycloak)
  • i’ve made a new button, ‘KC sign in’. when this is clicked a message is sent to keycloak. the user is asked to sign in to keycloak if they are not already signed in
  • then keycloak makes an http call to the address i give it, attaching the token

it is this last step that i’m currently struggling with. If this is similar to what you have implemented i’d really appreciate it if you could share your code. many thanks.

although i think you might be using openemr as the athentication provider?

and with the last step i’m looking at what google sign in does as a first cut. Keycloak works a bit differently, so i’m still exploring and reading