SSO implementation into OpenEMR

Nilesh_Hake · August 30, 2023, 3:55am

I am implementing SSO into OpenEMR there another healthcare application user want to login automatically into OpenEMR I have implemented below flow into OpenEMR @stephenwaite and @brady.miller can you please tell if that is correct or not

Created same user and password into OpenEMR
Then I have updated the token api we have into OpenEMR
And added the emr_token object property into it and that property is coming from the api_token table
From other application I have hitting to main_screen.php with emr_token, username and auth(SSOLogin)
Also I have modified the global.php, auth.inic.php, AuthorizationController.php, AuthUtils.php

I will share code with you as well @stephenwaite

Thanks,
Nilesh

stephenwaite · August 30, 2023, 12:55pm

hi @Nilesh_Hake , have you looked into this issue?

mdsupport · August 30, 2023, 7:45pm

Wouldn’t backend auth mechanism provided as part of FHIR be a better option?

sjpadgett · August 30, 2023, 7:57pm

Yes, yes, yes
I put the mechanism in the authorization and authentication server login dialog.
It’d be treated like openemr is a third party provider would be one way to go.

Nilesh_Hake · August 31, 2023, 2:52am

@stephenwaite yes I will take the look of issue

Nilesh_Hake · August 31, 2023, 2:53am

Yes I did name way @sjpadgett and its working fine on the server

ruth · February 2, 2024, 5:08pm

I would also like to implement SSO - currently running 7.0.3-dev - in particular to be able to get log-in via Keycloak using the OAuth2 protocol. If you have any code to share, or suggestions, i’d be very grateful,

many thanks - perhaps i should start a new topic?

Nilesh_Hake · February 3, 2024, 4:37am

Below is location I have enter the OTP for patient portal login

ruth · February 27, 2024, 6:09pm

hi nilesh,
i’m not sure but i think i’m trying to implement something similar:

i’m doing SSO
so that an openemr user can log in to openemr by using keycloak to authenticate them
this is similar to the google sign in option that is already implemented (and i’ve added a button in admin/config/security to enable keycloak)
i’ve made a new button, ‘KC sign in’. when this is clicked a message is sent to keycloak. the user is asked to sign in to keycloak if they are not already signed in
then keycloak makes an http call to the address i give it, attaching the token

it is this last step that i’m currently struggling with. If this is similar to what you have implemented i’d really appreciate it if you could share your code. many thanks.

although i think you might be using openemr as the athentication provider?

and with the last step i’m looking at what google sign in does as a first cut. Keycloak works a bit differently, so i’m still exploring and reading