FHIR Chat · bringing keycloak and FHIR together · hapi

Stream: hapi

Topic: bringing keycloak and FHIR together

view this post on Zulip Jens Villadsen (Mar 06 2020 at 10:51):

We are introducing the last parts of the HAPI FHIR framework that we hadn't been using to our national setup: Adding HAPI FHIR JAX-RS handles to our Keycloak installation so that users (Practitioners) can be read using FHIR. This means that we are probably using all of the HAPI FHIR frameworks components in our setup. Once again - shoutout to @James Agnew and all of the contributors to the HAPI FHIR reference implementation. IT. IS. AWESOME!

view this post on Zulip Patrick Werner (Mar 06 2020 at 13:02):

very interesting, we are also using Keycloak with hapi. Will you share your solution?
We are having an intermediate, non-FHIR Service handling the creation of users which then creates a Practicioner + its PracticionerRole and creates the corresponding user in Keykloak.

view this post on Zulip Kevin Mayfield (Mar 06 2020 at 14:08):

Are you sharing. I toyed with the idea but ended up putting a HAPI facade on top of LDAP. https://github.com/project-wildfyre/sds-adaptor

view this post on Zulip Patrick Werner (Mar 06 2020 at 14:17):

We are open sourcing our whole solution. It isn't ready yet to be published, but will be soon.

view this post on Zulip Jens Villadsen (Mar 06 2020 at 16:02):

I'll see what I can do @Patrick Werner @Kevin Mayfield - I'll follow up on monday ;) - most of it if highly coupled to our surrounding design, but regardless, I think that I can share most of it - at least in terms of concepts, design, architecture and bindings

view this post on Zulip Jens Villadsen (Mar 09 2020 at 08:45):

Our setup is the following: image.png (from https://ehealth-dk.atlassian.net/wiki/spaces/EDTW/pages/7045392/Security)

All our users are federated. Once they log in (through Keycloak), Keycloak creates or updates the user as the Practitioner resource on the FHIR server based on the SAML assertion that it receives. The SAML assertion also includes which CareTeam the Practitioner is associated with which means that KeyCloak also updates the CareTeams

view this post on Zulip Jens Villadsen (Mar 09 2020 at 08:46):

In the picture, the Authorization Service is our Keycloak which is where our solution start

view this post on Zulip Jens Villadsen (Mar 09 2020 at 08:47):

User sessions are stored in Keycloak as usual

view this post on Zulip Jens Villadsen (Mar 09 2020 at 08:48):

What we are about to do within the next couple of days is to also provide a REST interface to Keycloak using the JAX RS HAPI implementation so that the information about a Practitioner can be fetched on-demand from Keycloak

Last updated: Apr 12 2022 at 19:14 UTC


An HL7 Website -