Standalone keycloak authentication not working

Description

Rusin reported - we just noticed that standalone launch is not working in Logica. When you try to launch an app using:
https://bilirubin-risk-chart.logicahealth.org/launch.html?iss=https%3A%2F%2Fapi.logicahealth.org%2Fotr4%2Fdata
and try to use the login credentials of a defined Persona (example@otr4/example) you get an invalid user message from the Keycloak auth service

Environment

None

Activity

Show:
Shilpy Sharma
September 9, 2020, 7:52 PM

When a standalone app is launched, user get directed to the Logica Keycloak login screen which is not correct.

Sandbox did had a "login" as a persona feature in the event of a standalone launch, but it was not used much. It was dependent on some code in the account app that would check if a persona user existed for any particular login before logging in a real user.

Since we got rid of account app, when we switched to Keycloak, it would be some effort to bring back this feature.

Jacob has posted a work around on the google group.

First, launch your app within Logica Sandbox or set up a launch scenario for your app with "carol" as the persona. Doing so will force you to choose a persona (in your case, choose the patient persona "carol"). This will "save" Carol as the "logged in" user in your browser's session. After doing this, you can launch your standalone app and you'll find Carol's user information in the id_token returned by the /token call.

Gopal Menon
October 9, 2020, 5:03 PM

The account app used to handle login for personas and users. If the user looked like a persona, it would attempt persona login and if that failed, the login attempt would be sent to firebase. If the user did not look like a persona, then the login would be forwarded to firebase.

I talked to Dimitar about this and he was not very enthusiastic about resurrecting the account app and replacing calls to firebase with the calls to Keycloak. We talked about adding the personas (and keeping them updated) in Keycloak. He also had the thought that we could have a fixed number of personas and add them permanently to Keycloak.

Assignee

Gopal Menon

Reporter

Shilpy Sharma

Labels

None

Priority

Major
Configure