Skip to content
This repository has been archived by the owner on Sep 15, 2023. It is now read-only.

Authentication and Authorization

Jump to bottom
Sebastian Matyas edited this page Jun 15, 2020 · 1 revision

The PTS (or the black system) uses for the access controll of the HA-UI the standard governmental IAM system eIAM https://eiam.bit.admin.ch/ hosted also at FOITT and provided by FITSU. As we use the openID Connect protocoll inside the system and also in the communication with the CovidCode App we leverage the Keycloak service provided by eIAM for this use case.

Keycloak is used as an identity broker (details see here https://www.keycloak.org/docs/latest/server_admin/index.html#_identity_broker) to translate also between the SAML2 protocoll and openID Connect as eIAM normally only provides the SAML2 protocoll internally to clients:

In the following configuration file you find everything you need to set up your own Keycloak environment and see how we use it in our environment: Keycloak Realm Export. For the local deployment you don`t need the Broker part but you can use a local user like the one we use for our local developer tests:

Clone this wiki locally