From 7b792458d045b7f0a100f1d56b0e55485d494a75 Mon Sep 17 00:00:00 2001 From: Paul McBride Date: Tue, 1 Mar 2022 12:30:33 +0000 Subject: [PATCH 01/14] Security Option II changes Signed-off-by: Paul McBride --- .DS_Store | Bin 0 -> 6148 bytes build/.DS_Store | Bin 6148 -> 6148 bytes build/config/default.json5 | 1 + build/config/keycloak.json | 8 +++ package.json | 1 + src/index.js | 109 ++++++++++++++++++++++++++++++------- src/lib/PatientSearch.js | 45 ++++++++++----- 7 files changed, 129 insertions(+), 35 deletions(-) create mode 100644 .DS_Store create mode 100644 build/config/keycloak.json diff --git a/.DS_Store b/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..16d875f048b003f89438f610b00ecfc05d69253a GIT binary patch literal 6148 zcmeH~J&pn~427Thk&tL8DbsL(y+MTF1YBUnPJ=WO#fm;h=h<(?J6KYLuU74ZjM<6h0 J5P^Rs@C1L66M6su literal 0 HcmV?d00001 diff --git a/build/.DS_Store b/build/.DS_Store index 978b171fb27c6ac4781ae9b7a012a5b0b57764bf..355d26711fa6b53f6aeb7324406e72cc891a4e22 100644 GIT binary patch delta 166 zcmZoMXffEJ&ZM+6sURn_xWvHV8Y2@k3o9Et2RjEhM{ICLetB?7Vo7PS)8ud_?=(&h z&UgXI>S`ln6CDL(WAj=ag=#}%a|;~>OH;GjT22m8Wqs?Q`0SkAy!>tkFkoba&YsGdss$egK_IC2arz delta 160 zcmZoMXffEJ&SY>hsURn_xWvHVIwKP^3o9Et2L~4y7cW6A-A%s qx~8^nCIc8SGD2tuekcv2W=;OZB+tskki}5EnTz=o%Vu_tzx)99@g-CM diff --git a/build/config/default.json5 b/build/config/default.json5 index 21fc0bf..bd433c0 100644 --- a/build/config/default.json5 +++ b/build/config/default.json5 @@ -2480,6 +2480,7 @@ }, }, patientsPerPage: 25, + authEnabled: false, timeout: 20000, renderSelectedOnly: false, fhirViewer: { diff --git a/build/config/keycloak.json b/build/config/keycloak.json new file mode 100644 index 0000000..0919ae0 --- /dev/null +++ b/build/config/keycloak.json @@ -0,0 +1,8 @@ +{ + "realm": "test", + "auth-server-url": "https://localhost:8443/auth", + "ssl-required": "external", + "resource": "inferno", + "public-client": true, + "confidential-port": 0 +} diff --git a/package.json b/package.json index d6f72e7..5f3a27e 100644 --- a/package.json +++ b/package.json @@ -54,6 +54,7 @@ "if-env": "^1.0.0", "jquery": "^3.2.1", "json5": "^0.5.1", + "keycloak-js": "^17.0.0", "less": "^2.7.2", "less-loader": "^4.0.3", "mixin-deep": "^1.2.0", diff --git a/src/index.js b/src/index.js index 4d410b4..e9f049f 100644 --- a/src/index.js +++ b/src/index.js @@ -8,27 +8,96 @@ import PatientList from "./components/PatientList"; import { Router, Route, Switch } from "react-router"; import createHistory from "history/createHashHistory"; import jQuery from "jquery"; +import Keycloak from "keycloak-js"; +import JSON5 from "json5"; +import { parseQueryString } from "./lib"; window.$ = window.jQuery = jQuery; -const history = createHistory(); - -ReactDOM.render( - - - - - - - - - - , - document.getElementById("main") -); - -$(function () { - $("body").tooltip({ - selector: ".patient-detail-page [title]", - }); +let authEnabled = false; +const DEFAULT_CONFIG = "default"; +let { config, ...params } = parseQueryString(window.location.search); + +jQuery.ajax({ + url: `./config/${config || DEFAULT_CONFIG}.json5`, + dataType: "text", + cache: false, + async: false, + success: (json) => { + json = JSON5.parse(json); + authEnabled = json.authEnabled; + }, }); + +if (authEnabled) { + let keycloak = new Keycloak("config/keycloak.json"); + + keycloak.onTokenExpired = function () { + keycloak.updateToken().then((refreshed) => { + if (refreshed) { + sessionStorage.setItem("access-token", keycloak.token); + } + }); + }; + + keycloak + .init({ + onLoad: "login-required", + + scope: "patient/*.read", + }) + .then(function (authenticated) { + if (authenticated) { + sessionStorage.setItem("access-token", keycloak.token); + + const history = createHistory(); + + ReactDOM.render( + + + + + + + + + + , + document.getElementById("main") + ); + + $(function () { + $("body").tooltip({ + selector: ".patient-detail-page [title]", + }); + }); + } + }) + .catch(function () { + alert( + "Failed to initialize KeyCloak adapter. Check KeyCloak config file." + ); + }); +} else { + const history = createHistory(); + + ReactDOM.render( + + + + + + + + + + , + document.getElementById("main") + ); + + $(function () { + $("body").tooltip({ + selector: ".patient-detail-page [title]", + }); + }); +} diff --git a/src/lib/PatientSearch.js b/src/lib/PatientSearch.js index 958ea28..631bebe 100644 --- a/src/lib/PatientSearch.js +++ b/src/lib/PatientSearch.js @@ -526,12 +526,12 @@ export default class PatientSearch { .forEach((token) => { if (token.indexOf("-") === 0) { params.push({ - name: "_sort", - value: token, + name: "_sort:desc", + value: token.substring(1), }); } else { params.push({ - name: "_sort", + name: "_sort:asc", value: token, }); } @@ -836,18 +836,33 @@ export default class PatientSearch { if (server.type == "DSTU-2") { data = data.replace(/\bdeceased=(true|false)\b/gi, ""); } - - // prepare the base options for the patient ajax request - let options = { - url: `${server.url}/Patient/_search`, - method: "POST", - processData: false, - data, - headers: { - accept: "application/fhir+json", - "content-type": "application/x-www-form-urlencoded", - }, - }; + // Take Access token from session storage if its available ie. if KeyCloak enabled authentication enabled. + // And only include authorization header if access token is available + let keycloakToken = sessionStorage.getItem("access-token"); + + let options = keycloakToken + ? { + url: `${server.url}/Patient/_search`, + method: "POST", + processData: false, + data, + headers: { + accept: "application/fhir+json", + "content-type": "application/x-www-form-urlencoded", + + authorization: "Bearer " + keycloakToken, + }, + } + : { + url: `${server.url}/Patient/_search`, + method: "POST", + processData: false, + data, + headers: { + accept: "application/fhir+json", + "content-type": "application/x-www-form-urlencoded", + }, + }; return this.getPatientIDs(server) .then((ids) => { From 4a9956532d95458f5e33c9d7029c18c23d21a9a4 Mon Sep 17 00:00:00 2001 From: Paul McBride Date: Tue, 1 Mar 2022 12:36:14 +0000 Subject: [PATCH 02/14] Security Option II changes Signed-off-by: Paul McBride --- src/lib/PatientSearch.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/lib/PatientSearch.js b/src/lib/PatientSearch.js index 631bebe..054a10f 100644 --- a/src/lib/PatientSearch.js +++ b/src/lib/PatientSearch.js @@ -526,12 +526,12 @@ export default class PatientSearch { .forEach((token) => { if (token.indexOf("-") === 0) { params.push({ - name: "_sort:desc", - value: token.substring(1), + name: "_sort", + value: token, }); } else { params.push({ - name: "_sort:asc", + name: "_sort", value: token, }); } From 2aa1f055d702cf8abe9d823cd08b49ba30366a78 Mon Sep 17 00:00:00 2001 From: PAUL MCBRIDE Date: Tue, 1 Mar 2022 14:33:35 +0000 Subject: [PATCH 03/14] Create README-Health-Data-Access-Pattern_Integration.md Signed-off-by: Paul McBride --- README-Health-Data-Access-Pattern_Integration.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 README-Health-Data-Access-Pattern_Integration.md diff --git a/README-Health-Data-Access-Pattern_Integration.md b/README-Health-Data-Access-Pattern_Integration.md new file mode 100644 index 0000000..00d7bdd --- /dev/null +++ b/README-Health-Data-Access-Pattern_Integration.md @@ -0,0 +1 @@ +WIP From 65c0b9d9bace68731e5a4c092b68c1b0579ddb7b Mon Sep 17 00:00:00 2001 From: PAUL MCBRIDE Date: Tue, 1 Mar 2022 15:17:23 +0000 Subject: [PATCH 04/14] Update README-Health-Data-Access-Pattern_Integration.md Signed-off-by: Paul McBride --- README-Health-Data-Access-Pattern_Integration.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/README-Health-Data-Access-Pattern_Integration.md b/README-Health-Data-Access-Pattern_Integration.md index 00d7bdd..26372c6 100644 --- a/README-Health-Data-Access-Pattern_Integration.md +++ b/README-Health-Data-Access-Pattern_Integration.md @@ -1 +1,13 @@ -WIP +# How to Securely Deploy Patient Browser Application by integrating with a Health Data Access Pattern FHIR server + +## Introduction + +Instructions are provided below for a configuration to securely deploy the Patient Browser Application by integrating with a FHIR server protected by a SMART App Launch authorization server that is built on Keycloak, as per the Health Data Access Reference Implementation. Note that this is a local deployment end to end with Patient Browser, IBM FHIR server and Keycloak service each running in separate docker containers. + + +## Deployment + +###Health Data Access Pattern Deployment + +Deploy the Health Data Access Pattern as per here but with the following additional steps; +....... From e8e510e6755400b203b282e6134f430870a5d22b Mon Sep 17 00:00:00 2001 From: PAUL MCBRIDE Date: Tue, 1 Mar 2022 17:51:28 +0000 Subject: [PATCH 05/14] Update README-Health-Data-Access-Pattern_Integration.md Signed-off-by: Paul McBride --- ...-Health-Data-Access-Pattern_Integration.md | 44 +++++++++++++++++-- 1 file changed, 40 insertions(+), 4 deletions(-) diff --git a/README-Health-Data-Access-Pattern_Integration.md b/README-Health-Data-Access-Pattern_Integration.md index 26372c6..df8a8e3 100644 --- a/README-Health-Data-Access-Pattern_Integration.md +++ b/README-Health-Data-Access-Pattern_Integration.md @@ -2,12 +2,48 @@ ## Introduction -Instructions are provided below for a configuration to securely deploy the Patient Browser Application by integrating with a FHIR server protected by a SMART App Launch authorization server that is built on Keycloak, as per the Health Data Access Reference Implementation. Note that this is a local deployment end to end with Patient Browser, IBM FHIR server and Keycloak service each running in separate docker containers. +Instructions are provided below for a configuration to securely deploy the Patient Browser Application by integrating with a FHIR server protected by a SMART App Launch authorization server that is built on Keycloak, as per the Health Data Access Reference Implementation. Note that this is a local deployment end to end - with Patient Browser, IBM FHIR server and Keycloak service each running in separate docker containers. ## Deployment -###Health Data Access Pattern Deployment +### Health Data Access Pattern Deployment -Deploy the Health Data Access Pattern as per here but with the following additional steps; -....... +Deploy the Health Data Access Pattern as per here but with the following additional steps carrier out within the Keycloak Admin Console; + +1. Select ‘Authentication’ from LHS menu. +2. Under the ‘Flows’ tab in the “Authentication’ pane select ‘Smart App Launch’ from ‘Browser’ drop-down and then set ‘Patient Selection Authenticcator’ to disabled. +3. Select ‘Client’ from LHS menu. +4. Click on ‘inferno’ client from Client pane. +5. Set ‘Consent Required’ to ‘OFF for ‘inferno’ client. +6. Add ‘http://127.0.0.1:8081/*’ to list of ‘Valid Redirect URLs’ +7. Add ‘http://127.0.0.1:8081' to ‘Web Origins’ list. + + +## Patient Browser Deployment + +Git clone this repository and cd into this directory; + +```bash +git clone https://github.com/Alvearie/patient-browser +``` + +Run the following to refresh the build; + +```bash +npm i +``` + +Modify build/config/default.json5 as follows; +1. Set server.url parameter to ‘https://localhost:9443/fhir-server/api/v4' +2. Set authEnabled to ‘true’ + +Start Patient Browser running on node http server locally by running; + +```bash +npm start +``` + +URL to access Patient Browser deployment is -> http://127.0.0.1:8081 + +When prompted for username/password enter fhiruser/change-password From d39d4dd658ce2f4f174bcce389081a7ae223d36c Mon Sep 17 00:00:00 2001 From: PAUL MCBRIDE Date: Tue, 1 Mar 2022 17:52:31 +0000 Subject: [PATCH 06/14] Update README-Health-Data-Access-Pattern_Integration.md Signed-off-by: Paul McBride --- README-Health-Data-Access-Pattern_Integration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README-Health-Data-Access-Pattern_Integration.md b/README-Health-Data-Access-Pattern_Integration.md index df8a8e3..fdc8bd7 100644 --- a/README-Health-Data-Access-Pattern_Integration.md +++ b/README-Health-Data-Access-Pattern_Integration.md @@ -20,7 +20,7 @@ Deploy the Health Data Access Pattern as per here but with the following additio 7. Add ‘http://127.0.0.1:8081' to ‘Web Origins’ list. -## Patient Browser Deployment +### Patient Browser Deployment Git clone this repository and cd into this directory; From c54b4263d00c930343aaf34a7451771401260abc Mon Sep 17 00:00:00 2001 From: PAUL MCBRIDE Date: Tue, 1 Mar 2022 17:53:10 +0000 Subject: [PATCH 07/14] Update README-Health-Data-Access-Pattern_Integration.md Signed-off-by: Paul McBride --- README-Health-Data-Access-Pattern_Integration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README-Health-Data-Access-Pattern_Integration.md b/README-Health-Data-Access-Pattern_Integration.md index fdc8bd7..b31b5d5 100644 --- a/README-Health-Data-Access-Pattern_Integration.md +++ b/README-Health-Data-Access-Pattern_Integration.md @@ -12,7 +12,7 @@ Instructions are provided below for a configuration to securely deploy the Patie Deploy the Health Data Access Pattern as per here but with the following additional steps carrier out within the Keycloak Admin Console; 1. Select ‘Authentication’ from LHS menu. -2. Under the ‘Flows’ tab in the “Authentication’ pane select ‘Smart App Launch’ from ‘Browser’ drop-down and then set ‘Patient Selection Authenticcator’ to disabled. +2. Under the ‘Flows’ tab in the “Authentication’ pane select ‘Smart App Launch’ from ‘Browser’ drop-down and then set ‘Patient Selection Authenticator’ to disabled. 3. Select ‘Client’ from LHS menu. 4. Click on ‘inferno’ client from Client pane. 5. Set ‘Consent Required’ to ‘OFF for ‘inferno’ client. From f462b6f3ac85ae94fa1244f372151da32812ac98 Mon Sep 17 00:00:00 2001 From: PAUL MCBRIDE Date: Tue, 1 Mar 2022 17:53:47 +0000 Subject: [PATCH 08/14] Update README-Health-Data-Access-Pattern_Integration.md Signed-off-by: Paul McBride --- README-Health-Data-Access-Pattern_Integration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README-Health-Data-Access-Pattern_Integration.md b/README-Health-Data-Access-Pattern_Integration.md index b31b5d5..cdb8f62 100644 --- a/README-Health-Data-Access-Pattern_Integration.md +++ b/README-Health-Data-Access-Pattern_Integration.md @@ -15,7 +15,7 @@ Deploy the Health Data Access Pattern as per here but with the following additio 2. Under the ‘Flows’ tab in the “Authentication’ pane select ‘Smart App Launch’ from ‘Browser’ drop-down and then set ‘Patient Selection Authenticator’ to disabled. 3. Select ‘Client’ from LHS menu. 4. Click on ‘inferno’ client from Client pane. -5. Set ‘Consent Required’ to ‘OFF for ‘inferno’ client. +5. Set ‘Consent Required’ to ‘OFF' for ‘inferno’ client. 6. Add ‘http://127.0.0.1:8081/*’ to list of ‘Valid Redirect URLs’ 7. Add ‘http://127.0.0.1:8081' to ‘Web Origins’ list. From 5682f543d80283d280517314d06505bf41aacae4 Mon Sep 17 00:00:00 2001 From: PAUL MCBRIDE Date: Tue, 1 Mar 2022 17:56:48 +0000 Subject: [PATCH 09/14] Update README-Health-Data-Access-Pattern_Integration.md Signed-off-by: Paul McBride --- README-Health-Data-Access-Pattern_Integration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README-Health-Data-Access-Pattern_Integration.md b/README-Health-Data-Access-Pattern_Integration.md index cdb8f62..a7849fc 100644 --- a/README-Health-Data-Access-Pattern_Integration.md +++ b/README-Health-Data-Access-Pattern_Integration.md @@ -2,7 +2,7 @@ ## Introduction -Instructions are provided below for a configuration to securely deploy the Patient Browser Application by integrating with a FHIR server protected by a SMART App Launch authorization server that is built on Keycloak, as per the Health Data Access Reference Implementation. Note that this is a local deployment end to end - with Patient Browser, IBM FHIR server and Keycloak service each running in separate docker containers. +Instructions are provided below for a configuration to securely deploy the Patient Browser Application by integrating with a FHIR server protected by a SMART App Launch authorization server that is built on Keycloak, as per the [Health Data Access Reference Implementation](https://github.com/Alvearie/health-patterns/tree/main/data-access). Note that this is a local deployment end to end - with Patient Browser, IBM FHIR server and Keycloak service each running in separate docker containers. ## Deployment From 1b418293d85f7e6d4479c3a4dbbe8d0b3c0f1c8d Mon Sep 17 00:00:00 2001 From: PAUL MCBRIDE Date: Tue, 1 Mar 2022 17:57:35 +0000 Subject: [PATCH 10/14] Update README-Health-Data-Access-Pattern_Integration.md Signed-off-by: Paul McBride --- README-Health-Data-Access-Pattern_Integration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README-Health-Data-Access-Pattern_Integration.md b/README-Health-Data-Access-Pattern_Integration.md index a7849fc..755f97c 100644 --- a/README-Health-Data-Access-Pattern_Integration.md +++ b/README-Health-Data-Access-Pattern_Integration.md @@ -9,7 +9,7 @@ Instructions are provided below for a configuration to securely deploy the Patie ### Health Data Access Pattern Deployment -Deploy the Health Data Access Pattern as per here but with the following additional steps carrier out within the Keycloak Admin Console; +Deploy the Health Data Access Pattern as per [here](https://github.com/Alvearie/health-patterns/tree/main/data-access) but with the following additional steps carrier out within the Keycloak Admin Console; 1. Select ‘Authentication’ from LHS menu. 2. Under the ‘Flows’ tab in the “Authentication’ pane select ‘Smart App Launch’ from ‘Browser’ drop-down and then set ‘Patient Selection Authenticator’ to disabled. From 819bf40c5ab0c02824986e7b389e02ca849357e3 Mon Sep 17 00:00:00 2001 From: PAUL MCBRIDE Date: Tue, 1 Mar 2022 18:00:33 +0000 Subject: [PATCH 11/14] Update README-Health-Data-Access-Pattern_Integration.md Signed-off-by: Paul McBride --- README-Health-Data-Access-Pattern_Integration.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/README-Health-Data-Access-Pattern_Integration.md b/README-Health-Data-Access-Pattern_Integration.md index 755f97c..25c9791 100644 --- a/README-Health-Data-Access-Pattern_Integration.md +++ b/README-Health-Data-Access-Pattern_Integration.md @@ -11,13 +11,13 @@ Instructions are provided below for a configuration to securely deploy the Patie Deploy the Health Data Access Pattern as per [here](https://github.com/Alvearie/health-patterns/tree/main/data-access) but with the following additional steps carrier out within the Keycloak Admin Console; -1. Select ‘Authentication’ from LHS menu. -2. Under the ‘Flows’ tab in the “Authentication’ pane select ‘Smart App Launch’ from ‘Browser’ drop-down and then set ‘Patient Selection Authenticator’ to disabled. -3. Select ‘Client’ from LHS menu. -4. Click on ‘inferno’ client from Client pane. -5. Set ‘Consent Required’ to ‘OFF' for ‘inferno’ client. -6. Add ‘http://127.0.0.1:8081/*’ to list of ‘Valid Redirect URLs’ -7. Add ‘http://127.0.0.1:8081' to ‘Web Origins’ list. +1. Select 'Authentication' from LHS menu. +2. Under the 'Flows' tab in the 'Authentication' pane select 'Smart App Launch' from 'Browser' drop-down and then set 'Patient Selection Authenticator' to disabled. +3. Select 'Client' from LHS menu. +4. Click on 'inferno' client from Client pane. +5. Set 'Consent Required' to 'OFF' for 'inferno' client. +6. Add 'http://127.0.0.1:8081/*' to list of 'Valid Redirect URLs' +7. Add 'http://127.0.0.1:8081' to 'Web Origins' list. ### Patient Browser Deployment From c36caeca95ee32735cd17f3ef84d7cfd8aa657e1 Mon Sep 17 00:00:00 2001 From: PAUL MCBRIDE Date: Thu, 3 Mar 2022 10:19:46 +0000 Subject: [PATCH 12/14] Update README-Health-Data-Access-Pattern_Integration.md Co-authored-by: Lee Surprenant Signed-off-by: Paul McBride --- README-Health-Data-Access-Pattern_Integration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README-Health-Data-Access-Pattern_Integration.md b/README-Health-Data-Access-Pattern_Integration.md index 25c9791..d43b0e7 100644 --- a/README-Health-Data-Access-Pattern_Integration.md +++ b/README-Health-Data-Access-Pattern_Integration.md @@ -9,7 +9,7 @@ Instructions are provided below for a configuration to securely deploy the Patie ### Health Data Access Pattern Deployment -Deploy the Health Data Access Pattern as per [here](https://github.com/Alvearie/health-patterns/tree/main/data-access) but with the following additional steps carrier out within the Keycloak Admin Console; +Deploy the Health Data Access Pattern as per [here](https://github.com/Alvearie/health-patterns/tree/main/data-access) but with the following additional steps carried out within the Keycloak Admin Console; 1. Select 'Authentication' from LHS menu. 2. Under the 'Flows' tab in the 'Authentication' pane select 'Smart App Launch' from 'Browser' drop-down and then set 'Patient Selection Authenticator' to disabled. From 0cb15e6e781f1cb5c1388edcf16d03d5dd08bc36 Mon Sep 17 00:00:00 2001 From: PAUL MCBRIDE Date: Thu, 3 Mar 2022 11:11:31 +0000 Subject: [PATCH 13/14] Update README-Health-Data-Access-Pattern_Integration.md Signed-off-by: Paul McBride --- README-Health-Data-Access-Pattern_Integration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README-Health-Data-Access-Pattern_Integration.md b/README-Health-Data-Access-Pattern_Integration.md index d43b0e7..7e76ddd 100644 --- a/README-Health-Data-Access-Pattern_Integration.md +++ b/README-Health-Data-Access-Pattern_Integration.md @@ -15,7 +15,7 @@ Deploy the Health Data Access Pattern as per [here](https://github.com/Alvearie/ 2. Under the 'Flows' tab in the 'Authentication' pane select 'Smart App Launch' from 'Browser' drop-down and then set 'Patient Selection Authenticator' to disabled. 3. Select 'Client' from LHS menu. 4. Click on 'inferno' client from Client pane. -5. Set 'Consent Required' to 'OFF' for 'inferno' client. +5. If you don't want additional Consent screen after login screen the first time you try to log into Patient Browser, then set 'Consent Required' to 'OFF' for 'inferno' client. 6. Add 'http://127.0.0.1:8081/*' to list of 'Valid Redirect URLs' 7. Add 'http://127.0.0.1:8081' to 'Web Origins' list. From de102193900828d7b1d0f047dae4753496117eaf Mon Sep 17 00:00:00 2001 From: PAUL MCBRIDE Date: Thu, 3 Mar 2022 11:28:29 +0000 Subject: [PATCH 14/14] Update README-Health-Data-Access-Pattern_Integration.md Signed-off-by: Paul McBride --- README-Health-Data-Access-Pattern_Integration.md | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/README-Health-Data-Access-Pattern_Integration.md b/README-Health-Data-Access-Pattern_Integration.md index 7e76ddd..b08b368 100644 --- a/README-Health-Data-Access-Pattern_Integration.md +++ b/README-Health-Data-Access-Pattern_Integration.md @@ -11,13 +11,11 @@ Instructions are provided below for a configuration to securely deploy the Patie Deploy the Health Data Access Pattern as per [here](https://github.com/Alvearie/health-patterns/tree/main/data-access) but with the following additional steps carried out within the Keycloak Admin Console; -1. Select 'Authentication' from LHS menu. -2. Under the 'Flows' tab in the 'Authentication' pane select 'Smart App Launch' from 'Browser' drop-down and then set 'Patient Selection Authenticator' to disabled. -3. Select 'Client' from LHS menu. -4. Click on 'inferno' client from Client pane. -5. If you don't want additional Consent screen after login screen the first time you try to log into Patient Browser, then set 'Consent Required' to 'OFF' for 'inferno' client. -6. Add 'http://127.0.0.1:8081/*' to list of 'Valid Redirect URLs' -7. Add 'http://127.0.0.1:8081' to 'Web Origins' list. +1. Select 'Client' from LHS menu. +2. Click on 'inferno' client from Client pane. +3. If you don't want additional Consent screen after login screen the first time you try to log into Patient Browser, then set 'Consent Required' to 'OFF' for 'inferno' client. +4. Add 'http://127.0.0.1:8081/*' to list of 'Valid Redirect URLs' +5. Add 'http://127.0.0.1:8081' to 'Web Origins' list. ### Patient Browser Deployment