-
Notifications
You must be signed in to change notification settings - Fork 1
Authentication Provider Launch Hint
Standard
Users can find the sign-in process confusing when they have a Keycloak Account, and often enter their credentials into the Black Pear login box instead of clicking the "Sign in to SIDeR" button.
As a solution, providers can supply an authentication hint to Core Care Plans.
When launching Core Care Plans, instead of navigating directly to the root page (e.g. https://pyrusapps.blackpear.com/esp/#!/), add the auth-redirect path and an iss query string that matches the issuer of the IdP you want to redirect to.
In the case of SIDeR, this will be one of the following:
- Keycloak Dev:
https://devtest.tst.nhs.uk/auth/realms/SIDER - Keycloak UAT:
https://ssouat.tst.nhs.uk/auth/realms/SIDER - Keycloak Production:
https://sso.tst.nhs.uk/auth/realms/SIDER
If Warden does not recognise the issuer, or the issuer's .well-known/openid-configuration endpoint cannot be accessed, the redirect will not occur, and the user will be presented with the normal login dialogue, where an error message will be displayed.
Example launch URL for production Keycloak & production Core Care Plans:
https://pyrusapps.blackpear.com/esp/#!/auth-redirect?iss=https://sso.tst.nhs.uk/auth/realms/SIDER