Registry Authentication Workflow Diagram Text Description
-
Once it acquires user credentials, the OAuth server redirects the authentication request to the HealthShare Registry by sending it an AuthenticateAuthorize message. The Registry handles authentication and then authorization of the user.
-
When it receives the AuthenticateAuthorize message, the Registry invokes the OnAuthenticate callback in the security domain callback class. The security domain callback class is your custom class that extends HS.Registry.Person.User.HSAuth.
-
In an internal security domain, the HealthShare user/clinician registry validates the user's credentials.
-
In an external security domain, the OnAuthenticate callback designates an external source such as an LDAP server to validate the credentials.
-
-
Now that the credentials are validated, the Registry invokes the OnAuthorize callback in the security domain callback class:
-
In an internal security domain, the HealthShare user/clinician registry obtains roles for the login ID.
-
In an external security domain, the OnAuthorize callback designates an external source such as an LDAP server to obtain the roles, given the username and login ID.
-
-
The Registry returns the username and roles to the OAuth server in an AuthResponse message.