Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Version History

« Previous Version 2 Next »

The target user base for keycloak at PSI are:

  • Health workers using any digital implementation (web or mobile applications). Exclude chat-only interventions for health workers - example kassai.org elearning system delivered via whatsapp.

  • Internal and external developers

  • PSI employees using any of the systems listed as part of Platform 2.0

On this page

Servers

Contrary to the expectation set by the environments guidelines page, as Keycloak serves as the main authentication mechanism for all Platform 2.0 systems, across all environments, all system instances (dev, stage, prod, qa) are expected to authentication against the main production server. We do not expect to have a stage or qa server. A small sandbox/dev instance will run for PoC/ experiments when doing the initial platform integration, or trying new configurations/customizations in Keycloak.

URL

keycloak.psidigital.org
(formerly keycloak.psi-mis.org)

Main Keycloak authentication service. All systems instances (Dev, QA, Stage and Prod) connect to this instance.

keycloak.dev.psidigital.org
(formerly keycloak2.solidlines.io)

Small sandbox/dev instance will run for PoC/ experiments when doing the initial platform integration, or trying new configurations/customizations in Keycloak

Platform 2.0 Keycloak integration

Priority

Purpose

Status, dependencies, timeline

OpenHIM

Low*

Manage developer access to OpenHIM’s mediators (apps) functionality

OpenHim release 8.X

Target: end 2023

FHIR (tomcat)

v. Low*

Currently no direct access provided (all routed via OpenHIM)

PERHAPS WE SHOULD NEVER ALLOW direct access…

Advance on ONA conversations/ security

WFA web app

HIGH

Protect access to client’s record containing PII

PoC ready (Aug 2023)

Deployment: Eswatini Q3/23

Others: Q2-Q4 2024

ONA app

ready

build-in as part of ONA solution

RapidPro

Low*

Moodle

HIGH (ready)

eLeaning platform

Deployed for Eswatini

Moodle 4.x

Service Desk

Med

Tested for candidates under consideration

RocketChat

HIGH

Direct customer interaction

????

ASAP? Q3 2023?

NiFi

Low*

Postgres (analytics warehouse)

Low*

???
Discuss about actual need

Superset

HIGH

Core component for all digital interventions on open source format

PoC ready for eswatini (Aug 2024)

*small user base - hence, low priority

Other integrations

System

Priority

Deployment

DHIS2

(from 2.40)

HIGH

The primary mechanism for DHIS2 authentication must be based on PSI’s O365 authentication services.

The use of secondary authentication by DHIS2 for users not in O365 is being explored, so Keycloak can be used.

DHIS2 login to be discontinue (Aug 2023 - TBC)

late 2023, with the roll-out of 2.40.

PoC:
asap (aug 2023)

  • No labels