Keycloak Servers and Integrations
- Rodolfo Melia
The target user base for keycloak are:
Health workers using any digital implementation (web or mobile applications). Exclude chat-only interventions for health workers - example kassai.org elearning system delivered via whatsapp.
Internal and external developers
Employees using any of the systems listed as part of Platform 2.0
On this page
Servers
Contrary to the expectation set by the environments guidelines page, as Keycloak serves as the main authentication mechanism for all Platform 2.0 systems, across all environments, all system instances (dev, stage, prod, qa) are expected to authentication against the main production server. We do not expect to have a stage or qa server. A small sandbox/dev instance will run for PoC/ experiments when doing the initial platform integration, or trying new configurations/customizations in Keycloak.
URL |
|
|---|---|
keycloak.psidigital.org | Main Keycloak authentication service. All systems instances (Dev, QA, Stage and Prod) connect to this instance. |
keycloak.dev.psidigital.org | Small sandbox/dev instance will run for PoC/ experiments when doing the initial platform integration, or trying new configurations/customizations in Keycloak |
Platform 2.0 Keycloak integration
Application with wide number of users
health workers, IPCs, supervisors
| Priority | Purpose | Status, dependencies, timeline |
|---|---|---|---|
WFA web app | High | Protect access to client’s record containing PII | PoC ready (Aug 2023) Deployment: Eswatini Q3/23 Others: Q2-Q4 2024 |
ONA app | ready | build-in as part of ONA solution |
|
Moodle | High (ready) | eLeaning platform | Deployed for Eswatini Moodle 4.x |
RocketChat | High | Direct customer interaction | ???? ASAP? Q3 2023? |
Superset | High | Core component for all digital interventions on open source format | PoC ready for eswatini (Aug 2024) |
Applications for Sys Admins and Developers
All these applications have a small user base - hence, they are low priority
| Priority | Purpose | Status, dependencies, timeline |
|---|---|---|---|
OpenHIM | Low* | Manage developer access to OpenHIM’s mediators (apps) functionality | OpenHim release 8.X Target: end 2023 |
FHIR (tomcat) | v. Low* | Currently no direct access provided (all routed via OpenHIM) PERHAPS WE SHOULD NEVER ALLOW direct access… | Advance on ONA conversations/ security |
RapidPro | Low* |
|
|
Service Desk | Med | Tested for candidates under consideration |
|
NiFi | Low* |
|
|
Postgres (analytics warehouse) | Low* | ??? |
|
Other integrations
System | Priority |
| Deployment |
|---|---|---|---|
DHIS2 (from 2.40) | High | The primary mechanism for DHIS2 authentication must be based on PSI’s O365 authentication services. The use of secondary authentication by DHIS2 for users not in O365 is being explored, so Keycloak can be used. DHIS2 login to be discontinue (Aug 2023 - TBC) | late 2023, with the roll-out of 2.40. PoC: |