Used documentation
Cookbook/ materials | Version | Location |
---|---|---|
Technical specifications Identity & Authorization Management (I.AM) - Identity Provider (IDP) | 1.0 | https://www.ehealth.fgov.be/ehealthplatform/file/view/91d9a7f7978b8a4e4d90087f83d66883?filename=ehealth_i.am_-_idp_v1.0.pdf |
Mandates | - | |
MANDATS - Création et gestion de mandats (en tant que mandant) | 2.0 | https://www.ehealth.fgov.be/ehealthplatform/file/view/e10eedbd5795348a84bee1edd56ad38a?filename=ehealth_mandates_mandate_giver_v2.0_-_fr.pdf |
MANDATS - Création et gestion de mandats (en tant que mandataire) | 2.0 | https://www.ehealth.fgov.be/ehealthplatform/file/view/8030a1023173e75d8059e048c96a590f?filename=ehealth_mandates_mandate_holder_v2.0_-_fr.pdf |
Présentation eMandate CIN 3.0 | 3.0 | https://www.ehealth.fgov.be/ehealthplatform/file/view/f460ea807fd4ce8518e0c9576456f4ec?filename=presentation_emandate_3.0.pptx |
Présentation Medattest 1.0 | 1.7 | https://www.ehealth.fgov.be/file/view/AWgN5lfogwvToiwBkfyW?filename=eMandate%20dans%20le%20cadre%20de%20Medattest%20v1.7.pptx |
General information
The user chooses a profile/a mandate when he is authenticated in the CSAM portal and identified in the IDP and the AA.
It is possible to manage the mandates via the following application referred to as Self Service Mandates delivered by the Federal Public Service of the Finance. It enables to
- Create the mandates with limited or unlimited duration
- Revoke the mandates
- Transfer a mandate from a mandated user to an other one
Basic flow
Flow | Specification | ||
---|---|---|---|
Use case ID | ATH-UC-24-BF | ||
Use case name | Change a mandate of a user | ||
Actors |
| ||
Short Description | In order to change a mandate, the user should do a global logout and should authenticate him/herself a second time. | ||
Priority | 1 (High) Must have: The system must implement this goal/ assumption to be accepted. | ||
Pre-Conditions |
| ||
Post-Conditions |
| ||
Steps (basic flow) | 0 | The user has an open session in the IDP with the old mandate | |
1 | The user does a global logout in order to close the session | ||
2 | The user reconnects via the mobile application in order to change the mandate | ||
3 | The mobile application sends an openID connect authorization request to the IAM connect | ||
4 | The IAM connects redirects the message to the eHealth IDP in a browser | ||
5 | The IDP detects that there is not an open session with the NISS and the name of the user | ||
6 | The IDP redirects the request to the CSAM in order to open a session | ||
7 | The user selects the authentication way (i.e. itsme, eID, TOTP) | ||
8 | The user is authenticated and CSAM returns a SAML assertion to the IDP regarding the user | ||
9 | The user selects a profile and a new mandate and the IDP returns the selected profile - mandate to the IAM connect | ||
10 | The IAM connect creates an access token JWT with the new profile and mandate and returns it to the client | ||
11 | The user is authenticated and accesses to the permitted services in the mobile application with respect to the new profile and mandate | ||
Exceptions (exception flows) | |||
Frequency |
|