Integration of Keycloak as Identity Manager for Bahmni EMR and Odoo

Description

Bahmni’s modular architecture, while enabling flexibility and integration of best-of-breed solutions, introduces challenges related to identity management. Multiple systems, each with its own identity management, can lead to redundant efforts and complex user access management. To address these issues and enhance security, we propose integrating Keycloak as a centralized identity and access management solution. This cross-cutting initiative will streamline user authentication, authorization, and single sign-on across various Bahmni components and ease administration burdens of often non-technical users.

To achieve this integration, we will leverage the OpenMRS community’s openmrs-module-oauth2login module to facilitate OpenID Connect (OIDC)-based authentication with the underlying OpenMRS platform. This aligns with Bahmni’s philosophy of leveraging existing community solutions. The Bahmni EMR frontend will be modified to redirect users to Keycloak for authentication and handle the subsequent session tokens.

For service-to-service authentication, we will utilize OIDC service accounts to secure communication with external and downstream systems. Integrating Keycloak with Odoo will involve leveraging Odoo’s built-in OAuth provider configuration capabilities. Additional modules will be developed to handle specific role-based access control requirements and further enhance security integration.