How does it work?
An authenticated and authorised user of EMIS Web selects ‘Black Pear Core’ from within the EMIS Web UI.
EMIS sends a Portal SDK SessionRequest message to a Portal Session Service endpoint provided by Black Pear.
Authorisation and subsequent access to Black Pear systems is dependent on trusting that EMIS Web provides reliable authentication and authorisation AND that this information can be securely shared with Black Pear.
Verification
The SessionRequest message is verified before a launch url is issued.
IP address check
The IP address is checked to confirm that the request was received from the HSCN Secure Boundary. This provides reasonable confidence that the request originated from within a recognised NHS organisation. Whilst sender IP addresses could be spoofed, any response would be sent to the spoofed IP address.
TLS
The SessionRequest message is encrypted using TLS so that we can have confidence that the information has not been manipulated in transit.
Digital signature
The digital signature of a SAML assertion embedded in the SessionRequest message as element Provenance.User.Saml is checked, proving that the SAML assertion originated within EMIS' systems because it is digitally signed using a secret known only to EMIS. We can therefore have confidence in the information contained within the SAML assertion (User Identity, EMIS CDB number).
Timestamps
The SAML timestamp fields are verified against the current time so that we can have confidence that the request has not been replayed.
Cross-checks
Additional fields within the SessionRequest message are cross-checked against reliable information from the SAML assertion to identify malicious tampering with the message.
Response
If the SessionRequest message is verified, Black Pear responds to the message with a SessionResponse message containing a contextual launch link including SSO token.
Parameters
The contextual launch link includes parameters derived as follows:
| Parameter | Source |
| patient | SessionRequest message |
| birthdate | SessionRequest message |
| location | SessionRequest message |
| serviceId | ODS-specific configuration maintained by Black Pear |
| access_token | Issued by https://auth.core.blackpear.com |
Access token
Tokens extend the NHS SSP Access Token format, adding requesting_user_name, requesting_user_role claims to support UI and RBAC respectively.
The access token includes fields derived as follows:
| Field | Source |
| requesting_organization | SessionRequest message |
| requesting_user | SessionRequest message |
| requesting_user_name | SessionRequest message |
| requesting_user_role | SessionRequest message |
| requesting_system | SessionRequest message |
| reason_for_request | "directcare" |
| requested_scope | "patient/*.read" |
| sub | SessionRequest message |
| iat | generated |
| iss | "https://auth.core.blackpear.com" |
| aud | ODS-specific configuration maintained by Black Pear |
| nbf | generated |
| exp | generated |
| jti | SessionRequest message |
Vulnerability assessment
Prior to deployment, the Session Service was independently assessed by WMAS Information Security and Assurance Service. On 1st March 2022 they reported an overall assurance opinion of Optimal "In our opinion there is a sound system of internal controls designed to ensure that the business is able to achieve its objectives"
0 Comments