OpenMRS ID - Architecture

Owned by Elliott Williams
Last updated: Sep 01, 2024 by Cintia Del Rio
1 min read

 

Introduction

 

The collective "OpenMRS ID" refers to this system of user management used by the OpenMRS community. An individual user in the system (a person with a username and password) is said to have a single "OpenMRS ID".

 

The ID subsystem is formed by:

  • OpenLDAP: the data storage for all OpenMRS ID data for verified users (after checking email). Atlas authenticates directly with LDAP.

  • Keycloak: Sign up and user manager, connects with OpenLDAP for user storage. Works as SSO for Jira and Confluence cloud, as well as Talk. We use id.openmrs.org as the domain for our users.

  • Postfix: redirects Jira and Confluence cloud emails from id.openmrs.org to their desired emails.

  • [Deprecated] ID Dashboard: web application that facilitates creation of new OpenMRS IDs, profile editing. Information is retrieved from cache in MongoDB, or loaded from OpenLDAP if not on cache.

    • Formage: admin screen in ID dashboard to modify users (change group membership for LDAP group). Expected to be replaced soon.

  • [Deprecated] Atlassian Crowd:  Legacy system that used to provide user management for Jira and Confluence. It works as a bridge between LDAP and those applications.

 

Legacy diagram before keycloak and Postfix. Jira, Crowd and Wiki have a local/internal user to fix connections with Crowd/LDAP. They also an internal captcha to catch users with multiple failure attempts.

 

LDAP Objects

LDAP is a hierarchical data storage.

The top level node is 'dc=openmrs,dc=org'. 

All users belong to 'ou=users,dc=openmrs,dc=org', what means that users is an Organization Unit (just a child node like any other) of node 'dc=openmrs,dc=org'.

A username 'jane_doe' is represented as "uid=jane_doe,ou=users,dc=openmrs,dc=org" , which is 'user ID jane_doe' child node of node 'ou=users' of node 'dc=openmrs,dc=org'.

 

Full Hierarchy

 

 

Â