Troubleshooting Single Sign-On

If you enter an incorrect passcode three times, your Smartcard is locked out.

The unlocking of a Smartcard must be carried out by a Registration Agent (RA) or the Sponsor (at the practice). The Smartcard holder must be present. Users who have:

• Forgotten their Passcode,
• Suspect that it may be known by another, or
• Are locked out of NHS Applications because of three failed login attempts.

should report the problem to a member of the RA Team as soon as is practicable.

In normal circumstances, the local sponsor updates or resets the Passcode. Exceptionally Passcode changes may be made by other members of the RA Team.

If you fail to connect to the Spine Security Broker (SSB) client and server for the purposes of authentication, the System Error screen displays:

You can either:

• Retry the connection - Select Retry.
• Select Details for further information. This may, for example, warn there is a problem with your Smartcard reader, and that it may be disconnected from the workstation.
• Check all connections between Smartcard reader and your machine.
• Contact your System Supervisor.
• Contact the service desk, see Contacting Us for Support for details.
• Select Work Offline, if you do not need to connect to national services.
  Note - Any changes to patient details do not update the national dataset and may be lost on subsequent connection.

If at any time, the link to the National Spine is dropped or does not connect, then the status is Unlinked. This displays in Consultation Manager alongside the patient details in the top title bar.

The patient record also displays with (UNLINKED) if after selecting a patient, the local record cannot be matched against a PDS record by NHS Number.

As when working offline, you cannot use any national services while unlinked, nor access records from the National Spine:

Access to the National Services is denied if:

• Your current User Role Profile (URP) does not allow access to Vision 3 at this practice. Contact your Registration Authority in order to rectify this problem and remember, the Computer Misuse Act 1990 - Unauthorised access to a system is an offence.
  See Role Based Access Control for details.
• You are not currently registered as a Vision 3 user. Contact your System Administrator quoting the Unique Identifier code in order to rectify this problem.
• You have no rights to any Vision 3 function. The 'It is not appropriate to grant you access rights in your current role. If you have more than one role, you should select a different role before running Vision. If you have no appropriate roles, you should contact your Registration Authority or Practice Manager.' message displays.

If your Smartcard is lost, stolen or damaged:

• Report it to the RA Team at the CCG as soon as is practicable.
• Once notified a Smartcard has been lost or damaged, the RA arrange to have the lost/damaged Smartcard revoked and replaced. In the case of loss or theft, the RA Manager must be informed so that checks may be made to ensure that the Smartcard has not been misused.
• When an issued Smartcard becomes unusable or it is lost or stolen, the Smartcard certificate must be revoked, which renders the Smartcard useless.
• As long as the Smartcard holder’s identity can be verified at a face to face meeting a new Smartcard is issued.
• If there is any difficulty verifying the user’s identity, the user’s Sponsor is contacted and the users identity verified. It is vital that the Sponsor’s identity can be relied upon when contacting them to verify the user’s identity.

When you sign on with your Smartcard, connection to the national services is timed to last a maximum of 12 hours. Just before this period expires a warning displays, and after this period, you are logged out. This is a Spine Security Broker (SSB) setting which cannot be changed by Cegedim Healthcare Solutions.

Successful SSO login with the Smartcard and PIN creates a "token", lodged with the SSB. It may be initiated by a Vision 3 access but is not associated with a particular Vision 3 session. The SSB client controls the validity and persistence of the SSO token.

There are circumstances under which the SSB client automatically invalidates and destroys the SSO token. At the same time the SSB instructs Vision 3 to terminate with immediate effect. Examples of where such a forced shutdown is effected are:

• Token invalidated - The 'Vision was unable to validate your session' message displays:

• Revocation of user rights.
• Session timeouts - When exceeding maximum duration, currently 12 hours though this may change.
• The National Spine ceases to function.

On receipt of a shutdown instruction from the SSB, Vision 3 initiates a shutdown sequence.