ITI18 role based assertion to get Confidentiality document from xds

14 views
Skip to first unread message

Pankaj kumar lilhore

unread,
Sep 23, 2021, 7:53:03 AM9/23/21
to ipf-user
Hi Team,

I am trying to get document by(FindDocumentQuery) passing role in custom header.
below is the code snippet 
Endpoint calling code :
Exchange exchange = new DefaultExchange(this.appContext.getBean(CamelContext.class));
            exchange.getIn().setBody(request);
            exchange.getIn().getHeaders().put(AbstractWsEndpoint.OUTGOING_SOAP_HEADERS, headers);
            LOG.info("Sending req to : " + endpoint);
            Exchange result = this.producerTemplate.send(endpoint, exchange);

where headers is like 

  doc = db.parse(SamlAssertionXuaUtil.class.getClassLoader().getResourceAsStream(SAML2_ASSERTION_FILE));
            Element assertion = doc.getDocumentElement();
            SoapHeader header = new SoapHeader(new QName(assertion.getNamespaceURI(), assertion.getLocalName()),
                    assertion);
            header.setMustUnderstand(true);
            camelHeaders.put(new QName(assertion.getNamespaceURI()), header);

It is always returning all type of confidentially documents even if i am normal confidentiality role in header.

Could you please help me like am i passing correct way header or not ? 
or do we have any other way to call IPF ?

Thanks,
Pankaj

Pankaj kumar lilhore

unread,
Sep 23, 2021, 7:59:50 AM9/23/21
to ipf-user
below is the saml2_assertion file -

<?xml version="1.0" encoding="UTF-8"?>

<Security
<Assertion ID="aab3a655-fd09-41f4-b684-326ffb5b855b"
Version="2.0" IssueInstant="2017-09-12T14:23:43Z"
xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
<Issuer
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName">CN=ClientCertificate,OU=PIV,ST=NJ,C=US,96e405049562e6f7267</Issuer>
<Subject>
<NameID
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=ClientCertificate,L=Zeist,ST=NJ,C=US,1</NameID>
<SubjectConfirmation
Method="urn:oasis:names:tc:SAML:2.0:cm:bearer" />
</Subject>
<Conditions NotBefore="2017-09-12T14:23:43Z"
NotOnOrAfter="2017-09-12T14:28:43Z" />
<AuthnStatement AuthnInstant="2017-09-12T14:23:43Z">
<SubjectLocality Address="1.1.1.1" DNSName="CARADIGM" />
<AuthnContext>
<AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef>
</AuthnContext>
</AuthnStatement>
<AttributeStatement>
<Attribute
Name="urn:oasis:names:tc:xspa:1.0:subject:subject-id">
<AttributeValue>Keyhie Provider</AttributeValue>
</Attribute>
<Attribute
Name="urn:oasis:names:tc:xspa:1.0:subject:organization">
<AttributeValue>KeyHIE</AttributeValue>
</Attribute>
<Attribute
Name="urn:oasis:names:tc:xspa:1.0:subject:organization-id">
<AttributeValue>urn:oid:</AttributeValue>
</Attribute>
<Attribute Name="urn:nhin:names:saml:homeCommunityId">
<AttributeValue></AttributeValue>
</Attribute>
<Attribute Name="urn:oasis:names:tc:xacml:2.0:subject:role">
<AttributeValue>
<Role code="View Normal Medical Data"
codeSystem="2.16.840"
codeSystemName="ICW Role Codes"
displayName="View Normal Medical Data" xmlns="urn:hl7-org:v3" />
</AttributeValue>
<AttributeValue>
<Role code="XDS Query Documents"
codeSystem="2.16.840"
codeSystemName="ICW Role Codes" displayName="XDS Query Documents"
xmlns="urn:hl7-org:v3" />
</AttributeValue>
</Attribute>
<Attribute
Name="urn:oasis:names:tc:xspa:1.0:subject:purposeofuse">
<AttributeValue>
<PurposeOfUse code="TREATMENT"
codeSystem="2.16.840"
codeSystemName="nhin-purpose" displayName="Treatment"
xmlns="urn:hl7-org:v3" />
</AttributeValue>
</Attribute>
</AttributeStatement>
<SignedInfo>
<CanonicalizationMethod
<SignatureMethod
<Reference URI="#aab3a655-fd09-41f4-b684">
<Transforms>
<Transform
<Transform
<XPath>//Assertion</XPath>
</Transform>
</Transforms>
<DigestMethod
<DigestValue>47DEQpj8HBSa</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>B+2</SignatureValue>
<KeyInfo>
<X509Data>
<X509SubjectName>CN=ClientCertificate,OU=PIV,C=US,1.2.840=2e6f7267</X509SubjectName>
<X509Certificate>MIIGqTCCBJGgAwIBAgIBETANBgkqhkidXcr/TAbCuY3OdSF/PExm7pxJ9QrrC8RSC8ns9JpAM5gWtgpFH7RkicrNC99kYEcO/S/agWEInsBvfwMaqiFL9bHUjBV6OmQgtmLAm/3jIn9Dsy+QshyTPeq6yaCStiNzXP+uW9HAdZDs5089OmYUAPzgZ4zrTAC/imlIx2d4PrfhPzDNejENhSE0vvxTv/e7F1TMs1MiJX+1GokT8GYJbROPs5Zd3C0oZHBs5DqJd78k3bL2J3ect/4cZYBF7w6/qoFvu2ZNma7ySFBT3ypGqimn081lfWRA4dkwJUe8C4gQZghSh5iXTTdSimWV5K1oCcawAP3VH9gzGHp07ReRmk5F1JOV1WcDvn7Sa0uAJXcjeyxUiUqVlr6KRqsrLU8St4uOanRezaW30=</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</Assertion>
<Timestamp Id="TIMESTAMP">
<Created>2017-09-12T14:23:43Z</Created>
<Expires>2017-09-12T14:28:43Z</Expires>
</Timestamp>
</Security>


Thomas Papke

unread,
Oct 14, 2021, 9:24:01 AM10/14/21
to ipf-...@googlegroups.com

Hello Pankaj,

 

have you checked if the receiving system receive the request with the provided token?

 

From the request it looks like you are interacting with the ICW XDS Registry? That your expectation is not working might be also a configuration aspect on the server side. Such aspects are outside of IPF, please get in contact with the ICW support.

 

Kind regards,

Thomas

--
You received this message because you are subscribed to the Google Groups "ipf-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ipf-user+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ipf-user/bb808ba4-6bed-4d36-bd8e-6b19c00c07b8n%40googlegroups.com.



InterComponentWare GmbH:
Geschäftsführer: Herbert Stöger, Dr. Ralf Brandner
Unternehmenssitz: 69190 Walldorf, Altrottstraße 31
AG Mannheim HRB 740925 / USt.-IdNr.: DE 198388516

Reply all
Reply to author
Forward
0 new messages