ITI18 role based assertion to get Confidentiality document from xds
31 views
Skip to first unread message
Pankaj kumar lilhore
Sep 23, 2021, 7:53:03 AM9/23/21
to ipf-user
Hi Team,
I am trying to get document by(FindDocumentQuery) passing role in custom header.
below is the code snippet
Endpoint calling code :
Exchange exchange = new DefaultExchange(this.appContext.getBean(CamelContext.class));
exchange.getIn().setBody(request);
exchange.getIn().getHeaders().put(AbstractWsEndpoint.OUTGOING_SOAP_HEADERS, headers);
LOG.info("Sending req to : " + endpoint);
Exchange result = this.producerTemplate.send(endpoint, exchange);
where headers is like
doc = db.parse(SamlAssertionXuaUtil.class.getClassLoader().getResourceAsStream(SAML2_ASSERTION_FILE));
Element assertion = doc.getDocumentElement();
SoapHeader header = new SoapHeader(new QName(assertion.getNamespaceURI(), assertion.getLocalName()),
assertion);
header.setMustUnderstand(true);
camelHeaders.put(new QName(assertion.getNamespaceURI()), header);
It is always returning all type of confidentially documents even if i am normal confidentiality role in header.
Could you please help me like am i passing correct way header or not ?
or do we have any other way to call IPF ?
Thanks,
Pankaj
Pankaj kumar lilhore
Sep 23, 2021, 7:59:50 AM9/23/21
to ipf-user
below is the saml2_assertion file -
<?xml version="1.0" encoding="UTF-8"?>
<Security
<Assertion ID="aab3a655-fd09-41f4-b684-326ffb5b855b"
Version="2.0" IssueInstant="2017-09-12T14:23:43Z"
xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
<Issuer
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName">CN=ClientCertificate,OU=PIV,ST=NJ,C=US,96e405049562e6f7267</Issuer>
<Subject>
<NameID
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=ClientCertificate,L=Zeist,ST=NJ,C=US,1</NameID>
<SubjectConfirmation
Method="urn:oasis:names:tc:SAML:2.0:cm:bearer" />
</Subject>
<Conditions NotBefore="2017-09-12T14:23:43Z"
NotOnOrAfter="2017-09-12T14:28:43Z" />
<AuthnStatement AuthnInstant="2017-09-12T14:23:43Z">
<SubjectLocality Address="1.1.1.1" DNSName="CARADIGM" />
<AuthnContext>
<AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef>
</AuthnContext>
</AuthnStatement>
<AttributeStatement>
<Attribute
Name="urn:oasis:names:tc:xspa:1.0:subject:subject-id">
<AttributeValue>Keyhie Provider</AttributeValue>
</Attribute>
<Attribute
Name="urn:oasis:names:tc:xspa:1.0:subject:organization">
<AttributeValue>KeyHIE</AttributeValue>
</Attribute>
<Attribute
Name="urn:oasis:names:tc:xspa:1.0:subject:organization-id">
<AttributeValue>urn:oid:</AttributeValue>
</Attribute>
<Attribute Name="urn:nhin:names:saml:homeCommunityId">
<AttributeValue></AttributeValue>
</Attribute>
<Attribute Name="urn:oasis:names:tc:xacml:2.0:subject:role">
<AttributeValue>
<Role code="View Normal Medical Data"
codeSystem="2.16.840"
codeSystemName="ICW Role Codes"
displayName="View Normal Medical Data" xmlns="urn:hl7-org:v3" />
</AttributeValue>
<AttributeValue>
<Role code="XDS Query Documents"
codeSystem="2.16.840"
codeSystemName="ICW Role Codes" displayName="XDS Query Documents"
xmlns="urn:hl7-org:v3" />
</AttributeValue>
</Attribute>
<Attribute
Name="urn:oasis:names:tc:xspa:1.0:subject:purposeofuse">
<AttributeValue>
<PurposeOfUse code="TREATMENT"
codeSystem="2.16.840"
codeSystemName="nhin-purpose" displayName="Treatment"
xmlns="urn:hl7-org:v3" />
</AttributeValue>
</Attribute>
</AttributeStatement>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#aab3a655-fd09-41f4-b684">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<Transform
Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
<XPath>//Assertion</XPath>
</Transform>
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<DigestValue>47DEQpj8HBSa</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>B+2</SignatureValue>
<KeyInfo>
<X509Data>
<X509SubjectName>CN=ClientCertificate,OU=PIV,C=US,1.2.840=2e6f7267</X509SubjectName>
<X509Certificate>MIIGqTCCBJGgAwIBAgIBETANBgkqhkidXcr/TAbCuY3OdSF/PExm7pxJ9QrrC8RSC8ns9JpAM5gWtgpFH7RkicrNC99kYEcO/S/agWEInsBvfwMaqiFL9bHUjBV6OmQgtmLAm/3jIn9Dsy+QshyTPeq6yaCStiNzXP+uW9HAdZDs5089OmYUAPzgZ4zrTAC/imlIx2d4PrfhPzDNejENhSE0vvxTv/e7F1TMs1MiJX+1GokT8GYJbROPs5Zd3C0oZHBs5DqJd78k3bL2J3ect/4cZYBF7w6/qoFvu2ZNma7ySFBT3ypGqimn081lfWRA4dkwJUe8C4gQZghSh5iXTTdSimWV5K1oCcawAP3VH9gzGHp07ReRmk5F1JOV1WcDvn7Sa0uAJXcjeyxUiUqVlr6KRqsrLU8St4uOanRezaW30=</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</Assertion>
<Timestamp Id="TIMESTAMP">
<Created>2017-09-12T14:23:43Z</Created>
<Expires>2017-09-12T14:28:43Z</Expires>
</Timestamp>
</Security>
Thomas Papke
Oct 14, 2021, 9:24:01 AM10/14/21
to ipf-...@googlegroups.com
Hello Pankaj,
have you checked if the receiving system receive the request with the provided token?
From the request it looks like you are interacting with the ICW XDS Registry? That your expectation is not working might be also a configuration aspect on the server side. Such aspects are outside of IPF, please get in contact with the ICW support.
Kind regards,
Thomas
--
You received this message because you are subscribed to the Google Groups "ipf-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
ipf-user+u...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ipf-user/bb808ba4-6bed-4d36-bd8e-6b19c00c07b8n%40googlegroups.com.
InterComponentWare GmbH:
Geschäftsführer: Herbert Stöger, Dr. Ralf Brandner
Unternehmenssitz: 69190 Walldorf, Altrottstraße 31
AG Mannheim HRB 740925 / USt.-IdNr.: DE 198388516
Geschäftsführer: Herbert Stöger, Dr. Ralf Brandner
Unternehmenssitz: 69190 Walldorf, Altrottstraße 31
AG Mannheim HRB 740925 / USt.-IdNr.: DE 198388516
Reply all
Reply to author
Forward
0 new messages