Re: OpenHIM Authentication

8 views
Skip to first unread message

Ryan Crichton

unread,
Apr 4, 2016, 4:31:21 AM4/4/16
to ting.ca...@yahoo.com, Susan Pancho-Festin, Daniel Garcia, OpenHIM-Implementers
Hi,

Sorry for the delayed reply, I've been on annual leave.

I've cc'd the OpenHIM-implementers list. You can use this list to get help for others that work on the OpenHIM as well.

Securing a route means that it will use https to communicate with the outbound endpoint. Is this route pointing to your mediator? If so the mediator would need to support https requests.

However, I'm not quite sure what you are trying to test with regard to authentication. Instead of looking at secured routes perhaps you should be looking at creating 'clients' in the OpenHIM and using and managing certificates via the keystore. If you could explain what you are trying to check in more details we could help guide you in this.

Cheers,
Ryan

On Thu, Mar 24, 2016 at 8:05 AM <ting.ca...@yahoo.com> wrote:
Hello Sir! 

We are Louvette Ting and Daniel Garcia from the University of the Philippines - Diliman. We are computer science students in our senior year, working on a special project as fulfillment of our final course requirements. The project we decided to take on concerns the security mechanism of the OpenHIE, particularly Authentication in the Interoperability Layer. 

Our plan for the project is to check and evaluate the current authentication mechanisms of the reference implementation OpenHIM. We've managed to simulate a simple transaction in OpenHIM last semester. Now, we've encountered some problems when we tried some settings in the OpenHIM.

In the 'Routes' section, when we set the secured route option to 'True', an error is reflected in the server logs:

================Excerpt from openhim-core.log
2015-12-15T10:55:49.358Z - info: [worker1] Storing request metadata for inbound transaction
2015-12-15T10:55:49.490Z - info: [worker1] Routing http(s) request
2015-12-15T10:55:50.031Z - error: [worker1] Internal server error occured: Error: socket hang up 
2015-12-15T10:55:50.036Z - error: [worker1] Error: socket hang up
    at createHangUpError (_http_client.js:215:15)
    at Socket.socketOnEnd (_http_client.js:300:23)
    at Socket.emit (events.js:129:20)
    at _stream_readable.js:908:16
    at process._tickCallback (node.js:355:11)
2015-12-15T10:55:50.138Z - info: [worker1] Storing events for transaction: 566ff1b5965f9b290555dc51
2015-12-15T10:55:50.202Z - info: [worker1] Final status for transaction 566ff1b5965f9b290555dc51 : Failed
======================

We've tried searching the current documentation and openhim github page for anything that can help us with this issue but failed to find relevant information. There was a similar socket hang up error in the github issues page, but I'm not sure that it is the same problem. 

Note that for the setup,we used the latest openhim version(pushed in github) and we used a nodejs mediator made through the yeoman generator.

We'd also like to ask what are the future plans for authentication/authorization in OpenHIE?

Any help will be greatly appreciated. Thank you!

Best regards,
Louvette and Daniel
--
Ryan Crichton
Lead Developer, Jembi Health Systems  SOUTH AFRICA
Mobile: +27845829934 | Skype: ryan.graham.crichton
E-mail: ry...@jembi.org

Susan Pancho-Festin

unread,
Apr 6, 2016, 12:05:57 AM4/6/16
to Ryan Crichton, ting.ca...@yahoo.com, Daniel Garcia, OpenHIM-Implementers
HI Ryan,

Thanks for the reply and the suggestions. Yes, we're currently now looking at having the mediator support https requests; we'll also look at creating the 'clients' in OpenHIM and certificate management.

We'll keep you posted.

Regards,
Susan
--
Susan Pancho-Festin / Computer Security Research Group, University of the Philippines /  susan....@up.edu.ph

Ryan Crichton

unread,
Apr 6, 2016, 3:54:45 AM4/6/16
to spfes...@gmail.com, ting.ca...@yahoo.com, Daniel Garcia, OpenHIM-Implementers
Great let us know if you need any help.

If you would like to, you can share with us a little bit about what your group is doing with the OpenHIM and why. That may help us in being able to assist you better.

Cheers,
Ryan
Reply all
Reply to author
Forward
0 new messages