Authentication Problems

[mozzy mutesa]

Hello , we are still doing a pilot project.  using OpenHIM. but i constantly get issues with authenitcation the root user credentials. ro...@openhim.org   : openhim-password

Some times it works perfectly , but then after some time days ,i keep getting The supplied credentials were incorrect. Please try again . .

this end point now returns https://41.220.3.47:8080/users/ro...@openhim.org    =>     "Unauthorized"

https://41.220.3.47:8080/authenticate/ro...@openhim.org   =>  {"salt":"d9bcb40e-ae65-478f-962e-5e5e5e7d0a01","ts":"2020-02-23T16:55:59.426Z"} .

We dont yet have a DNS name , so we are still using self assigned certifecates. so for now i cant generate the Authenticated certifecates.

Currently i have tried all the recomended procedures but it doesnt work out.

Am runing OpenHIM as a docker container . I even tried deleting the containers and re-creating them agaain but now i cant login ,yet previosly the credentials were fine. What can i do ??

[Martin Brocker]

Hi Mozzy

Without knowing how this is all setup and configured, Its possible that the cause of this issue is due to the timestamp of the servers being slightly different. The authentication mechanism has a certain authentication window in which the request will be considered valid. If the server timestamps are different then this can cause the authentication issue.

Under the api  section within the applied config, you can also update the authentication window duration. By default, this is set to 10 seconds.

https://github.com/jembi/openhim-core-js/blob/master/config/config.md

"api": {
  ...
  // API request are only valid for a particular window once made, this is
  // the size of that window in seconds
  "authWindowSeconds": 10,
  ...
},

As a side note. Restarting the openhim core will only re-create the ro...@openhim.org with its default password if this user has been removed from the database or when the openhim core starts for the first time. This does not reset the ro...@openhim.org user on a restart if they already exist within the database

Regards,

Martin Brocker  Team Lead  martin....@jembi.org  Tel: +27 21 701 0939  Jembi Health Systems | Cape Town  www.jembi.org

This e-mail contains proprietary and confidential information some or all of which may be legally privileged. It is for the intended recipient only. If an addressing or transmission error has misdirected this e-mail, please notify the author by replying to this e-mail and then deleting same. If you are not the intended recipient you must not use, disclose, distribute, copy, print or rely on this e-mail. Jembi Health Systems NPO, its subsidiaries and associated companies is not liable for the security of information sent by e-mail and accepts no liability of whatsoever nature for any loss, damage or expense resulting, directly or indirectly, from the access of this e-mail or any attachments hereto.

--
You received this message because you are subscribed to the Google Groups "OpenHIM-Implementers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openhim-implemen...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/openhim-implementers/07b52d68-61b7-45fd-a628-788334e653a6%40googlegroups.com.

[Carl Leitner]

Hi,

Realizing that I am jumping into the middle of something w/o full context, I am wondering if you are using the IHE Consistent Time profile (which is based on NTP) to keep the server timestamps synced?

 https://wiki.ihe.net/index.php/Consistent_Time

Cheers,

-carl

To view this discussion on the web visit https://groups.google.com/d/msgid/openhim-implementers/CAEM1iGf%3DH3ZQ1xKpFcyv730KT3EkXF%3DCq96zZ2qpszRc3fxwcw%40mail.gmail.com.