Quantcast

Connect 4.5 JBoss 7.1.1 Unable to access Secured Entity Endpoints

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Connect 4.5 JBoss 7.1.1 Unable to access Secured Entity Endpoints

sivakashi
Hi, I am able to test PD, QD, RD and DS operations(unsecured) from SOAP ValidationSuite and Client Stubs between two gateways. EX: http://localhost:8080/Gateway/PatientDiscovery/1_0/EntityPatientDiscovery I would like to perform same with secured endpoints but unable to call secured endpoints on http's(8181) port. Do we need to make any changes in JBOSS_HOME/standalone/configuraton/standalone.xml file in order to access secured end points. EX: https://localhost:8181/Gateway/PatientDiscovery/1_0/EntityService/EntityPatientDiscoverySecured Please provide clear instructions to enable secured endpoints on Connect 4.5 JBoss 7.1.1(Windows & Linux). Thanks, Kashinath
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Connect 4.5 JBoss 7.1.1 Unable to access Secured Entity Endpoints

Minh
Administrator
Hi Kashinath,

Please this wiki page(https://connectopensource.atlassian.net/wiki/pages/viewpage.action?pageId=32374859)  on how to set up ssl on jboss. Once you set up properly, please run SOAP ValidationSuite to make sure the loop back is working (you target your own gateway).  When this is done, please follow your normal procedure to test gateway to gateway (make sure you exchange gateway public certficiation).

For survey purpose on how to make CONNECT become better product, which organization do you support?

Thanks,
Minh-Hai Nguyen
CONNECT Product Team Member
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Connect 4.5 JBoss 7.1.1 Unable to access Secured Entity Endpoints

sivakashi
In reply to this post by sivakashi
While doing PD request test as INITIATOR with DIL Test Systems. I am getting below errors from test execution.
nhinc directory property showing at jboss server startup but still getting error like "Unable to access system variable: nhinc.properties.dir."
1)
19:16:34,365 INFO  [gov.hhs.fha.nhinc.webserviceproxy.WebServiceProxyHelper] (http--0.0.0.0-8080-1) Target Sys properties Home Comm ID: urn:oid:2.16.840.1.113883.3.1259.10.1001
19:16:34,366 INFO  [gov.hhs.fha.nhinc.webserviceproxy.WebServiceProxyHelper] (http--0.0.0.0-8080-1) Target Sys properties Home Comm Description: RI0002 Test System
19:16:34,366 INFO  [gov.hhs.fha.nhinc.webserviceproxy.WebServiceProxyHelper] (http--0.0.0.0-8080-1) Target Sys properties Home Comm Name: RI0002 Test System
19:16:34,367 ERROR [gov.hhs.fha.nhinc.connectmgr.ConnectionManagerCache] (http--0.0.0.0-8080-1) gov.hhs.fha.nhinc.connectmgr.ConnectionManagerException: Unable to access system variable: nhinc.properties.dir.
19:16:34,367 WARN  [gov.hhs.fha.nhinc.connectmgr.ConnectionManagerCache] (http--0.0.0.0-8080-1) No UDDI information was found
19:16:34,368 INFO  [gov.hhs.fha.nhinc.logging.transaction.dao.TransactionDAO] (http--0.0.0.0-8080-1) -- MessageId Parameter is required for Transaction Query --
19:16:34,369 INFO  [gov.hhs.fha.nhinc.logging.transaction.dao.TransactionDAO] (http--0.0.0.0-8080-1) -- MessageId Parameter is required for Transaction Query --
19:16:34,386 INFO  [gov.hhs.fha.nhinc.event.Log4jEventLogger] (http--0.0.0.0-8080-1) BEGIN_INVOCATION_TO_NWHIN has triggered. It has messageID null, transactionID null and description {"initiating_hcid":"urn:oid:xx.xxx.xxx.0.0","npi":"1234567890","responding_hcids":["urn:oid:2.16.840.1.113883.3.1259.10.1001"],"service_type":"Patient Discovery","action":"1.0","response_ids":["urn:uuid:0f56aad6-3dbd-44fe-9fdb-f8971fe4646a"]}
19:16:34,393 ERROR [gov.hhs.fha.nhinc.connectmgr.ConnectionManagerCache] (http--0.0.0.0-8080-1) gov.hhs.fha.nhinc.connectmgr.ConnectionManagerException: Unable to access system variable: nhinc.properties.dir.
19:16:34,394 WARN  [gov.hhs.fha.nhinc.connectmgr.ConnectionManagerCache] (http--0.0.0.0-8080-1) No UDDI information was found
19:16:34,394 ERROR [gov.hhs.fha.nhinc.patientdiscovery.nhin.proxy.NhinPatientDiscoveryProxyWebServiceSecuredImpl] (http--0.0.0.0-8080-1) Failed to call the web service (PatientDiscovery).  The URL is null.

2)
19:16:34,407 ERROR [gov.hhs.fha.nhinc.connectmgr.ConnectionManagerCache] (http--0.0.0.0-8080-1) gov.hhs.fha.nhinc.connectmgr.ConnectionManagerException: Unable to access system variable: nhinc.properties.dir.
19:16:34,408 WARN  [gov.hhs.fha.nhinc.connectmgr.ConnectionManagerCache] (http--0.0.0.0-8080-1) No UDDI information was found
19:16:34,413 WARN  [gov.hhs.fha.nhinc.callback.openSAML.HOKSAMLAssertionBuilder] (http--0.0.0.0-8080-1) Not a Valid Distinguished Name, setting the value from Certificate..
19:16:34,413 WARN  [gov.hhs.fha.nhinc.callback.openSAML.HOKSAMLAssertionBuilder] (http--0.0.0.0-8080-1) Not a Valid Distinguished Name, setting the value from Certificate..
19:16:34,478 INFO  [gov.hhs.fha.nhinc.auditrepository.nhinc.AuditRepositorySecuredImpl] (http--0.0.0.0-8181-1) Entering AuditRepositoryImpl.logAudit
19:16:34,482 WARN  [gov.hhs.fha.nhinc.openSAML.extraction.OpenSAMLAssertionExtractorImpl] (http--0.0.0.0-8181-1) Subject name format is not X509!

Please find attached server log and standalone.conf filesserver.logstandalone.conf
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Connect 4.5 JBoss 7.1.1 Unable to access Secured Entity Endpoints

Minh
Administrator
Please confirm that you have internalConnectionInfo.xml and uddiConnectionInfo.xml and correct permission for those files inside the "/usr/share/jboss-as-7.1.1.Final/modules/org/connectopensource/configuration/main/"

Thanks
Minh-Hai Nguyen
CONNECT Product Team Member
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Connect 4.5 JBoss 7.1.1 Unable to access Secured Entity Endpoints

sivakashi
Hi,

I have fixed nhinc.properties.dir property issue and now able to access uddiConnectionInfo.xml file.
Able to do PD request test with DIL environment and getting patient information.
Here new issue I am getting on SAML assertion below are the details from DIL log.
1)
Type Message
ERROR MA-1031 SAML Assertion: Assertion/saml2:Issuer is an X.509 Subject Name Format and the value of, 'CN=SAML User,OU=SU,O=SAML User,L=Los Angeles,ST=CA,C=US', appears to contain a default value ('SAML User') and not one that properly identifies the requesting organization. See specifications: NwHIN Spec Reference: Authorization Framework 3.0: 3.3(2011) Authorization Framework 2.0: 3.3(2010); Other Reference : OASIS Reference : SAML 2.0: 8.3.3.
[Manual] MA-1031 SAML Assertion: Assertion/saml2:Issuer is an X.509 Subject Name and has a value of, 'CN=SAML User,OU=SU,O=SAML User,L=Los Angeles,ST=CA,C=US'. This value will be manually reviewed for compliance.

2)
Type Message
ERROR MA-1061 SAML Assertion: Assertion/saml2:Subject/saml2:NameID is an X.509 Subject Name Format and the value of, 'C=US, O=AEGISnetInc, CN=azuba.innominds.com' does NOT appear to be in a conforming X.509 Subject Name format. See specifications: NwHIN Spec Reference: Authorization Framework 3.0: 3.3(2011) Authorization Framework 2.0: 3.3(2010); OASIS Reference : SAML 2.0: 8.3.3.
[Manual] MA-1061 SAML Assertion: Assertion/saml2:Subject/saml2:NameID is an X.509 Subject Name and has a value of, 'C=US, O=AEGISnetInc, CN=azuba.innominds.com'. This value will be manually reviewed for compliance.

Do I need to make changes to assertioninfo.properties file to pick correct SAML issuer.
assertioninfo.properties

Full testcase logging details from DIL.
TestResults14-10-16-Success.zip

Please check the attached files and provide solution.

Thanks,
Kashinath
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Connect 4.5 JBoss 7.1.1 Unable to access Secured Entity Endpoints

Sovann Huynh
Administrator
Kashinath, these are errors with your SAML assertions. It looks like the DIL is recognizing those values as dummy values and expects real edge system data.
Sovann
CONNECT Product Team Member
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Connect 4.5 JBoss 7.1.1 Unable to access Secured Entity Endpoints

vinish.viswan
Kasinath,

Is this issue resolved? I am getting the same issue at my side.

--
Vinish K
--
Thanks & Regards
Vinish K
Loading...