DIL Testing - Initiating Gateway and SOAPUI

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

DIL Testing - Initiating Gateway and SOAPUI

earla12
Good Afternoon,

I am attempting to use SOAPUI as part of the 'Initiating Gateway' tests for the DIL and am receiving
a 'SAML signature validation failed' error message.

I have my SSL keys set, the destination point and am using the following code in the "Patient Discovery' test.

I am very new to the SOAP testing with Connect.  Any help is greatly appreciated.

<?xml version="1.0"?>
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
<soap:Header>
 <wsse:Security soap:mustUnderstand="true" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
 <saml2:Assertion Version="2.0" IssueInstant="2018-05-10T17:52:49.760Z" ID="_b6b7131db2d64312b967582d350120e1" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
 <saml2:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=SAML User,OU=SU,O=SAML User,L=Los Angeles,ST=CA,C=US</saml2:Issuer>
 <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
 <ds:SignedInfo>
 <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
 <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
 <ds:Reference URI="#_b6b7131db2d64312b967582d350120e1">
 <ds:Transforms>
  <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>


<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">

<ec:InclusiveNamespaces PrefixList="xs" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>

</ds:Transform>

</ds:Transforms>

<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

<ds:DigestValue>oYtcfIdLBR/UGFCAyjOx0fx8Rg4=</ds:DigestValue>

</ds:Reference>

</ds:SignedInfo>

<ds:SignatureValue>QX0gq5YsymMFHrgtuoUfDaKZQd4iWQPEAWGpilOqa/GCBmCBWaJ+sRRLbXAuD0PVJ3+NAPWqKeQW9X74k0AnuTTDp4FrhFswFq8xDNZ6ep7DgxdK98+Zyu8hSec5Ig+MP8hsJ0ULJr49SdGfE/d48hnn9tencEKINfb+kqbh0OqMwRh/A5q9a2YeduqIrX3ILNLCW0m21y/vseCgfT/1RicFnesVdFQzQuQdMg81RZ1irgbuu+g8VE6BJMi4I8Jjkl2xcBoc1GQd9/FGc5Ozn+HlraETGP6hMCra2g8AYtXzG3ozCnN2gsxV2mcgp4w3rVRXeS1mxb3gD5hHuKtfBg==</ds:SignatureValue>


<ds:KeyInfo>


<ds:KeyValue>


<ds:RSAKeyValue>

<ds:Modulus>jeVzBrmTFQ+S837C7Lznw9BRukq5eImYi0XtVJc/LtLIiG3j+JSmh+FcekU4jh0c8Ymjb/czLv/Z Z7UO+SCSL7cWtH0rTwsNHFi8SgV9wqqUgCeTMOwu9RMa0iCWPimERoC37j+dPoXq66uGg0z/Yol/ h6bGfJIkaxAr2G9MPgZhATAfVkKQZjPG7Kh7aFSrdW1dNDSyjno6Qzq67VdJwy4MfPFcdbBaUU5a g6/T5fbFBrWozVqw8J1pZISLvNKcZsSFmeSFMLUZg0TxtBt/R2Yc9d/zEWNBAHz2dBleZWQAFvv/ 6iowQr+U++k9E2Vl4s74ef4jBay9KWBCMkAjWw==</ds:Modulus>

<ds:Exponent>AQAB</ds:Exponent>

</ds:RSAKeyValue>

</ds:KeyValue>

</ds:KeyInfo>

</ds:Signature>


<saml2:Subject>

<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">C=US, O=AEGISnetInc, CN=test.semhie.org</saml2:NameID>


<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">


<saml2:SubjectConfirmationData>


<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">


<ds:KeyValue>


<ds:RSAKeyValue>

<ds:Modulus>jeVzBrmTFQ+S837C7Lznw9BRukq5eImYi0XtVJc/LtLIiG3j+JSmh+FcekU4jh0c8Ymjb/czLv/Z Z7UO+SCSL7cWtH0rTwsNHFi8SgV9wqqUgCeTMOwu9RMa0iCWPimERoC37j+dPoXq66uGg0z/Yol/ h6bGfJIkaxAr2G9MPgZhATAfVkKQZjPG7Kh7aFSrdW1dNDSyjno6Qzq67VdJwy4MfPFcdbBaUU5a g6/T5fbFBrWozVqw8J1pZISLvNKcZsSFmeSFMLUZg0TxtBt/R2Yc9d/zEWNBAHz2dBleZWQAFvv/ 6iowQr+U++k9E2Vl4s74ef4jBay9KWBCMkAjWw==</ds:Modulus>

<ds:Exponent>AQAB</ds:Exponent>

</ds:RSAKeyValue>

</ds:KeyValue>

</ds:KeyInfo>

</saml2:SubjectConfirmationData>

</saml2:SubjectConfirmation>

</saml2:Subject>


<saml2:AuthnStatement AuthnInstant="2009-04-16T13:15:39.000Z">


<saml2:AuthnContext>

<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509</saml2:AuthnContextClassRef>

</saml2:AuthnContext>

</saml2:AuthnStatement>


<saml2:AttributeStatement>


<saml2:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oasis:names:tc:xspa:1.0:subject:subject-id">

<saml2:AttributeValue xsi:type="xs:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">ADAM ADAM</saml2:AttributeValue>

</saml2:Attribute>

</saml2:AttributeStatement>


<saml2:AttributeStatement>


<saml2:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oasis:names:tc:xspa:1.0:subject:organization">

<saml2:AttributeValue xsi:type="xs:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">AirCare</saml2:AttributeValue>

</saml2:Attribute>

</saml2:AttributeStatement>


<saml2:AttributeStatement>


<saml2:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oasis:names:tc:xacml:2.0:subject:role">


<saml2:AttributeValue>

<hl7:Role xsi:type="hl7:CE" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:hl7="urn:hl7-org:v3"/>

</saml2:AttributeValue>

</saml2:Attribute>

</saml2:AttributeStatement>


<saml2:AttributeStatement>


<saml2:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oasis:names:tc:xspa:1.0:subject:purposeofuse">


<saml2:AttributeValue>

<hl7:PurposeOfUse xsi:type="hl7:CE" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:hl7="urn:hl7-org:v3" displayName="Use or disclosure of Psychotherapy Notes" codeSystemName="nhin-purpose" codeSystem="2.16.840.1.113883.3.18.7.1" code="PSYCHOTHERAPY"/>

</saml2:AttributeValue>

</saml2:Attribute>

</saml2:AttributeStatement>

</saml2:Assertion>


<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-27">


<ds:SignedInfo>


<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">

<ec:InclusiveNamespaces PrefixList="soap" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>

</ds:CanonicalizationMethod>

<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>


<ds:Reference URI="#TS-26">


<ds:Transforms>


<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">

<ec:InclusiveNamespaces PrefixList="wsse soap" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>

</ds:Transform>

</ds:Transforms>

<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

<ds:DigestValue>lxRaBK1qrQarJO5Ax65xS/xAZuc=</ds:DigestValue>

</ds:Reference>

</ds:SignedInfo>

<ds:SignatureValue>i81VBCwPRFEyTHaG9AGJ+kEc24CLjR+Dui3Db+sA8S1SrvQu11b5z1BNuqHN5sC8Z7Ybvn6wsSswA4vUcMSK8N3noQ/uExwqd4KanUTmwpu1qahU5VVB18lYBfWztAkIJYjTHgitepvQ6Q1+cxQcFjprNX+xoozk2KpTCwzazwzDHYbUck3YXmRTiqeIYWPDP3HVzuFxY4u2BRVoweVqNn4ky5MKa/f/4wIiq3VYi32uq1CHLlQ9MkmE4lmk/95cJGqwztj4Uug45kqFeNsbsT8D13CwkdZF3b3KztGtLO+Gj9Q3fQC3Cq+uYq6FG70Lqto+Ie9o3aFMdI7uahFDYQ==</ds:SignatureValue>


<ds:KeyInfo Id="KeyId-777B9AFE39744B27C4152597476980717">


<wsse:SecurityTokenReference wsu:Id="STRId-777B9AFE39744B27C4152597476980718" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">

<wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">_b6b7131db2d64312b967582d350120e1</wsse:KeyIdentifier>

</wsse:SecurityTokenReference>

</ds:KeyInfo>

</ds:Signature>


<wsu:Timestamp wsu:Id="TS-26">

<wsu:Created>2018-05-10T15:02:49.760Z</wsu:Created>

<wsu:Expires>2018-05-10T18:52:49.760Z</wsu:Expires>

</wsu:Timestamp>

</wsse:Security>

<Action soap:mustUnderstand="true" xmlns="http://www.w3.org/2005/08/addressing">urn:hl7-org:v3:PRPA_IN201305UV02:CrossGatewayPatientDiscovery</Action>

<MessageID xmlns="http://www.w3.org/2005/08/addressing">urn:uuid:253fb8f2-34e6-4f82-8916-a045e09d313f</MessageID>

<To xmlns="http://www.w3.org/2005/08/addressing">https://dilhn001.dil.aegis.net:443/Gateway/PatientDiscovery/1_0/NhinService/NhinPatientDiscovery</To>


<ReplyTo soap:mustUnderstand="true" xmlns="http://www.w3.org/2005/08/addressing">

<Address>http://www.w3.org/2005/08/addressing/anonymous</Address>

</ReplyTo>

</soap:Header>


<soap:Body>


<PRPA_IN201305UV02 xmlns="urn:hl7-org:v3" xmlns:ns9="urn:oasis:names:tc:ebxml-regrep:xsd:query:3.0" xmlns:ns8="urn:oasis:names:tc:ebxml-regrep:xsd:rs:3.0" xmlns:ns7="urn:oasis:names:tc:ebxml-regrep:xsd:rim:3.0" xmlns:ns6="http://www.hhs.gov/healthit/nhin" xmlns:ns5="urn:gov:hhs:fha:nhinc:common:patientcorrelationfacade" xmlns:ns4="http://www.w3.org/2005/08/addressing" xmlns:ns3="urn:gov:hhs:fha:nhinc:common:nhinccommon" xmlns:ns2="urn:hl7-org:sdtc">

<creationTime value="20180510135249"/>


<receiver typeCode="RCV">


<device>


<asAgent>


<representedOrganization>

<id root="2.16.840.1.113883.3.1259.10.1001"/>

</representedOrganization>
</asAgent>

</device>

</receiver>


<sender typeCode="SND">


<device>


<asAgent>


<representedOrganization>

<id root="urn:oid:2.16.840.1.113883.4.366"/>

</representedOrganization>

</asAgent>

</device>

</sender>


<controlActProcess moodCode="EVN" classCode="CACT">


<authorOrPerformer>


<assignedDevice>

<id root="urn:oid:2.16.840.1.113883.4.366"/>

</assignedDevice>

</authorOrPerformer>


<queryByParameter>

<statusCode code="new"/>

<responseModalityCode code="R"/>

<responsePriorityCode code="I"/>


<parameterList>


<livingSubjectAdministrativeGender>

<value code="M"/>

</livingSubjectAdministrativeGender>


<livingSubjectBirthTime>

<value value="19600210"/>

</livingSubjectBirthTime>


<livingSubjectId>

<value root="" extension=""/>

</livingSubjectId>


<livingSubjectName>


<value>

<family partType="FAM">Carson</family>

<given partType="GIV">Robert</given>

</value>

</livingSubjectName>

</parameterList>

</queryByParameter>

</controlActProcess>

</PRPA_IN201305UV02>

</soap:Body>

</soap:Envelope>
Reply | Threaded
Open this post in threaded view
|

Re: DIL Testing - Initiating Gateway and SOAPUI

Sovann Huynh
Administrator
Can you enable SSL debugging and send us the entire server log?
Sovann
CONNECT Product Team Member
Reply | Threaded
Open this post in threaded view
|

Re: DIL Testing - Initiating Gateway and SOAPUI

earla12
Thank you for your quick reply.  I have attached my full server log below after enabling SSL debugging in JAVA.

server.log

Thanks,

Earl
Reply | Threaded
Open this post in threaded view
|

Re: DIL Testing - Initiating Gateway and SOAPUI

Sovann Huynh
Administrator
The log isn't showing any http dump, TLS handshake attempts, or SOAP messages.
Sovann
CONNECT Product Team Member
Reply | Threaded
Open this post in threaded view
|

Re: DIL Testing - Initiating Gateway and SOAPUI

earla12
I pulled a copy of the 'http' log from SOAPUI after I ran the PD script test.

soap-ui-http-log.txt

I see a 500 error and am working on what it relates to.

Thanks,

Earl
Reply | Threaded
Open this post in threaded view
|

Re: DIL Testing - Initiating Gateway and SOAPUI

earla12
I managed to get some data flow moving, but no response from the DIL.
I have captured the 'server.log' file associated when I ran the test.

server.zip

Any help is greatly appreciated.

Thanks,

Earl
Reply | Threaded
Open this post in threaded view
|

Re: DIL Testing - Initiating Gateway and SOAPUI

johnhd_at_zen
Can you clarify something for me? Your issue is that you're using a modified version of a SOAP UI test to send a "trigger message" to the gateway, to have it send a XCPD message to an activated DIL test?

Is it your CONNECT gateway complaining about a lack of SAML from soap UI? Or is it the DIL server complaining about a lack of SAML from the CONNECT gateway?
Ask The Experts! Free 15 minute live Q&A sessions with one of Zen's Expert Integrators @ https://consultzen.com/integration-service-desk-solutions/

www.consultzen.com
Reply | Threaded
Open this post in threaded view
|

Re: DIL Testing - Initiating Gateway and SOAPUI

johnhd_at_zen
I checked the log in your last attachment. I see 5 instances of a 500 response. Here's one:

2018-05-21 11:25:55,867 INFO  [org.apache.cxf.services.EntityDocRetrieve.EntityDocRetrievePortSoap.EntityDocRetrievePortType] (default task-9) Outbound Message
---------------------------
ID: 23
Response-Code: 500
Encoding: UTF-8
Content-Type: application/soap+xml
Headers: {}
Payload: <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"><soap:Header/><soap:Body><soap:Fault><soap:Code><soap:Value>soap:Receiver</soap:Value></soap:Code><soap:Reason><soap:Text xml:lang="en">Fault occurred while processing.</soap:Text></soap:Reason></soap:Fault></soap:Body></soap:Envelope>
--------------------------------------

Notice that this is an OUTBOUND message though. This is because you don't really have full visibility into the transaction because your application server (Wildfly?) isn't configured to show you all the SOAP envelopes that are flying around by default. (Easy to add depending on your version of Wildfly). This also means we don't really see your "trigger" messages or the messages attempting to actually be sent to the DIL server (or the DIL's responses).

Why is it OUTBOUND? Because it's actually your own gateway throwing the 500 error in response to "itself". (There's probably a corresponding "hidden" INBOUND request that you would see with full SOAP logging enabled).

So what's the problem that's causing a 500? There's a bunch of stacktraces that preceed this 500 that give us a hint:

Caused by: java.lang.NullPointerException
	at gov.hhs.fha.nhinc.docretrieve.outbound.PassthroughOutboundDocRetrieve.

This tells me that you probably are missing an entry in your internalConnectionInfo.xml / internalExchangeInfo.xml (or maybe uddiConnectionInfo.xml / exchangeInfo.xml- depends on your configuration and the version of CONNECT you're using.)

Per that line, you appear to be attempting to send a DocRetrieve request to (I'm assuming) one of the DIL servers, but you don't actually have an entry for that service present in the appropriate file (uddi/internal/exchange/bla/info.xml). Or you might have an entry for this service, but it has a rogue character or space in the URL, or no URL at all. Another option is that you might be passing an incorrect OID in your trigger message.

Hope this helps. Let us know?
Ask The Experts! Free 15 minute live Q&A sessions with one of Zen's Expert Integrators @ https://consultzen.com/integration-service-desk-solutions/

www.consultzen.com