DIL Testing - Initiating Gateway and SOAPUI

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

DIL Testing - Initiating Gateway and SOAPUI

earla12
Good Afternoon,

I am attempting to use SOAPUI as part of the 'Initiating Gateway' tests for the DIL and am receiving
a 'SAML signature validation failed' error message.

I have my SSL keys set, the destination point and am using the following code in the "Patient Discovery' test.

I am very new to the SOAP testing with Connect.  Any help is greatly appreciated.

<?xml version="1.0"?>
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
<soap:Header>
 <wsse:Security soap:mustUnderstand="true" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
 <saml2:Assertion Version="2.0" IssueInstant="2018-05-10T17:52:49.760Z" ID="_b6b7131db2d64312b967582d350120e1" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
 <saml2:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=SAML User,OU=SU,O=SAML User,L=Los Angeles,ST=CA,C=US</saml2:Issuer>
 <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
 <ds:SignedInfo>
 <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
 <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
 <ds:Reference URI="#_b6b7131db2d64312b967582d350120e1">
 <ds:Transforms>
  <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>


<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">

<ec:InclusiveNamespaces PrefixList="xs" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>

</ds:Transform>

</ds:Transforms>

<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

<ds:DigestValue>oYtcfIdLBR/UGFCAyjOx0fx8Rg4=</ds:DigestValue>

</ds:Reference>

</ds:SignedInfo>

<ds:SignatureValue>QX0gq5YsymMFHrgtuoUfDaKZQd4iWQPEAWGpilOqa/GCBmCBWaJ+sRRLbXAuD0PVJ3+NAPWqKeQW9X74k0AnuTTDp4FrhFswFq8xDNZ6ep7DgxdK98+Zyu8hSec5Ig+MP8hsJ0ULJr49SdGfE/d48hnn9tencEKINfb+kqbh0OqMwRh/A5q9a2YeduqIrX3ILNLCW0m21y/vseCgfT/1RicFnesVdFQzQuQdMg81RZ1irgbuu+g8VE6BJMi4I8Jjkl2xcBoc1GQd9/FGc5Ozn+HlraETGP6hMCra2g8AYtXzG3ozCnN2gsxV2mcgp4w3rVRXeS1mxb3gD5hHuKtfBg==</ds:SignatureValue>


<ds:KeyInfo>


<ds:KeyValue>


<ds:RSAKeyValue>

<ds:Modulus>jeVzBrmTFQ+S837C7Lznw9BRukq5eImYi0XtVJc/LtLIiG3j+JSmh+FcekU4jh0c8Ymjb/czLv/Z Z7UO+SCSL7cWtH0rTwsNHFi8SgV9wqqUgCeTMOwu9RMa0iCWPimERoC37j+dPoXq66uGg0z/Yol/ h6bGfJIkaxAr2G9MPgZhATAfVkKQZjPG7Kh7aFSrdW1dNDSyjno6Qzq67VdJwy4MfPFcdbBaUU5a g6/T5fbFBrWozVqw8J1pZISLvNKcZsSFmeSFMLUZg0TxtBt/R2Yc9d/zEWNBAHz2dBleZWQAFvv/ 6iowQr+U++k9E2Vl4s74ef4jBay9KWBCMkAjWw==</ds:Modulus>

<ds:Exponent>AQAB</ds:Exponent>

</ds:RSAKeyValue>

</ds:KeyValue>

</ds:KeyInfo>

</ds:Signature>


<saml2:Subject>

<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">C=US, O=AEGISnetInc, CN=test.semhie.org</saml2:NameID>


<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">


<saml2:SubjectConfirmationData>


<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">


<ds:KeyValue>


<ds:RSAKeyValue>

<ds:Modulus>jeVzBrmTFQ+S837C7Lznw9BRukq5eImYi0XtVJc/LtLIiG3j+JSmh+FcekU4jh0c8Ymjb/czLv/Z Z7UO+SCSL7cWtH0rTwsNHFi8SgV9wqqUgCeTMOwu9RMa0iCWPimERoC37j+dPoXq66uGg0z/Yol/ h6bGfJIkaxAr2G9MPgZhATAfVkKQZjPG7Kh7aFSrdW1dNDSyjno6Qzq67VdJwy4MfPFcdbBaUU5a g6/T5fbFBrWozVqw8J1pZISLvNKcZsSFmeSFMLUZg0TxtBt/R2Yc9d/zEWNBAHz2dBleZWQAFvv/ 6iowQr+U++k9E2Vl4s74ef4jBay9KWBCMkAjWw==</ds:Modulus>

<ds:Exponent>AQAB</ds:Exponent>

</ds:RSAKeyValue>

</ds:KeyValue>

</ds:KeyInfo>

</saml2:SubjectConfirmationData>

</saml2:SubjectConfirmation>

</saml2:Subject>


<saml2:AuthnStatement AuthnInstant="2009-04-16T13:15:39.000Z">


<saml2:AuthnContext>

<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509</saml2:AuthnContextClassRef>

</saml2:AuthnContext>

</saml2:AuthnStatement>


<saml2:AttributeStatement>


<saml2:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oasis:names:tc:xspa:1.0:subject:subject-id">

<saml2:AttributeValue xsi:type="xs:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">ADAM ADAM</saml2:AttributeValue>

</saml2:Attribute>

</saml2:AttributeStatement>


<saml2:AttributeStatement>


<saml2:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oasis:names:tc:xspa:1.0:subject:organization">

<saml2:AttributeValue xsi:type="xs:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">AirCare</saml2:AttributeValue>

</saml2:Attribute>

</saml2:AttributeStatement>


<saml2:AttributeStatement>


<saml2:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oasis:names:tc:xacml:2.0:subject:role">


<saml2:AttributeValue>

<hl7:Role xsi:type="hl7:CE" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:hl7="urn:hl7-org:v3"/>

</saml2:AttributeValue>

</saml2:Attribute>

</saml2:AttributeStatement>


<saml2:AttributeStatement>


<saml2:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oasis:names:tc:xspa:1.0:subject:purposeofuse">


<saml2:AttributeValue>

<hl7:PurposeOfUse xsi:type="hl7:CE" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:hl7="urn:hl7-org:v3" displayName="Use or disclosure of Psychotherapy Notes" codeSystemName="nhin-purpose" codeSystem="2.16.840.1.113883.3.18.7.1" code="PSYCHOTHERAPY"/>

</saml2:AttributeValue>

</saml2:Attribute>

</saml2:AttributeStatement>

</saml2:Assertion>


<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-27">


<ds:SignedInfo>


<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">

<ec:InclusiveNamespaces PrefixList="soap" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>

</ds:CanonicalizationMethod>

<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>


<ds:Reference URI="#TS-26">


<ds:Transforms>


<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">

<ec:InclusiveNamespaces PrefixList="wsse soap" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>

</ds:Transform>

</ds:Transforms>

<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

<ds:DigestValue>lxRaBK1qrQarJO5Ax65xS/xAZuc=</ds:DigestValue>

</ds:Reference>

</ds:SignedInfo>

<ds:SignatureValue>i81VBCwPRFEyTHaG9AGJ+kEc24CLjR+Dui3Db+sA8S1SrvQu11b5z1BNuqHN5sC8Z7Ybvn6wsSswA4vUcMSK8N3noQ/uExwqd4KanUTmwpu1qahU5VVB18lYBfWztAkIJYjTHgitepvQ6Q1+cxQcFjprNX+xoozk2KpTCwzazwzDHYbUck3YXmRTiqeIYWPDP3HVzuFxY4u2BRVoweVqNn4ky5MKa/f/4wIiq3VYi32uq1CHLlQ9MkmE4lmk/95cJGqwztj4Uug45kqFeNsbsT8D13CwkdZF3b3KztGtLO+Gj9Q3fQC3Cq+uYq6FG70Lqto+Ie9o3aFMdI7uahFDYQ==</ds:SignatureValue>


<ds:KeyInfo Id="KeyId-777B9AFE39744B27C4152597476980717">


<wsse:SecurityTokenReference wsu:Id="STRId-777B9AFE39744B27C4152597476980718" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">

<wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">_b6b7131db2d64312b967582d350120e1</wsse:KeyIdentifier>

</wsse:SecurityTokenReference>

</ds:KeyInfo>

</ds:Signature>


<wsu:Timestamp wsu:Id="TS-26">

<wsu:Created>2018-05-10T15:02:49.760Z</wsu:Created>

<wsu:Expires>2018-05-10T18:52:49.760Z</wsu:Expires>

</wsu:Timestamp>

</wsse:Security>

<Action soap:mustUnderstand="true" xmlns="http://www.w3.org/2005/08/addressing">urn:hl7-org:v3:PRPA_IN201305UV02:CrossGatewayPatientDiscovery</Action>

<MessageID xmlns="http://www.w3.org/2005/08/addressing">urn:uuid:253fb8f2-34e6-4f82-8916-a045e09d313f</MessageID>

<To xmlns="http://www.w3.org/2005/08/addressing">https://dilhn001.dil.aegis.net:443/Gateway/PatientDiscovery/1_0/NhinService/NhinPatientDiscovery</To>


<ReplyTo soap:mustUnderstand="true" xmlns="http://www.w3.org/2005/08/addressing">

<Address>http://www.w3.org/2005/08/addressing/anonymous</Address>

</ReplyTo>

</soap:Header>


<soap:Body>


<PRPA_IN201305UV02 xmlns="urn:hl7-org:v3" xmlns:ns9="urn:oasis:names:tc:ebxml-regrep:xsd:query:3.0" xmlns:ns8="urn:oasis:names:tc:ebxml-regrep:xsd:rs:3.0" xmlns:ns7="urn:oasis:names:tc:ebxml-regrep:xsd:rim:3.0" xmlns:ns6="http://www.hhs.gov/healthit/nhin" xmlns:ns5="urn:gov:hhs:fha:nhinc:common:patientcorrelationfacade" xmlns:ns4="http://www.w3.org/2005/08/addressing" xmlns:ns3="urn:gov:hhs:fha:nhinc:common:nhinccommon" xmlns:ns2="urn:hl7-org:sdtc">

<creationTime value="20180510135249"/>


<receiver typeCode="RCV">


<device>


<asAgent>


<representedOrganization>

<id root="2.16.840.1.113883.3.1259.10.1001"/>

</representedOrganization>
</asAgent>

</device>

</receiver>


<sender typeCode="SND">


<device>


<asAgent>


<representedOrganization>

<id root="urn:oid:2.16.840.1.113883.4.366"/>

</representedOrganization>

</asAgent>

</device>

</sender>


<controlActProcess moodCode="EVN" classCode="CACT">


<authorOrPerformer>


<assignedDevice>

<id root="urn:oid:2.16.840.1.113883.4.366"/>

</assignedDevice>

</authorOrPerformer>


<queryByParameter>

<statusCode code="new"/>

<responseModalityCode code="R"/>

<responsePriorityCode code="I"/>


<parameterList>


<livingSubjectAdministrativeGender>

<value code="M"/>

</livingSubjectAdministrativeGender>


<livingSubjectBirthTime>

<value value="19600210"/>

</livingSubjectBirthTime>


<livingSubjectId>

<value root="" extension=""/>

</livingSubjectId>


<livingSubjectName>


<value>

<family partType="FAM">Carson</family>

<given partType="GIV">Robert</given>

</value>

</livingSubjectName>

</parameterList>

</queryByParameter>

</controlActProcess>

</PRPA_IN201305UV02>

</soap:Body>

</soap:Envelope>
Reply | Threaded
Open this post in threaded view
|

Re: DIL Testing - Initiating Gateway and SOAPUI

Sovann Huynh
Administrator
Can you enable SSL debugging and send us the entire server log?
Sovann
CONNECT Product Team Member
Reply | Threaded
Open this post in threaded view
|

Re: DIL Testing - Initiating Gateway and SOAPUI

earla12
Thank you for your quick reply.  I have attached my full server log below after enabling SSL debugging in JAVA.

server.log

Thanks,

Earl
Reply | Threaded
Open this post in threaded view
|

Re: DIL Testing - Initiating Gateway and SOAPUI

Sovann Huynh
Administrator
The log isn't showing any http dump, TLS handshake attempts, or SOAP messages.
Sovann
CONNECT Product Team Member
Reply | Threaded
Open this post in threaded view
|

Re: DIL Testing - Initiating Gateway and SOAPUI

earla12
I pulled a copy of the 'http' log from SOAPUI after I ran the PD script test.

soap-ui-http-log.txt

I see a 500 error and am working on what it relates to.

Thanks,

Earl
Reply | Threaded
Open this post in threaded view
|

Re: DIL Testing - Initiating Gateway and SOAPUI

earla12
I managed to get some data flow moving, but no response from the DIL.
I have captured the 'server.log' file associated when I ran the test.

server.zip

Any help is greatly appreciated.

Thanks,

Earl