EHR as responding system

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

EHR as responding system

vinish.viswan
This post was updated on .
Hi,

When we run a query from DIL testing tool to CONNECT gateway, it returns an error as response.

These policy alternatives can not be satisfied: {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}HttpsToken

Below is the error log in CONNECT server. When I talked to the DIL team they said it is known bug in CONNECT. They said we need to include the certs in both truststore and keystore. We did the same but the issue still exists. Is there any other work around for this?

05:58:31,348 WARN  [gov.hhs.fha.nhinc.callback.cxf.CONNECTSamlAssertionValidator] (http--0.0.0.0-8181-3) Could not establish trust of the signature's public key because no matching public key exists in the truststore. Please see GATEWAY-3146 for more details.
05:58:31,360 INFO  [gov.hhs.fha.nhinc.logging.transaction.TransactionLogger] (http--0.0.0.0-8181-3) pass in transaction-id is null for message id: urn:uuid:4e542087-8511-44a7-a345-8a8cfe24ef37
05:58:31,367 WARN  [org.apache.cxf.phase.PhaseInterceptorChain] (http--0.0.0.0-8181-3) Interceptor for {urn:ihe:iti:xcpd:2009}RespondingGateway_Service#{urn:ihe:iti:xcpd:2009}RespondingGateway_PRPA_IN201305UV02 has thrown exception, unwinding now: org.apache.cxf.ws.policy.PolicyException: These policy alternatives can not be satisfied:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}HttpsToken

    at org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(AssertionInfoMap.java:167) [cxf-rt-ws-policy-2.7.3.jar:2.7.3]
    at org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(PolicyVerificationInInterceptor.java:101) [cxf-rt-ws-policy-2.7.3.jar:2.7.3]
    at org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:44) [cxf-rt-ws-policy-2.7.3.jar:2.7.3]
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271) [cxf-api-2.7.3.jar:2.7.3]
    at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) [cxf-api-2.7.3.jar:2.7.3]
    at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:239) [cxf-rt-transports-http-2.7.3.jar:2.7.3]
    at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:218) [cxf-rt-transports-http-2.7.3.jar:2.7.3]
    at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:198) [cxf-rt-transports-http-2.7.3.jar:2.7.3]
    at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:137) [cxf-rt-transports-http-2.7.3.jar:2.7.3]
    at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:158) [cxf-rt-transports-http-2.7.3.jar:2.7.3]
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:243) [cxf-rt-transports-http-2.7.3.jar:2.7.3]
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:163) [cxf-rt-transports-http-2.7.3.jar:2.7.3]
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:219) [cxf-rt-transports-http-2.7.3.jar:2.7.3]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) [jbossweb-7.0.13.Final.jar:]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [jbossweb-7.0.13.Final.jar:]
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) [jbossweb-7.0.13.Final.jar:]
    at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]
    at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_131]

05:58:31,536 INFO  [org.apache.cxf.binding.soap.interceptor.Soap12FaultOutInterceptor] (http--0.0.0.0-8181-3) class org.apache.cxf.binding.soap.interceptor.Soap12FaultOutInterceptor$Soap12FaultOutInterceptorInternalapplication/soap+xml
05:58:31,546 WARN  [gov.hhs.fha.nhinc.callback.SOAPHeaderHandler] (http--0.0.0.0-8181-3) SoapHeaderHandler.handleFault
05:58:31,551 WARN  [gov.hhs.fha.nhinc.logging.transaction.TransactionHandler] (http--0.0.0.0-8181-3) TransactionHandler.handleFault


Below are the contents from our truststore and keystore.

gatewayList_main.gatewayList_main

cacertsList_main.cacertsList_main

Thanks & Regards
Vinish K
--
Thanks & Regards
Vinish K
Reply | Threaded
Open this post in threaded view
|

Re: EHR as responding system

Minh
Administrator
Hi Vinish,

Based on the previous posts in other forum topics, I assume that you are running CONNECT 4.7 on jboss-as-7.1.1.Final. Is that correct statement?  If possible, can you gather clean server log when you encounter this issue (include start up server log)?  

Base on the error above, it seems that you may have mis-configuration on truststore/signature/saml.properties.  Please make sure to put those on the classpath so that CONNECT can read from.  

Here is a reference ticket for the issue: https://connectopensource.atlassian.net/browse/GATEWAY-3146.  
Minh-Hai Nguyen
CONNECT Product Team Member
Reply | Threaded
Open this post in threaded view
|

Re: EHR as responding system

vinish.viswan
This post was updated on .
Minh,

As you said we are using CONNECT 4.7 in jboss-as-7.1.1.Final. I have taken the log of server startup and request received from DIL. Also attaching the files truststore/signature/saml.properties. Can you please take a look.

server.log
saml.properties
signature.properties
truststore.properties
java_variables.PNG

Where do we set the classpath? What is the classpath we need to set. Currently I have not set the CLASSPATH variable in environment variables.

Thank You for the support.

--
Vinish K
--
Thanks & Regards
Vinish K
Reply | Threaded
Open this post in threaded view
|

Re: EHR as responding system

Shalini
In reply to this post by Minh
Hi,

Setting the CLASSPATH did not make any difference
 



Reply | Threaded
Open this post in threaded view
|

Re: EHR as responding system

Minh
Administrator
In reply to this post by vinish.viswan
Hi Vinish,

Please see the deployment instruction wiki page for jboss as 7.1.1-final (https://connectopensource.atlassian.net/wiki/pages/viewpage.action?pageId=85852278).  We register custom module in module.xml which locates under ${JBOSS_HOME}/modules/org/connectopensource/configuration/main/module.xml. The application loads everything under "${JBOSS_HOME}/modules/org/connectopensource/configuration/main" which include gateway.jks/cacerts.jks unless you changes under standalone.xml and JAVA_OPTS.

Also make sure you have the correct path for standalone.conf.bat and standalone.xml.  In additional to that, your server also indicates port 8080 already taken "  java.net.BindException: Address already in use: JVM_Bind /0.0.0.0:8080".
If still doesn't work for you, please post your standalone.conf.bat and standalone.xml
Thanks,
Minh-Hai Nguyen
CONNECT Product Team Member