IdentifyPerson / PhoneticSearch

Dec 21, 2010 at 11:04 AM

Do the following services also work with this?
IdentifyPerson / PhoneticSearch

I have created a .Net 2.0 program that connects and I can send the requests
But I get always the message that the TokenID is not correct.

It is because there are extra tags

<SearchPhoneticRequest xmlns="urn:be:fgov:ehealth:consultRN:1_0:protocol">
<Organisation xmlns="">

Someone of eHealth has told me that the xmlns are to much. it should be like this:

<crn:SearchPhoneticRequest >
<Organisation>

Can you help me?

Coordinator
Dec 22, 2010 at 11:39 AM

Hello,

First of all, you will have to use .Net 4.0 if you want it working with this library.

The eH-I library will help you creating a correct signature (e.g. sign the body) with WCF.  Since you use .Net 2.0 you probably use WSE 3.0, but that is no longer supported by Microsoft so there are not plans to support it with eH-I.

Unfortunately there isn't a generic solution for the namespace issue.  I do have a detailed wiki-page on the subject: http://ehi.codeplex.com/wikipage?title=root%20elements%20in%20unqualified%20form&referringTitle=Documentation.  I did do that for the codage service, but wasn't able to do it for the IdentifyPerson yet.

I will be glad to do it for you, if you can provide the WSDL of the service.  Also, if you could be my "tester" for this is would be great, because of the nature of this service I'm not allowed to have access to it.

Kind regards,

Bryan.

Dec 22, 2010 at 12:03 PM

oké

It is no problem to upgrade .Net 4.0
I used WSE 3.0

I'm glad that you would like to implement it for me.

The wsdl and schemas

http://xtensodownloads.be/XtensoTeam/Courts/crn_identifyPerson-1-0.zip
http://xtensodownloads.be/XtensoTeam/Courts/crn_phoneticSearch-1-0.zip

Thanks

Stijn

Coordinator
Dec 22, 2010 at 3:48 PM

Hello,

I added a test for the identify person, could you please run the test case in the new rn-test project?  You will have to change the tumbprint of the client certificate and provider your application ID.

Please let me know if it work and if not what the exact error message is.  As indicated before I can't test myself.

Bryan.

Dec 23, 2010 at 8:47 AM

I get:

{<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
  <s:Header xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" />
  <soapenv:Body>
    <soapenv:Fault>
      <faultcode>soapenv:Server</faultcode>
      <faultstring>BEA-386102: Message-level authorization denied</faultstring>
      <detail>
        <con:fault xmlns:con="http://www.bea.com/wli/sb/context">
          <con:errorCode>BEA-386102</con:errorCode>
          <con:reason>Message-level authorization denied</con:reason>
          <con:location>
            <con:path>request-pipeline</con:path>
          </con:location>
        </con:fault>
      </detail>
    </soapenv:Fault>
  </soapenv:Body>
</soapenv:Envelope>}

Coordinator
Dec 23, 2010 at 9:00 AM

Did you use an eHealth authorized certificate and ApplicationID?

I get the same error, but that is normal because I don't have an certificate nor a application id.

Dec 23, 2010 at 9:52 AM
Edited Dec 23, 2010 at 9:53 AM

Yes, I do

But what i don't see is the X509SecurityToken

The security header is missing:

{<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
  <s:Header>
    <VsDebuggerCausalityData xmlns="uIDPo+ravWFNcXJLnsoF/QD7+tgAAAAADe41L1fRwUi/kqnEck2qI2P6ROMFaUxNkqNxUVYyTpsACQAAhttp://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPo+ravWFNcXJLnsoF/QD7+tgAAAAADe41L1fRwUi/kqnEck2qI2P6ROMFaUxNkqNxUVYyTpsACQAA</VsDebuggerCausalityData>
  </s:Header>
  <s:Body>
    <q1:SearchBySSINRequest xmlns:q1="urn:be:fgov:ehealth:consultRN:1_0:protocol">
      <Organisation>
        <Id>0419920423"</Id>
        <Type>CBE</Type>
        <SubType />
      </Organisation>
      <ApplicationID />
      <Inscription>
        <SSIN>87122910761</SSIN>
        <Period>
          <BeginDate>2010-12-22</BeginDate>
        </Period>
      </Inscription>
    </q1:SearchBySSINRequest>
  </s:Body>
</s:Envelope>}

Normaly Header (My App .Net 2.0 & WSE 3.0):

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://ehealth.fgov.be/consultRN/identifyPerson/phoneticSearch/searchurn:uuid:d1bf3499-ee43-4aba-b0e4-981570f1126ehttp://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymoushttp://ehealth.fgov.be/consultRN/identifyPerson/phoneticSearchhttp://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><soap:Header><wsa:Action>http://ehealth.fgov.be/consultRN/identifyPerson/phoneticSearch/search</wsa:Action><wsa:MessageID>urn:uuid:d1bf3499-ee43-4aba-b0e4-981570f1126e</wsa:MessageID><wsa:ReplyTo><wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address></wsa:ReplyTo><wsa:To>http://ehealth.fgov.be/consultRN/identifyPerson/phoneticSearch</wsa:To><wsse:Security soap:mustUnderstand="1"><wsu:Timestamp wsu:Id="Timestamp-445daa1b-d3a0-4eeb-b0ea-7f422a8cac78"><wsu:Created>2010-12-07T14:23:40Z</wsu:Created><wsu:Expires>2010-12-07T14:28:40Z</wsu:Expires></wsu:Timestamp><wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-7c9eedcb-7380-4856-9fb3-0d9b6135251e">....</wsse:BinarySecurityToken><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><Reference URI="#SecurityToken-7c9eedcb-7380-4856-9fb3-0d9b6135251e"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>21MZIoDXqMGdZVaClgqZQx/fulE=</DigestValue></Reference><Reference URI="#Timestamp-445daa1b-d3a0-4eeb-b0ea-7f422a8cac78"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>8GeBpCseqHiX1H1LhYOnzaw6Ds0=</DigestValue></Reference><Reference URI="#Id-df89f2fc-606c-485b-9a0b-c5ebd32516cd"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>rFwCif8qLxjQBGkWqELTUkxE58A=</DigestValue></Reference></SignedInfo><SignatureValue>...</SignatureValue><KeyInfo><wsse:SecurityTokenReference><wsse:Reference URI="#SecurityToken-7c9eedcb-7380-4856-9fb3-0d9b6135251e" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" /></wsse:SecurityTokenReference></KeyInfo></Signature></wsse:Security></soap:Header><soap:Body wsu:Id="Id-df89f2fc-606c-485b-9a0b-c5ebd32516cd"><SearchPhoneticRequest xmlns="urn:be:fgov:ehealth:consultRN:1_0:protocol"><Organisation xmlns=""><Id>0419920423</Id><Type>CBE</Type><SubType /></Organisation><ApplicationID xmlns="" /><PhoneticCriteria xmlns=""><LastName>sc</LastName><FirstName /><BirthDate>19870101</BirthDate><Tolerance>2</Tolerance><Maximum>0</Maximum></PhoneticCriteria></SearchPhoneticRequest></soap:Body></soap:Envelope>

 

 

Coordinator
Dec 23, 2010 at 10:16 AM

De security header wordt pas op het allerlaaste bijgevoed in WCF.  Als je de test run zal je een "Traces.svclog" bestand vinden (TestResults folder).  Dit beval alle requesten met en zonder handtekening (het is de met die verstuurd wordt)

Bij het origineel voorbeeld resulteerd dit in:

 

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<ActivityId CorrelationId="bae82923-fc9a-4468-8e62-e219d69131cb" xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics">afa7587b-88d7-4809-849d-10aaa1e56112</ActivityId>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<!-- snip -->
</o:Security>
</s:Header>
<s:Body u:Id="_1">
<q1:SearchBySSINRequest xmlns:q1="urn:be:fgov:ehealth:consultRN:1_0:protocol">
<ApplicationID xmlns="">YourID</ApplicationID>
<Inscription xmlns="">
<SSIN>79021802145</SSIN>
<Period>
<BeginDate>2010-12-21</BeginDate>
</Period>
</Inscription>
</q1:SearchBySSINRequest>
</s:Body>
</s:Envelope>

Er zijn een paar dingen niet kloppen met je request

  • Volgens de doc is organizatie nog niet ondersteunt (dient voor mandaten in de toekomst)
  • Je applicatie ID is leeg (niet dat je het hier moet publiceren, maar het moet wel naar eHealth opgestuurd worden)
  • de xmlns="" is wel degelijk verplicht en is bij jouw niet aanwezig (waarschijnlijk het gevolgd van de manier waarop je de logging gedaan hebt)

 

Dec 23, 2010 at 3:18 PM

Dit is mijn bericht:

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Header>
<Action s:mustUnderstand="1" xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none">http://ehealth.fgov.be/consultRN/identifyPerson/searchPersonBySSIN/search</Action>
<ActivityId CorrelationId="d1b0d006-f4f2-4e4f-97c1-96cb921e86d0" xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics">b8ccd8b4-5e42-4cc9-abbb-eb9984bbc37a</ActivityId>
<VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink"></VsDebuggerCausalityData>
</s:Header>
<s:Body>
<q1:SearchBySSINRequest xmlns:q1="urn:be:fgov:ehealth:consultRN:1_0:protocol">
<Organisation xmlns="">
<Id>0419920423</Id>
<Type>CBE</Type>
<SubType></SubType>
</Organisation>
<ApplicationID xmlns="">....</ApplicationID>
<Inscription xmlns="">
<SSIN>....</SSIN>
<Period>
<BeginDate>2010-12-22</BeginDate>
</Period>
</Inscription>
</q1:SearchBySSINRequest>
</s:Body>
</s:Envelope>

Krijg nog steeds de foutmelding 



Maar wat ik niet zie is:

- Timestamp in security header

En dan voor de security, in de documentatie:

- Time to live op bericht : 1 minuut
- Signature op timestamp, body en binaire security token
- geen encriptie

Coordinator
Dec 24, 2010 at 10:11 AM

Kan je de ganse "Traces.svclog" files eens opsturen via mail?  Ik stuur je mijn e-mail via codeplex message...

Feb 21, 2011 at 3:00 PM

Volgens eHealth is het volgende verkeerd:

<searchRequest xmlns="">
<SearchBySSINRequest>

Dit zou het volgende moeten zijn:

<consultRN:SearchBySSINRequest xmlns:consultRN="urn:be:fgov:ehealth:consultRN:1_0:protocol">

Coordinator
Feb 21, 2011 at 3:08 PM

Beste,

Ik zie al wat ze doen, ze splitsen het xml op en parsen het "SearchBySSINRequest" apart als "unqualified".  Hun WSDL/XSD is niet compliant hiermee, zal het proberen deze avond nog aan te passen.

Mvg,
Bryan. 

Coordinator
Feb 21, 2011 at 5:53 PM

Beste,

Ik heb eens in detail gekeken, en de client zou normaal geen "searchRequest" moeten genereren.  Zoals je zelf ziet is dit element niet aanwezig bij je trace van 23/dec.

Je mag altijd je project opsturen naar mijn e-mail en ik zal kijken wat er eventueel mis is.

Mvg,
Bryan. 

Feb 22, 2011 at 10:31 AM

Heb je zonet het project doorgemaild.

Coordinator
Feb 22, 2011 at 7:58 PM

Beste,

Het probleem was in de aanpassingen van client.  Om zulke problemen te vermijden in de toekomst heb ik een RN-Client module voorzien (zie download secties).  De RN-example toont hoe je het kan gebruiken.

Moest je vragen/problemen hebben, post je die maar hier.

Mvg,
Bryan