zorgplatform

package

v0.0.0-...-b25efb6 Latest Latest Go to latest Published: Jan 31, 2025 License: GPL-3.0 Imports: 34 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/SanteonNL/orca

README ¶

Zorgplatform SSO Launch

Launch implementation according to the Zorgplatform/Chipsoft SSO specs

Access via local deployment

az login

configure the kv values, e.g:

{
"ORCA_CAREPLANCONTRIBUTOR_APPLAUNCH_ZORGPLATFORM_ENABLED": "true",
"ORCA_CAREPLANCONTRIBUTOR_APPLAUNCH_ZORGPLATFORM_SIGN_ISS": "<iss>", //The hl7 oid of the care organization configured in Zorgplatform
"ORCA_CAREPLANCONTRIBUTOR_APPLAUNCH_ZORGPLATFORM_SIGN_AUD": "<aud>", //The STS URL
"ORCA_CAREPLANCONTRIBUTOR_APPLAUNCH_ZORGPLATFORM_DECRYPT_ISS": "<iss>", //The STS URL
"ORCA_CAREPLANCONTRIBUTOR_APPLAUNCH_ZORGPLATFORM_DECRYPT_AUD": "<aud>", //The service URL configured in Zorgplatform
"ORCA_CAREPLANCONTRIBUTOR_APPLAUNCH_ZORGPLATFORM_DECRYPT_SIGNCERT": "<pem_certificate>", // A PEM-formatted X.509 certificate used to verify signatures provided by Zorgplatform. Should retain newlines, e.g. "-----BEGIN CERTIFICATE-----\nMIIGpTC...SIuTjA==\n-----END CERTIFICATE-----",
"ORCA_CAREPLANCONTRIBUTOR_APPLAUNCH_ZORGPLATFORM_BASEURL": "<url>", //https://zorgplatform.online OR https://acceptatie.zorgplatform.online
"ORCA_CAREPLANCONTRIBUTOR_APPLAUNCH_ZORGPLATFORM_STSURL": "<url>", //https://zorgplatform.online/sts OR https://acceptatie.zorgplatform.online/sts
"ORCA_CAREPLANCONTRIBUTOR_APPLAUNCH_ZORGPLATFORM_APIURL": "<url>", //https://api.zorgplatform.online/fhir/V1/ OR https://api.acceptatie.zorgplatform.online/fhir/V1/
"ORCA_CAREPLANCONTRIBUTOR_APPLAUNCH_ZORGPLATFORM_AZURE_KEYVAULT_URL": "<url>", //The URL of the Azure KeyVault to use
"ORCA_CAREPLANCONTRIBUTOR_APPLAUNCH_ZORGPLATFORM_AZURE_CREDENTIALTYPE": "<type>", //The Azure credential type, "default", "cli" or "managed_identity"
"ORCA_CAREPLANCONTRIBUTOR_APPLAUNCH_ZORGPLATFORM_AZURE_KEYVAULT_DECRYPTCERTNAME": "<certname>", //Name of the KV decrypt certificate (used to decrypt assertions that are received from Zorgplatform)
"ORCA_CAREPLANCONTRIBUTOR_APPLAUNCH_ZORGPLATFORM_AZURE_KEYVAULT_SIGNCERTNAME": "<certname>", //Name of the KV signing certificate (used to sign assertions that wil be sent to Zorgplatform)
"ORCA_CAREPLANCONTRIBUTOR_APPLAUNCH_ZORGPLATFORM_AZURE_KEYVAULT_CLIENTCERTNAME": "<certname>", //Name of the KV client certificate (used to set up mTLS with Zorgplatform)
}

Documentation ¶

Index ¶

Constants
func FormatXSDDateTime(t time.Time) string
func GetCurrentXSDDateTime() string
type AzureConfig
type AzureKeyVaultConfig
type Config
- func DefaultConfig() Config
type DecryptConfig
type LaunchContext
type RsaOaepXmlSuite
- func (e RsaOaepXmlSuite) Algorithm() string
- func (e RsaOaepXmlSuite) Decrypt(key interface{}, ciphertextEl *etree.Element) ([]byte, error)
type SecureTokenService
type Service
- func New(sessionManager *user.SessionManager, config Config, baseURL string, ...) (*Service, error)
type SigningConfig
type TokenType
type X509FileConfig

Constants ¶

View Source

const HIX_LOCALUSER_SYSTEM = "https://www.cwz.nl/hix-user"

View Source

const HIX_ORG_OID_SYSTEM = "https://www.cwz.nl/hix-org-oid"

Variables ¶

This section is empty.

Functions ¶

func FormatXSDDateTime ¶

func FormatXSDDateTime(t time.Time) string

func GetCurrentXSDDateTime ¶

func GetCurrentXSDDateTime() string

Types ¶

type AzureConfig ¶

type AzureConfig struct {
	KeyVaultConfig AzureKeyVaultConfig `koanf:"keyvault"`
	CredentialType string              `koanf:"credentialtype"`
}

type AzureKeyVaultConfig ¶

type AzureKeyVaultConfig struct {
	KeyVaultURL     string `koanf:"url"`
	DecryptCertName string `koanf:"decryptcertname"`
	SignCertName    string `koanf:"signcertname"`
	ClientCertName  string `koanf:"clientcertname"`
	AllowInsecure   bool   `koanf:"allowinsecure"`
}

type Config ¶

type Config struct {
	Enabled            bool          `koanf:"enabled"`
	ApiUrl             string        `koanf:"apiurl"`             //The FHIR API URL
	StsUrl             string        `koanf:"stsurl"`             //The SAML STS URL
	BaseUrl            string        `koanf:"baseurl"`            //The base URL of zorgplatform, can be either their acc or prd URL
	SAMLRequestTimeout time.Duration `koanf:"samlrequesttimeout"` //The timeout for the SAML request, e.g. 10s, 100ms etc
	SigningConfig      SigningConfig `koanf:"sign"`
	DecryptConfig      DecryptConfig `koanf:"decrypt"`
	TaskPerformerUra   string        `koanf:"taskperformerura"`

	AzureConfig    AzureConfig    `koanf:"azure"`
	X509FileConfig X509FileConfig `koanf:"x509"`
}

func DefaultConfig ¶

func DefaultConfig() Config

type DecryptConfig ¶

type DecryptConfig struct {
	Issuer      string `koanf:"iss"`
	Audience    string `koanf:"aud"`
	SignCertPem string `koanf:"signcertpem"`
}

type LaunchContext ¶

type LaunchContext struct {
	Bsn              string
	SubjectNameId    string
	Practitioner     fhir.Practitioner
	PractitionerRole fhir.PractitionerRole
	ServiceRequest   fhir.ServiceRequest
	WorkflowId       string
}

type RsaOaepXmlSuite ¶

type RsaOaepXmlSuite struct {
}

RsaOaepXmlSuite is a xmlenc.Decrypter that can decrypt using RSA-OAEP-MGF1P, with a potentially external key.

func (RsaOaepXmlSuite) Algorithm ¶

func (e RsaOaepXmlSuite) Algorithm() string

func (RsaOaepXmlSuite) Decrypt ¶

func (e RsaOaepXmlSuite) Decrypt(key interface{}, ciphertextEl *etree.Element) ([]byte, error)

type SecureTokenService ¶

type SecureTokenService interface {
	RequestAccessToken(ctx context.Context, launchContext LaunchContext, tokenType TokenType) (string, error)
}

type Service ¶

type Service struct {
	// contains filtered or unexported fields
}

func New ¶

func New(sessionManager *user.SessionManager, config Config, baseURL string, frontendLandingUrl *url.URL, profile profile.Provider) (*Service, error)

func (*Service) EhrFhirProxy ¶

func (s *Service) EhrFhirProxy() coolfhir.HttpProxy

func (*Service) RegisterHandlers ¶

func (s *Service) RegisterHandlers(mux *http.ServeMux)

func (*Service) RequestAccessToken ¶

func (s *Service) RequestAccessToken(ctx context.Context, launchContext LaunchContext, tokenType TokenType) (string, error)

RequestAccessToken generates the SAML assertion, signs it, sends the SOAP request to the Zorgplatform STS and teturns the SAML access token

type SigningConfig ¶

type SigningConfig struct {
	Issuer   string `koanf:"iss"`
	Audience string `koanf:"aud"`
}

type TokenType ¶

type TokenType struct {
	Subject      func(element *etree.Element, launchContext *LaunchContext, applicationIssuer string)
	Role         func(element *etree.Element)
	PurposeOfUse func(element *etree.Element)
}

type X509FileConfig ¶

type X509FileConfig struct {
	DecryptCertFile string `koanf:"decryptcertfile"`
	ClientCertFile  string `koanf:"clientcertfile"`
	SignCertFile    string `koanf:"signcertfile"`
	SignKeyFile     string `koanf:"signkeyfile"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL