gematik / ref-idp-server Goto Github PK

Hello,

Would it be possible to add support for arm64 builds? Currently the docker images are only available as amd64, which decreases the performance on Apple Silicon computers.

Thank you.

[ERROR] Failed to execute goal io.fabric8:docker-maven-plugin:0.34.1:build (default) on project idp-server: Configured Dockerfile "/Users/chris/Entwicklung/DEOS/E-Rezept/ref-idp-server/idp-server/target/tmpdocker/Dockerfile" (resolved to "/Users/chris/Entwicklung/DEOS/E-Rezept/ref-idp-server/idp-server/target/tmpdocker/Dockerfile") doesn't exist -> [Help 1]

macOS 11.6
openjdk 11.0.2
Apache Maven 3.8.2
Docker version 20.10.8, build 3967b7d

Any hints?

I'm aware of the ability to add the necessary ti-messenger related scopes to the idp-server's application.yml, yet I can't find any documentation/details on how to add a clientId to the idp-server to authenticate for.

Digging through the source code and debugging the incoming requests (like following the clientId lookup) did not help (but maybe I missed something?).

Is there a way to add a custom clientId for local development?

(Maybe @RStaeber can point me in the right direction)

Hello,
we are going to use the central IDP to authenticate doctors based on their HBA and SMCB cards.
As a preliminary work, we look at the reference implementation of the IDP and have a few questions and comments about it:

1. Can you please provide the .puml files as pictures?
2. Is there a communication with the Authenticator App or is this omitted?
   From the workflow-base.puml it looks like that the IDP is called from the Authenticator app and not directly from our application. Or is the phrase Authenticator in the diagram misleading.
   If not, how can we start the process via the Authenticator?
3. What is the reason behind the regex for the state query parameter?
   E.g. Keycloak passes CAJ6m-Dqt01-WTPyBIY0JwIW_DlxOaAhRof9wuH-UPs.zB7aqDc2-2U.account-console which doesn't match the regex.
4. In your documentation Java 11 is mentioned, but Java 17 is mandatory since v21.0.0

Best regards

Hi,

please add all supported scopes of the reference environment:

"scopes_supported": [
    "openid",
    "e-rezept",
    "e-rezept-dev",
    "fh-fokus-demis",
    "fhir-vzd",
    "gem-auth",
    "pairing",
    "rpdoc-emma",
    "zvr-bnotk"
  ]

Thank you

The project ref-GemLibPki is producing version 0.2.0. In the pom.xml a version 0.2.1-73 is referenced. After fixing in pom.xml to 0.2.0 it compiles.

Instances of java.util.Random are not cryptographically secure. Consider instead using SecureRandom to get a cryptographically secure pseudo-random number generator for use by security-sensitive applications.

Hi,

I started the IDP-Server and called http://localhost:8080/.well-known/openid-configuration
This returned
{"error":"server_error","gematik_code":"-1","gematik_timestamp":1659604593,"gematik_uuid":"8780af68-47fd-4ea2-8392-fd1e2ad671dc","gematik_error_text":"Ein Fehler ist aufgetreten"}
I started debugging and found out, that Curves are not supported by jose4j.

org.jose4j.lang.JoseException: Problem creating signature.
java.security.SignatureException: Curve not supported: org.bouncycastle.jce.spec.ECNamedCurveSpec@36aff3cd
0 = {StackTraceElement@17217} "org.jose4j.jws.BaseSignatureAlgorithm.sign(BaseSignatureAlgorithm.java:89)"
1 = {StackTraceElement@17218} "org.jose4j.jws.EcdsaUsingShaAlgorithm.sign(EcdsaUsingShaAlgorithm.java:67)"
2 = {StackTraceElement@17219} "org.jose4j.jws.JsonWebSignature.sign(JsonWebSignature.java:217)"
3 = {StackTraceElement@17220} "org.jose4j.jws.JsonWebSignature.getCompactSerialization(JsonWebSignature.java:144)"
4 = {StackTraceElement@17221} "de.gematik.idp.authentication.IdpJwtProcessor.buildJws(IdpJwtProcessor.java:97)"

Did I missed some configuration or how should it work?

According to the .gitignore, it looks like there is already a running docker-compose setup given in your internal environment.

It would be great if there is a way to share this setup and allow a simple and easy local development and testing environment for everyone.