Creating a process in the clearing house client relies on the consumerId and providerId of a contractAgreement. In MDS EDC 7.x.x (based on EDC 0.2.1), these values are erroneously set with the participantId (BPN). Consequently, the clearing house server's EDC reads the subject (sub) of the DAT to set as client_id in the generated JWT for the clearing house server app. However, the sub of the DAT remains the SKI/AKI, leading to an authentication issue where specified connectors as owners cannot log (not authorized) to the clearing house server.
Proposed Solution:
To resolve this issue, the clearing house server's EDC should utilize the field referringConnector instead of the subject from the DAT when setting client_id in the generated JWT.
schoenenberg
commented
6 months ago
Issue:
Creating a process in the clearing house client relies on the
consumerIdandproviderIdof acontractAgreement. In MDS EDC 7.x.x (based on EDC 0.2.1), these values are erroneously set with theparticipantId(BPN). Consequently, the clearing house server's EDC reads thesubject(sub) of the DAT to set asclient_idin the generated JWT for the clearing house server app. However, the sub of the DAT remains the SKI/AKI, leading to an authentication issue where specified connectors as owners cannot log (not authorized) to the clearing house server.Proposed Solution:
To resolve this issue, the clearing house server's EDC should utilize the field
referringConnectorinstead of the subject from the DAT when settingclient_idin the generated JWT.