search

ministero-salute / it-fse-support

https://ministero-salute.github.io/it-fse-support/
34 stars 20 forks source link

TokenAuthenticationFailed #1054

Closed ppalmerini closed 2 weeks ago

ppalmerini commented 3 weeks ago

Buongiorno, a seguito di molteplici tentativi di inviare una richiesta di creazione all'endpoint https://modipa-val.fse.salute.gov.it/govway/rest/in/FSE/gateway/v1/documents

usando il seguente json come requestBody e inserendo un pdf CDA2 correttamente validato { "administrativeRequest": [ "SSN" ], "assettoOrganizzativo": "AD_PSC001", "attiCliniciRegoleAccesso": [ "P99" ], "dataFinePrestazione": "20141020110012", "dataInizioPrestazione": "20141020110012", "descriptions": [ "019655^Bentelan^2.16.840.1.113883.2.9.6.1.5" ], "healthDataFormat": "CDA", "identificativoDoc": "2.16.840.1.113883.2.9.2.120.4.5.1", "identificativoRep": "2.16.840.1.113883.2.9.2.120.4.5.1", "identificativoSottomissione": "2.16.840.1.113883.2.9.2.120.4.3.489593", "mode": "ATTACHMENT", "priorita": true, "tipoAttivitaClinica": "CON", "tipoDocumentoLivAlto": "REF", "tipologiaStruttura": "Territorio", "workflowInstanceId": "2.16.840.1.113883.2.9.2.50.4.4.5721bf93cd748cc87970b5f6ed060c83e2a7d980256096ab332a03bc16d146e8.ca5a81f159^^^^urn:ihe:iti:xdw:2013:workflowInstanceId" } otteniamo sistematicamente questo errore

{ "detail": "Invalid token", "govway_id": "c3252d29-80c9-11ef-a6bf-005056ae7395", "status": 401, "title": "TokenAuthenticationFailed", "type": "https://govway.org/handling-errors/401/TokenAuthenticationFailed.html" }

Rimaniamo in attesa di vostro riscontro

vigliottim commented 3 weeks ago

Buonasera, analizzando i log della chiamata sono emersi i seguenti errori:

  1. Il processo di parsing del campo x5c non è stato concluso con successo. image image

  2. Il claim iss dell'Authorization Bearer Token è errato:

    image

Esso dovrebbe essere valorizzato con auth: seguito dal common name del certificato di firma (S1#050#REGIONEVENETOTEST).

La invitiamo a riprovare dopo aver rigenerato i token e averli validati usando, ad esempio, il tool online https://jwt.io/. Rimaniamo a disposizione nel caso in cui il problema non dovesse risolversi.

ppalmerini commented 3 weeks ago

Abbiamo riprovato secondo le indicazioni ma ancora otteniamo un errore: { "type": "https://govway.org/handling-errors/401/TokenAuthenticationFailed.html", "title": "TokenAuthenticationFailed", "status": 401, "detail": "Invalid token", "govway_id": "a826b124-855f-11ef-a6bf-005056ae7395" } E' possibile avere ancora un vostro riscontro? Grazie

vigliottim commented 3 weeks ago

Buon pomeriggio, decodificando i due token con il tool online jwt.io, si può notare che essi non risultano validi (è presente una stringa inattesa nel claim x5c):

Authorization Bearer Token:

image

FSE-JWT-Signature Token:

image

Qualora non lo stesse già utilizzando, le suggeriamo di ricorrere al tool jwt-generator per la generazione dei token. Rimaniamo a disposizione in caso avesse bisogno di ulteriori chiarimenti. Grazie.

ppalmerini commented 3 weeks ago

In quest'altra transazione jwt.io valida entrambi i token, ma ancora otteniamo lo stesso errore. { "detail": "Invalid token", "govway_id": "535ebeaa-8584-11ef-a6bf-005056ae7395", "status": 401, "title": "TokenAuthenticationFailed", "type": "https://govway.org/handling-errors/401/TokenAuthenticationFailed.html" } Attendiamo un vostro gentile riscontro

LucaRogledi commented 3 weeks ago

Buongiorno, Dalle analisi tramite jwt.io sui token utilizzati per questa chiamata:

{ "detail": "Invalid token", "govway_id": "535ebeaa-8584-11ef-a6bf-005056ae7395", "status": 401, "title": "TokenAuthenticationFailed", "type": "https://govway.org/handling-errors/401/TokenAuthenticationFailed.html" }

risulta che i token di bearer e signature abbiano firma non valida. Evidenziamo caratteri extra presenti nel campo x5c che andrebbero rimossi :

-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----

Bearer image

Signature image

Rimaniamo a disposizione in caso avesse bisogno di ulteriori chiarimenti. Grazie.

ppalmerini commented 3 weeks ago

Buonasera, dovremmo aver risolto questo impasse, l'errore però è ancora presente: { "detail": "Invalid token", "govway_id": "44acb81d-8645-11ef-b8bd-005056ae54fa", "status": 401, "title": "TokenAuthenticationFailed", "type": "https://govway.org/handling-errors/401/TokenAuthenticationFailed.html" } In attesa di un vostro riscontro, grazie

vigliottim commented 3 weeks ago

Buonasera, analizzando i log della sua ultima chiamata, si legge il seguente errore: image Può gentilmente confermarci che per la generazione dei token state utilizzando il tool jwt-generator messo a disposizione sul portale? Grazie.

ppalmerini commented 3 weeks ago

Non stiamo usando il jwt-generator perchè pare abbia prodotto le stringhe non attese nel campo x5c. Il metodo che stiamo utilizando crea dei jwt che passano la validazione su jwt.io Allego i jwt che inviamo nell'ultima richiesta inviata:

Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsIng1YyI6WyJNSUlGY1RDQ0ExbWdBd0lCQWdJVUlhZlpoeHMyMmx3NjZNTS9QUGRxNUFJS2tXUXdEUVlKS29aSWh2Y05BUUVMQlFBd1Z6RW5NQ1VHXG5BMVVFQXd3ZVEwRWdUV2x1YVhOMFpYSnZJR1JsYkd4aElGTmhiSFYwWlNCVVpYTjBNUjh3SFFZRFZRUUtEQlpOYVc1cGMzUmxjbThnXG5aR1ZzYkdFZ1UyRnNkWFJsTVFzd0NRWURWUVFHRXdKSlZEQWVGdzB5TkRBNE1qQXhOVFF5TUROYUZ3MHlOekE0TWpFeE5UUXlNREphXG5NSEl4Q3pBSkJnTlZCQVlUQWtsVU1SOHdIUVlEVlFRS0RCWk5hVzVwYzNSbGNtOGdaR1ZzYkdFZ1UyRnNkWFJsTVI4d0hRWURWUVJoXG5EQlpEUmpwSlZDMVFVazlXUVZnd01GZ3dNRmd3TURCWk1TRXdId1lEVlFRRERCaFRNU013TlRBalVrVkhTVTlPUlZaRlRrVlVUMVJGXG5VMVF3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRFdqd3BtVDlVVVdtZUdxVTIrRzdQcmRXU2xHTm1xXG5xeVlkQy9rWHVKeGllUStoVkNPa3cwNWZ0Z0Ivelkxd3RBTkNaVDU2RFFhVElkc29RRWJ2RjdIMmx2RzZ4YlNkNEFJUDMreUtyVzFiXG5CdWxjcnltSU53RENWYjZubktoV0N6S0tPK2k1NjNvRmoxWEM3b2c0WXlYNmYzQjJFMnJxU1JtRWNtTyswNUpiRENkSDZzUVNqbS91XG5MOVpUVElISlVoNU5TRDFMZzJFTmQvM0xZbmxLb2NaaUdSK2tSMWc4MFdTQkpDY0dWT0gwZFRVVUx2bU94WC8xNzdVNTB3dVNJb290XG5rbnFnRjJFUnBZaGx4Y0FCaUVRekVYSUw5NHpLYW1aUnZoSUMwRW9BWUl2VVNFNFRhQ2k1cTY0MmZNVWYyTGZzaVRMRXUwd1ZRZmxiXG5CUDZDbTNYTkFnTUJBQUdqZ2dFWU1JSUJGREFmQmdOVkhTTUVHREFXZ0JRV09ha2FCWW0zRHkyeU5lM0NDWnJGQTRNaVB6QVNCZ05WXG5IU0FFQ3pBSk1BY0dCU3RNSFFFTE1JR3RCZ05WSFI4RWdhVXdnYUl3Z1orZ2daeWdnWm1HZ1pab2RIUndjem92TDJOaGMyOW5aV2x6XG5kbWxzTG5OdloyVnBMbWwwTDJWcVltTmhMM0IxWW14cFkzZGxZaTkzWldKa2FYTjBMMk5sY25Sa2FYTjBQMk50WkQxamNtd21hWE56XG5kV1Z5UFVOT0pUTkVRMEVyVFdsdWFYTjBaWEp2SzJSbGJHeGhLMU5oYkhWMFpTdFVaWE4wSlRKRFR5VXpSRTFwYm1semRHVnlieXRrXG5aV3hzWVN0VFlXeDFkR1VsTWtOREpUTkVTVlF3SFFZRFZSME9CQllFRkozZFZqc0d3QXRKSGxkcC9wT09mVUpZeEM3Zk1BNEdBMVVkXG5Ed0VCL3dRRUF3SUdRREFOQmdrcWhraUc5dzBCQVFzRkFBT0NBZ0VBeUdOdUtLQVkvbnNDUkxNL0tsMlpYSmN6dXJic3R4K0IrMjFMXG5yOGM0N1E4amxxV1JnR3FvWWVtNGRLWTZ0Z3ZtN2s2SEt5TGpZRVJVWHhCZVdRZkJFRzNkblhnM29kalU5LzdPMklON0llcEJmTStsXG44c2ZPSllPeTQ0bWFSV1Y5LzZXT0FMVkovenFjRG1WWktaNnM0RXZMR3N3QkRERk9ldVplbEVEVExENjhYUExyTm01RFNRdEczUnpJXG5pVkwxNFgrOElHR3I5Vy9aaGExaDVYYytFKzRQOGVkOUtJMVJKb3FESDhrbzQ1VjV1c0QvVUF5cHZkU1cyUU9MQjZWdlNyUkhrL3cwXG5GeUorOXhTRFBQSlYvVytmaXFGUjZpNzMzNWU3M2dOblVqR1RlZW1VTW84NTVMdFlmQXI0WjN2TTBTYmpGaWFkZ2phQngvY0RmdnRZXG5DS3EvMlI1WDFjUkpYS3k3cE9XeXZNQm5jQW92ZTZDWTY1SS9wTHhVZGxrMTgvRm9OWjJMSDhKaDNueHIycCtBWHNnUkVIMTF4UVNkXG5NWFRLOXVnYldxM1o3ek40aUEvUTdMRXVucmpBdFV2dFhHUllPN3BFR2R5Y2pUdEJkYkxPcHpWVjNCT2ExaFRRcVlKUWhwLzMzYTErXG45VzFWVkkxQlhvSEFCbVJPRCtzWGlWV0VDMEZoR2lVZmFPUzVBbDBQcUtQVlJwZTkyTm1yNmRRY3IzSVh3SDdWcE9kR2hwbUlwSzF4XG5WMWFETXhhbTdzRDg0ZHM4cXZRNzhzWklhdTBSMmE4bjhyVElKZ0VBbk1wOGNnRHpNeFpLQ2tHcm91eFlCTnRISm90T0Izek4vMG5EXG5BWXhSQjBaT0E3bURnb1NnaExhQ0xvTWRqakxuMUhRYUlLVmE5YWs9Il19.eyJqdGkiOiI3OTE4QzM4Ny04NkY2LTExRUYtOTIwMy0wMDUwNTZCNjNGMEEiLCJpc3MiOiJhdXRoOlMxIzA1MCNSRUdJT05FVkVORVRPVEVTVCIsInN1YiI6IlNRVFBSVjgwQTU0STc5OVReXl4mMi4xNi44NDAuMS4xMTM4ODMuMi45LjQuMy4yJklTTyIsImV4cCI6MTcyODU3NTg2MiwiaWF0IjoxNzI4NTU3ODYyLCJhdWQiOiJodHRwczovL21vZGlwYS12YWwuZnNlLnNhbHV0ZS5nb3YuaXQvZ292d2F5L3Jlc3QvaW4vRlNFL2dhdGV3YXkvdjEifQ.xrAaIRQuSQG6KZ9zwGKcdh6cAJNHjlV0ue18kWegO1qzzSzx2XApFYql3rtNrthqf9xhWyxvT4XzVGv0d0-NMBeLGbgi91pYPp9I6swT4MOp7GI1aNs-STBXsLucLabqGFtE4K-UtxF0Hqz7bT26ojitJrAkVDU5l2X-g26ZAVNsk9OvXgV95b0DxhKs04J3H5FrBaKfFx9ReVO0ydzLd8Z7fLPNjVmBjEKYyN_Ycmlt1zwJEgzSvnXT1puWRu3yOU1NIWZSeFcUi5t0yxneYMUj3jDKlsFGTfIDa927SxFQC3qKaNytQ1Sbz5608ZKTBQ_VD23bHOmGzarAbFUpgg eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsIng1YyI6WyJNSUlGY1RDQ0ExbWdBd0lCQWdJVUlhZlpoeHMyMmx3NjZNTS9QUGRxNUFJS2tXUXdEUVlKS29aSWh2Y05BUUVMQlFBd1Z6RW5NQ1VHXG5BMVVFQXd3ZVEwRWdUV2x1YVhOMFpYSnZJR1JsYkd4aElGTmhiSFYwWlNCVVpYTjBNUjh3SFFZRFZRUUtEQlpOYVc1cGMzUmxjbThnXG5aR1ZzYkdFZ1UyRnNkWFJsTVFzd0NRWURWUVFHRXdKSlZEQWVGdzB5TkRBNE1qQXhOVFF5TUROYUZ3MHlOekE0TWpFeE5UUXlNREphXG5NSEl4Q3pBSkJnTlZCQVlUQWtsVU1SOHdIUVlEVlFRS0RCWk5hVzVwYzNSbGNtOGdaR1ZzYkdFZ1UyRnNkWFJsTVI4d0hRWURWUVJoXG5EQlpEUmpwSlZDMVFVazlXUVZnd01GZ3dNRmd3TURCWk1TRXdId1lEVlFRRERCaFRNU013TlRBalVrVkhTVTlPUlZaRlRrVlVUMVJGXG5VMVF3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRFdqd3BtVDlVVVdtZUdxVTIrRzdQcmRXU2xHTm1xXG5xeVlkQy9rWHVKeGllUStoVkNPa3cwNWZ0Z0Ivelkxd3RBTkNaVDU2RFFhVElkc29RRWJ2RjdIMmx2RzZ4YlNkNEFJUDMreUtyVzFiXG5CdWxjcnltSU53RENWYjZubktoV0N6S0tPK2k1NjNvRmoxWEM3b2c0WXlYNmYzQjJFMnJxU1JtRWNtTyswNUpiRENkSDZzUVNqbS91XG5MOVpUVElISlVoNU5TRDFMZzJFTmQvM0xZbmxLb2NaaUdSK2tSMWc4MFdTQkpDY0dWT0gwZFRVVUx2bU94WC8xNzdVNTB3dVNJb290XG5rbnFnRjJFUnBZaGx4Y0FCaUVRekVYSUw5NHpLYW1aUnZoSUMwRW9BWUl2VVNFNFRhQ2k1cTY0MmZNVWYyTGZzaVRMRXUwd1ZRZmxiXG5CUDZDbTNYTkFnTUJBQUdqZ2dFWU1JSUJGREFmQmdOVkhTTUVHREFXZ0JRV09ha2FCWW0zRHkyeU5lM0NDWnJGQTRNaVB6QVNCZ05WXG5IU0FFQ3pBSk1BY0dCU3RNSFFFTE1JR3RCZ05WSFI4RWdhVXdnYUl3Z1orZ2daeWdnWm1HZ1pab2RIUndjem92TDJOaGMyOW5aV2x6XG5kbWxzTG5OdloyVnBMbWwwTDJWcVltTmhMM0IxWW14cFkzZGxZaTkzWldKa2FYTjBMMk5sY25Sa2FYTjBQMk50WkQxamNtd21hWE56XG5kV1Z5UFVOT0pUTkVRMEVyVFdsdWFYTjBaWEp2SzJSbGJHeGhLMU5oYkhWMFpTdFVaWE4wSlRKRFR5VXpSRTFwYm1semRHVnlieXRrXG5aV3hzWVN0VFlXeDFkR1VsTWtOREpUTkVTVlF3SFFZRFZSME9CQllFRkozZFZqc0d3QXRKSGxkcC9wT09mVUpZeEM3Zk1BNEdBMVVkXG5Ed0VCL3dRRUF3SUdRREFOQmdrcWhraUc5dzBCQVFzRkFBT0NBZ0VBeUdOdUtLQVkvbnNDUkxNL0tsMlpYSmN6dXJic3R4K0IrMjFMXG5yOGM0N1E4amxxV1JnR3FvWWVtNGRLWTZ0Z3ZtN2s2SEt5TGpZRVJVWHhCZVdRZkJFRzNkblhnM29kalU5LzdPMklON0llcEJmTStsXG44c2ZPSllPeTQ0bWFSV1Y5LzZXT0FMVkovenFjRG1WWktaNnM0RXZMR3N3QkRERk9ldVplbEVEVExENjhYUExyTm01RFNRdEczUnpJXG5pVkwxNFgrOElHR3I5Vy9aaGExaDVYYytFKzRQOGVkOUtJMVJKb3FESDhrbzQ1VjV1c0QvVUF5cHZkU1cyUU9MQjZWdlNyUkhrL3cwXG5GeUorOXhTRFBQSlYvVytmaXFGUjZpNzMzNWU3M2dOblVqR1RlZW1VTW84NTVMdFlmQXI0WjN2TTBTYmpGaWFkZ2phQngvY0RmdnRZXG5DS3EvMlI1WDFjUkpYS3k3cE9XeXZNQm5jQW92ZTZDWTY1SS9wTHhVZGxrMTgvRm9OWjJMSDhKaDNueHIycCtBWHNnUkVIMTF4UVNkXG5NWFRLOXVnYldxM1o3ek40aUEvUTdMRXVucmpBdFV2dFhHUllPN3BFR2R5Y2pUdEJkYkxPcHpWVjNCT2ExaFRRcVlKUWhwLzMzYTErXG45VzFWVkkxQlhvSEFCbVJPRCtzWGlWV0VDMEZoR2lVZmFPUzVBbDBQcUtQVlJwZTkyTm1yNmRRY3IzSVh3SDdWcE9kR2hwbUlwSzF4XG5WMWFETXhhbTdzRDg0ZHM4cXZRNzhzWklhdTBSMmE4bjhyVElKZ0VBbk1wOGNnRHpNeFpLQ2tHcm91eFlCTnRISm90T0Izek4vMG5EXG5BWXhSQjBaT0E3bURnb1NnaExhQ0xvTWRqakxuMUhRYUlLVmE5YWs9Il19.eyJqdGkiOiI3OTE5RTg4NC04NkY2LTExRUYtOTIwMy0wMDUwNTZCNjNGMEEiLCJpc3MiOiJpbnRlZ3JpdHk6UzEjMDUwI1JFR0lPTkVWRU5FVE9URVNUIiwibG9jYWxpdHkiOiJVTFNTIDIgTWFyY2EgVHJldmlnaWFuYV5eXl5eJjIuMTYuODQwLjEuMTEzODgzLjIuOS40LjEuMyZJU09eXl5eMDUwNTAyIiwic3ViIjoiR1JMTVNNNjBSMzFGNzcwWV5eXiYyLjE2Ljg0MC4xLjExMzg4My4yLjkuNC4zLjImSVNPIiwibmJmIjoxNzI4NTU3ODYyLCJleHAiOjE3Mjg1NzU4NjIsImlhdCI6MTcyODU1Nzg2MiwiYXVkIjoiaHR0cHM6Ly9tb2RpcGEtdmFsLmZzZS5zYWx1dGUuZ292Lml0L2dvdndheS9yZXN0L2luL0ZTRS9nYXRld2F5L3YxIiwic3ViamVjdF9vcmdhbml6YXRpb25faWQiOiIwNTAiLCJzdWJqZWN0X29yZ2FuaXphdGlvbiI6IlJlZ2lvbmUgVmVuZXRvIiwic3ViamVjdF9yb2xlIjoiQVBSIiwicGVyc29uX2lkIjoiU1FUUFJWODBBNTRJNzk5VF5eXiYyLjE2Ljg0MC4xLjExMzg4My4yLjkuNC4zLjImSVNPIiwicGF0aWVudF9jb25zZW50IjoidHJ1ZSIsInB1cnBvc2Vfb2ZfdXNlIjoiVFJFQVRNRU5UIiwicmVzb3VyY2VfaGw3X3R5cGUiOiIoJzYwNTkxLTVeXjIuMTYuODQwLjEuMTEzODgzLjYuMScpIiwiYWN0aW9uX2lkIjoiQ1JFQVRFIiwiYXR0YWNobWVudF9oYXNoIjoiMzU3OWUwODFmNDMyMjU5NDQxYjljYzExYzdjNTQ4NTM2NmU4MjE5M2Y5MDYxYTNjZjZlNDJmNDc1N2M4NGRiYyIsInN1YmplY3RfYXBwbGljYXRpb25faWQiOiJNRURJQ08yMDAwIiwic3ViamVjdF9hcHBsaWNhdGlvbl92ZW5kb3IiOiJNZWRpYXRlYyBJbmZvcm1hdGljYSBTLnIubC4iLCJzdWJqZWN0X2FwcGxpY2F0aW9uX3ZlcnNpb24iOiIwNi4xOCJ9.jepZZfC_WDhcrq33uF8t2iuVc_rB7sOD3WWp07wNUtGmKcER9Tfqj7U7nRwKsKruPoyvc5QuteRaA_CNJDIM4XUOzGHm-xlkuq-9F0ZFE-M9un3vrixU_mxaeK-Rry9ErMVRWydLcnPGOxBqyee_a5uelRCHE95na-0DQLc7c8Nkc3zKCz-8Oxf_59Y0oFvZkyhlGYTK470W-EOkig-4WK9AdlbYFaxDHt99QOVe5exk8Jb1c1nFJ-V5eqj5uPpLgLCajF8ec9d1uh2eXz8PXIXHlo8oQ0SPo6DxEoB_oFSfm6rPvyB2e4mkiBVC953-x7hwrWXqaz-2JarI6lo8fw

La risposta è sempre: {"type":"https://govway.org/handling-errors/401/TokenAuthenticationFailed.html","title":"TokenAuthenticationFailed","status":401,"detail":"Invalid token","govway_id":"72038460-86f4-11ef-a6bf-005056ae7395"}

Chiediamo ancora il vostro supporto, grazie

vigliottim commented 3 weeks ago

Buon pomeriggio, dall'analisi del token FSE-JWT-Signature è emersa la presenza di un campo errato indicato in figura:

image

La preghiamo di rimuoverlo e riprovare. Inoltre, la rimandiamo alla documentazione per consultare i campi che devono essere contenuti nei JWT: https://github.com/ministero-salute/it-fse-support/tree/main/doc/integrazione-gateway#131-campi-contenuti-nei-jwt Grazie.

ppalmerini commented 3 weeks ago

modificato secondo le vostre indicazioni, ancora non riusciamo a passare l'autenticazione {"type":"https://govway.org/handling-errors/401/TokenAuthenticationFailed.html","title":"TokenAuthenticationFailed","status":401,"detail":"Invalid token","govway_id":"db18589d-871a-11ef-a4d1-005056ae54fa"}

Bearer: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsIng1YyI6WyJNSUlGY1RDQ0ExbWdBd0lCQWdJVUlhZlpoeHMyMmx3NjZNTS9QUGRxNUFJS2tXUXdEUVlKS29aSWh2Y05BUUVMQlFBd1Z6RW5NQ1VHXG5BMVVFQXd3ZVEwRWdUV2x1YVhOMFpYSnZJR1JsYkd4aElGTmhiSFYwWlNCVVpYTjBNUjh3SFFZRFZRUUtEQlpOYVc1cGMzUmxjbThnXG5aR1ZzYkdFZ1UyRnNkWFJsTVFzd0NRWURWUVFHRXdKSlZEQWVGdzB5TkRBNE1qQXhOVFF5TUROYUZ3MHlOekE0TWpFeE5UUXlNREphXG5NSEl4Q3pBSkJnTlZCQVlUQWtsVU1SOHdIUVlEVlFRS0RCWk5hVzVwYzNSbGNtOGdaR1ZzYkdFZ1UyRnNkWFJsTVI4d0hRWURWUVJoXG5EQlpEUmpwSlZDMVFVazlXUVZnd01GZ3dNRmd3TURCWk1TRXdId1lEVlFRRERCaFRNU013TlRBalVrVkhTVTlPUlZaRlRrVlVUMVJGXG5VMVF3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRFdqd3BtVDlVVVdtZUdxVTIrRzdQcmRXU2xHTm1xXG5xeVlkQy9rWHVKeGllUStoVkNPa3cwNWZ0Z0Ivelkxd3RBTkNaVDU2RFFhVElkc29RRWJ2RjdIMmx2RzZ4YlNkNEFJUDMreUtyVzFiXG5CdWxjcnltSU53RENWYjZubktoV0N6S0tPK2k1NjNvRmoxWEM3b2c0WXlYNmYzQjJFMnJxU1JtRWNtTyswNUpiRENkSDZzUVNqbS91XG5MOVpUVElISlVoNU5TRDFMZzJFTmQvM0xZbmxLb2NaaUdSK2tSMWc4MFdTQkpDY0dWT0gwZFRVVUx2bU94WC8xNzdVNTB3dVNJb290XG5rbnFnRjJFUnBZaGx4Y0FCaUVRekVYSUw5NHpLYW1aUnZoSUMwRW9BWUl2VVNFNFRhQ2k1cTY0MmZNVWYyTGZzaVRMRXUwd1ZRZmxiXG5CUDZDbTNYTkFnTUJBQUdqZ2dFWU1JSUJGREFmQmdOVkhTTUVHREFXZ0JRV09ha2FCWW0zRHkyeU5lM0NDWnJGQTRNaVB6QVNCZ05WXG5IU0FFQ3pBSk1BY0dCU3RNSFFFTE1JR3RCZ05WSFI4RWdhVXdnYUl3Z1orZ2daeWdnWm1HZ1pab2RIUndjem92TDJOaGMyOW5aV2x6XG5kbWxzTG5OdloyVnBMbWwwTDJWcVltTmhMM0IxWW14cFkzZGxZaTkzWldKa2FYTjBMMk5sY25Sa2FYTjBQMk50WkQxamNtd21hWE56XG5kV1Z5UFVOT0pUTkVRMEVyVFdsdWFYTjBaWEp2SzJSbGJHeGhLMU5oYkhWMFpTdFVaWE4wSlRKRFR5VXpSRTFwYm1semRHVnlieXRrXG5aV3hzWVN0VFlXeDFkR1VsTWtOREpUTkVTVlF3SFFZRFZSME9CQllFRkozZFZqc0d3QXRKSGxkcC9wT09mVUpZeEM3Zk1BNEdBMVVkXG5Ed0VCL3dRRUF3SUdRREFOQmdrcWhraUc5dzBCQVFzRkFBT0NBZ0VBeUdOdUtLQVkvbnNDUkxNL0tsMlpYSmN6dXJic3R4K0IrMjFMXG5yOGM0N1E4amxxV1JnR3FvWWVtNGRLWTZ0Z3ZtN2s2SEt5TGpZRVJVWHhCZVdRZkJFRzNkblhnM29kalU5LzdPMklON0llcEJmTStsXG44c2ZPSllPeTQ0bWFSV1Y5LzZXT0FMVkovenFjRG1WWktaNnM0RXZMR3N3QkRERk9ldVplbEVEVExENjhYUExyTm01RFNRdEczUnpJXG5pVkwxNFgrOElHR3I5Vy9aaGExaDVYYytFKzRQOGVkOUtJMVJKb3FESDhrbzQ1VjV1c0QvVUF5cHZkU1cyUU9MQjZWdlNyUkhrL3cwXG5GeUorOXhTRFBQSlYvVytmaXFGUjZpNzMzNWU3M2dOblVqR1RlZW1VTW84NTVMdFlmQXI0WjN2TTBTYmpGaWFkZ2phQngvY0RmdnRZXG5DS3EvMlI1WDFjUkpYS3k3cE9XeXZNQm5jQW92ZTZDWTY1SS9wTHhVZGxrMTgvRm9OWjJMSDhKaDNueHIycCtBWHNnUkVIMTF4UVNkXG5NWFRLOXVnYldxM1o3ek40aUEvUTdMRXVucmpBdFV2dFhHUllPN3BFR2R5Y2pUdEJkYkxPcHpWVjNCT2ExaFRRcVlKUWhwLzMzYTErXG45VzFWVkkxQlhvSEFCbVJPRCtzWGlWV0VDMEZoR2lVZmFPUzVBbDBQcUtQVlJwZTkyTm1yNmRRY3IzSVh3SDdWcE9kR2hwbUlwSzF4XG5WMWFETXhhbTdzRDg0ZHM4cXZRNzhzWklhdTBSMmE4bjhyVElKZ0VBbk1wOGNnRHpNeFpLQ2tHcm91eFlCTnRISm90T0Izek4vMG5EXG5BWXhSQjBaT0E3bURnb1NnaExhQ0xvTWRqakxuMUhRYUlLVmE5YWs9Il19.eyJqdGkiOiIzQzBEQkNERi04NzFELTExRUYtOTIwMy0wMDUwNTZCNjNGMEEiLCJpc3MiOiJhdXRoOlMxIzA1MCNSRUdJT05FVkVORVRPVEVTVCIsInN1YiI6IlNRVFBSVjgwQTU0STc5OVReXl4mMi4xNi44NDAuMS4xMTM4ODMuMi45LjQuMy4yJklTTyIsImV4cCI6MTcyODU5MjUxMCwiaWF0IjoxNzI4NTc0NTEwLCJhdWQiOiJodHRwczovL21vZGlwYS12YWwuZnNlLnNhbHV0ZS5nb3YuaXQvZ292d2F5L3Jlc3QvaW4vRlNFL2dhdGV3YXkvdjEifQ.gciwdAiDdiNcvf3jnemoB3cj6HeTESyJZUK2H8wZOx21VFci4dzKuJQOnWmzg4ImK7R5z89erpw2bFjv249nalf3KoEb2A-BUS1h602FoJINb6Q4Z0WPDUTvRiv2XGACWctfxoYjujoBbQYkJiFkJZwHz8pAgmNfN5yK7dKmV8sNFNNMSmHqy8ZYuvQIh_m3L99y0wk1QPtGxLOyGjRBmJt4g26ZZiUrrcVl2TfkHFy6Hla12g3oeYLjYnQVQ9X8bXoXvd66nGk1QAEJlA-j-cc_SgJpY2KIH8dWDpFDH0ivDatWz0-lb4ANQygTlltnCN99c-C3oMc29PMKoMAQ

JWT-Signature eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsIng1YyI6WyJNSUlGY1RDQ0ExbWdBd0lCQWdJVUlhZlpoeHMyMmx3NjZNTS9QUGRxNUFJS2tXUXdEUVlKS29aSWh2Y05BUUVMQlFBd1Z6RW5NQ1VHXG5BMVVFQXd3ZVEwRWdUV2x1YVhOMFpYSnZJR1JsYkd4aElGTmhiSFYwWlNCVVpYTjBNUjh3SFFZRFZRUUtEQlpOYVc1cGMzUmxjbThnXG5aR1ZzYkdFZ1UyRnNkWFJsTVFzd0NRWURWUVFHRXdKSlZEQWVGdzB5TkRBNE1qQXhOVFF5TUROYUZ3MHlOekE0TWpFeE5UUXlNREphXG5NSEl4Q3pBSkJnTlZCQVlUQWtsVU1SOHdIUVlEVlFRS0RCWk5hVzVwYzNSbGNtOGdaR1ZzYkdFZ1UyRnNkWFJsTVI4d0hRWURWUVJoXG5EQlpEUmpwSlZDMVFVazlXUVZnd01GZ3dNRmd3TURCWk1TRXdId1lEVlFRRERCaFRNU013TlRBalVrVkhTVTlPUlZaRlRrVlVUMVJGXG5VMVF3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRFdqd3BtVDlVVVdtZUdxVTIrRzdQcmRXU2xHTm1xXG5xeVlkQy9rWHVKeGllUStoVkNPa3cwNWZ0Z0Ivelkxd3RBTkNaVDU2RFFhVElkc29RRWJ2RjdIMmx2RzZ4YlNkNEFJUDMreUtyVzFiXG5CdWxjcnltSU53RENWYjZubktoV0N6S0tPK2k1NjNvRmoxWEM3b2c0WXlYNmYzQjJFMnJxU1JtRWNtTyswNUpiRENkSDZzUVNqbS91XG5MOVpUVElISlVoNU5TRDFMZzJFTmQvM0xZbmxLb2NaaUdSK2tSMWc4MFdTQkpDY0dWT0gwZFRVVUx2bU94WC8xNzdVNTB3dVNJb290XG5rbnFnRjJFUnBZaGx4Y0FCaUVRekVYSUw5NHpLYW1aUnZoSUMwRW9BWUl2VVNFNFRhQ2k1cTY0MmZNVWYyTGZzaVRMRXUwd1ZRZmxiXG5CUDZDbTNYTkFnTUJBQUdqZ2dFWU1JSUJGREFmQmdOVkhTTUVHREFXZ0JRV09ha2FCWW0zRHkyeU5lM0NDWnJGQTRNaVB6QVNCZ05WXG5IU0FFQ3pBSk1BY0dCU3RNSFFFTE1JR3RCZ05WSFI4RWdhVXdnYUl3Z1orZ2daeWdnWm1HZ1pab2RIUndjem92TDJOaGMyOW5aV2x6XG5kbWxzTG5OdloyVnBMbWwwTDJWcVltTmhMM0IxWW14cFkzZGxZaTkzWldKa2FYTjBMMk5sY25Sa2FYTjBQMk50WkQxamNtd21hWE56XG5kV1Z5UFVOT0pUTkVRMEVyVFdsdWFYTjBaWEp2SzJSbGJHeGhLMU5oYkhWMFpTdFVaWE4wSlRKRFR5VXpSRTFwYm1semRHVnlieXRrXG5aV3hzWVN0VFlXeDFkR1VsTWtOREpUTkVTVlF3SFFZRFZSME9CQllFRkozZFZqc0d3QXRKSGxkcC9wT09mVUpZeEM3Zk1BNEdBMVVkXG5Ed0VCL3dRRUF3SUdRREFOQmdrcWhraUc5dzBCQVFzRkFBT0NBZ0VBeUdOdUtLQVkvbnNDUkxNL0tsMlpYSmN6dXJic3R4K0IrMjFMXG5yOGM0N1E4amxxV1JnR3FvWWVtNGRLWTZ0Z3ZtN2s2SEt5TGpZRVJVWHhCZVdRZkJFRzNkblhnM29kalU5LzdPMklON0llcEJmTStsXG44c2ZPSllPeTQ0bWFSV1Y5LzZXT0FMVkovenFjRG1WWktaNnM0RXZMR3N3QkRERk9ldVplbEVEVExENjhYUExyTm01RFNRdEczUnpJXG5pVkwxNFgrOElHR3I5Vy9aaGExaDVYYytFKzRQOGVkOUtJMVJKb3FESDhrbzQ1VjV1c0QvVUF5cHZkU1cyUU9MQjZWdlNyUkhrL3cwXG5GeUorOXhTRFBQSlYvVytmaXFGUjZpNzMzNWU3M2dOblVqR1RlZW1VTW84NTVMdFlmQXI0WjN2TTBTYmpGaWFkZ2phQngvY0RmdnRZXG5DS3EvMlI1WDFjUkpYS3k3cE9XeXZNQm5jQW92ZTZDWTY1SS9wTHhVZGxrMTgvRm9OWjJMSDhKaDNueHIycCtBWHNnUkVIMTF4UVNkXG5NWFRLOXVnYldxM1o3ek40aUEvUTdMRXVucmpBdFV2dFhHUllPN3BFR2R5Y2pUdEJkYkxPcHpWVjNCT2ExaFRRcVlKUWhwLzMzYTErXG45VzFWVkkxQlhvSEFCbVJPRCtzWGlWV0VDMEZoR2lVZmFPUzVBbDBQcUtQVlJwZTkyTm1yNmRRY3IzSVh3SDdWcE9kR2hwbUlwSzF4XG5WMWFETXhhbTdzRDg0ZHM4cXZRNzhzWklhdTBSMmE4bjhyVElKZ0VBbk1wOGNnRHpNeFpLQ2tHcm91eFlCTnRISm90T0Izek4vMG5EXG5BWXhSQjBaT0E3bURnb1NnaExhQ0xvTWRqakxuMUhRYUlLVmE5YWs9Il19.eyJqdGkiOiIzQzBFNTc3Ni04NzFELTExRUYtOTIwMy0wMDUwNTZCNjNGMEEiLCJpc3MiOiJpbnRlZ3JpdHk6UzEjMDUwI1JFR0lPTkVWRU5FVE9URVNUIiwibG9jYWxpdHkiOiJVTFNTIDIgTWFyY2EgVHJldmlnaWFuYV5eXl5eJjIuMTYuODQwLjEuMTEzODgzLjIuOS40LjEuMyZJU09eXl5eMDUwNTAyIiwic3ViIjoiR1JMTVNNNjBSMzFGNzcwWV5eXiYyLjE2Ljg0MC4xLjExMzg4My4yLjkuNC4zLjImSVNPIiwiZXhwIjoxNzI4NTkyNTEwLCJpYXQiOjE3Mjg1NzQ1MTAsImF1ZCI6Imh0dHBzOi8vbW9kaXBhLXZhbC5mc2Uuc2FsdXRlLmdvdi5pdC9nb3Z3YXkvcmVzdC9pbi9GU0UvZ2F0ZXdheS92MSIsInN1YmplY3Rfb3JnYW5pemF0aW9uX2lkIjoiMDUwIiwic3ViamVjdF9vcmdhbml6YXRpb24iOiJSZWdpb25lIFZlbmV0byIsInN1YmplY3Rfcm9sZSI6IkFQUiIsInBlcnNvbl9pZCI6IlNRVFBSVjgwQTU0STc5OVReXl4mMi4xNi44NDAuMS4xMTM4ODMuMi45LjQuMy4yJklTTyIsInBhdGllbnRfY29uc2VudCI6InRydWUiLCJwdXJwb3NlX29mX3VzZSI6IlRSRUFUTUVOVCIsInJlc291cmNlX2hsN190eXBlIjoiKCc2MDU5MS01Xl4yLjE2Ljg0MC4xLjExMzg4My42LjEnKSIsImFjdGlvbl9pZCI6IkNSRUFURSIsImF0dGFjaG1lbnRfaGFzaCI6IjM1NzllMDgxZjQzMjI1OTQ0MWI5Y2MxMWM3YzU0ODUzNjZlODIxOTNmOTA2MWEzY2Y2ZTQyZjQ3NTdjODRkYmMiLCJzdWJqZWN0X2FwcGxpY2F0aW9uX2lkIjoiTUVESUNPMjAwMCIsInN1YmplY3RfYXBwbGljYXRpb25fdmVuZG9yIjoiTWVkaWF0ZWMgSW5mb3JtYXRpY2EgUy5yLmwuIiwic3ViamVjdF9hcHBsaWNhdGlvbl92ZXJzaW9uIjoiMDYuMTgifQ.vMK9OM3UI6Cjq1uswribp6RpoLno7TXtPA48Yl-ewrQTduPxr4_MzKEL1xZ2jHntinme3lpJEam8RFEzucXn9LqJMG6uuOCvjadv5JKRS_UPTLL9RRjKZZSHFFWh2cFF4M-UMm9i0mg2OfxmJHKmkrYEdGVxOQYEodP0IBktkN_9UkvGraOtad7U16BuJrT1I76mcaDkw7H4WoHRrtI6lVkpDhStsPsDRHKFy-WWXEN_et686taZ6MRS7my0wRLraEB2rR-TymepJSyBUOAoy0EP-NMZhkXB0i7IvZc7IrfOarXHex8wHzXGy7Q-MrM4SfN5tzD-J1IDNzt6bCGRMA

vigliottim commented 3 weeks ago

Buonasera, potrebbe cortesemente allegare il data.json da lei utilizzato e verificare di aver generato correttamente i p12? Le facciamo presente che il certificato da utilizzare per la creazione del canale https è quello di autenticazione (A1XXXXXXXXX) mentre quello di firma (S1XXXXXXXXX) serve per firmare i token, come indicato nel seguente commento: https://github.com/ministero-salute/it-fse-support/issues/654#issuecomment-1985853383 La rimandiamo al seguente screenshot con le istruzioni dettagliate per la costruzione del p12:

image

Grazie per la collaborazione.

ppalmerini commented 2 weeks ago

Buonasera, abbiamo trovato il problema: c'erano degli a capo dentro l'x5c che non passavano la verifica dei token. Con il seguente data.json abbiamo ottenuto i due token correttamente e siamo riusciti a confrontarli con quelli che producevamo noi. Grazie.

{ "sub": "GRLMSM60R31F770Y^^^&2.16.840.1.113883.2.9.4.3.2&ISO", "subject_role": "APR", "purpose_of_use": "TREATMENT", "iss": "S1#050#REGIONEVENETOTEST", "action_id": "CREATE", "subject_application_id": "MEDICO2000", "subject_application_vendor": "Mediatec Informatica S.r.l.", "subject_application_version": "06.18", "locality": "ULSS 2 Marca Trevigiana^^^^^&2.16.840.1.113883.2.9.4.1.3&ISO^^^^050502", "subject_organization_id": "050", "subject_organization": "REGIONE VENETO", "aud": "https://modipa-val.fse.salute.gov.it/govway/rest/in/FSE/gateway/v1", "patient_consent": true, "resource_hl7_type": "('11502-2^^2.16.840.1.113883.6.1')", "jti": "1727962783", "person_id": "SQTPRV80A54I799T^^^&2.16.840.1.113883.2.9.4.3.2&ISO", "p12_path": "../S1#050#REGIONEVENETOTEST.p12", "pem_path": "../S1#050#REGIONEVENETOTEST.pem" }

vigliottim commented 2 weeks ago

Grazie a lei per il gentile feedback. Chiudiamo la presente issue e rimaniamo a disposizione per altre richieste di supporto.