Skip to content

Process Deployment and Configuration v0.3.2

Jump to bottom
Reto Wettstein edited this page Jul 6, 2021 · 8 revisions

The process can be deployed by dropping the process-plugin-jar into the the DSF BPE folder /opt/bpe/app/process. The release notes of the process version 0.3.2 can be found here.

DIC Configuration

Prerequisite

  • The hapi-fhir-client-5.1.0.jar has to be installed as a regular DSF BPE plugin by dropping the jar file into the folder /opt/bpe/app/plugin.

Configuration

The following properties can be set in the file /opt/bpe/app/conf/config.properties.

CRR public-key:

  • de.netzwerk_universitaetsmedizin.codex.crr.publicKey: the location of the CRR public-key as 4096 Bit RSA PEM encoded file

DIC GECCO FHIR repository:

  • de.netzwerk_universitaetsmedizin.codex.fhir.serverBase: the http address base of the repository containing the FHIR GECCO data
  • de.netzwerk_universitaetsmedizin.codex.fhir.username: username if the server containing the FHIR GECCO data needs authentication using basic auth
  • de.netzwerk_universitaetsmedizin.codex.fhir.password: password if the server containing the FHIR GECCO data needs authentication using basic auth
  • de.netzwerk_universitaetsmedizin.codex.fhir.bearerToken: bearer token if the server containing the FHIR GECCO data needs token based authentication

If the DIC GECCO FHIR repository is not configured, the send process generates demo data for testing purposes. This test data contains for each provided DIC pseudonym 1 FHIR Patient ressource, 1 FHIR Condition resource and 1 FHIR Observation resource.

fTTP connection to resolve Bloom Filters:

This configuration is only needed if Patient resources in the DIC GECCO FHIR repository contain a Bloom Filter and not a DIC pseudonym.

  • de.netzwerk_universitaetsmedizin.codex.fttp.serverBase: ask the fTTP for the http address base that corresponds to your authentication method
  • de.netzwerk_universitaetsmedizin.codex.fttp.trustStore: ask the fTTP for the truststore as PEM encoded file containing one or more ca certificates
  • de.netzwerk_universitaetsmedizin.codex.fttp.certificate: ask the fTTP for your organizations client certifacte as PEM encoded file
  • de.netzwerk_universitaetsmedizin.codex.fttp.privateKey: the key corresponding to your organizations client certificate as PEM encoded file
  • de.netzwerk_universitaetsmedizin.codex.fttp.basicAuthUsername: only needed if the second factor of your fTTP authentication method is not based on an IP address filter, should contain your organizations basic auth username
  • de.netzwerk_universitaetsmedizin.codex.fttp.basicAuthPassword: only needed if the second factor of your fTTP authentication method is not based on an IP address filter, should contain your organizations basic auth username
  • de.netzwerk_universitaetsmedizin.codex.fttp.apiKey: ask the fTTP for your API key
  • de.netzwerk_universitaetsmedizin.codex.fttp.target ask the fTTP for your organizations pseudonym source identifier (e.g. dic_heidelberg)

If the fTTP connection is not configured and the process finds a Bloom Filter in a FHIR Patient resource, a demo DIC pseudonym with the value source2/original2 is generated and used.

Internet access via corporate proxy server:

If the DSF BPE or the DSF FHIR server can only access the Internet via a corporate proxy server, these parameters must be set.

  • org.highmed.dsf.bpe.fhir.remote.webservice.proxy.schemeHostPort: the http address of the corporate proxy server
  • org.highmed.dsf.bpe.fhir.remote.webservice.proxy.username: username if the corporate proxy server needs authentication
  • org.highmed.dsf.bpe.fhir.remote.webservice.proxy.password: password if the corporate proxy server needs authentication

Local consent provider:

  • No implementation yet.

Process exclude config:

  • org.highmed.dsf.bpe.process.excluded=dataTranslate/0.3.2,dataReceive/0.3.2: the processes translate and receive are not needed in the DIC

Test Data

There exist two GECCO FHIR transaction Bundles with test data that can be used in the DIC GECCO FHIR repository for testing purposes:

  • A transaction Bundle containing demo data based on a FHIR Patient resource with a Bloom Filter identifier can be found here
  • A transaction Bundle containing demo data based on a FHIR Patient resource with a DIC pseudonym identifier can be found here

GTH Configuration

The following properties can be set in the file /opt/bpe/app/conf/config.properties.

fTTP connection to resolve CODEX pseudonyms based on DIC pseudonyms:

  • de.netzwerk_universitaetsmedizin.codex.fttp.serverBase: the http address base of the fTTP
  • de.netzwerk_universitaetsmedizin.codex.fttp.trustStore: ask the fTTP for the truststore as PEM encoded file containing one or more ca certificates
  • de.netzwerk_universitaetsmedizin.codex.fttp.certificate: ask the fTTP for your organizations client certificate as PEM encoded file
  • de.netzwerk_universitaetsmedizin.codex.fttp.privateKey: the key corresponding to your organizations client certificate as PEM encoded file
  • de.netzwerk_universitaetsmedizin.codex.fttp.basicAuthUsername: only needed if the second factor of your fTTP authentication method is not based on an IP address filter, should contain your organizations basic auth username
  • de.netzwerk_universitaetsmedizin.codex.fttp.basicAuthPassword: only needed if the second factor of your fTTP authentication method is not based on an IP address filter, should contain your organizations basic auth username
  • de.netzwerk_universitaetsmedizin.codex.fttp.apiKey: ask the fTTP for your API key

Process exclude config:

  • org.highmed.dsf.bpe.process.excluded=dataTrigger/0.3.2,dataSend/0.3.2,dataReceive/0.3.2: the processes trigger, send and receive are not needed in the GTH

CRR Configuration

Prerequisite

  • The hapi-fhir-client-5.1.0.jar has to be installed as a regular DSF BPE plugin by dropping the jar file into the folder /opt/bpe/app/plugin.

Configuration

The following properties can be set in the file /opt/bpe/app/conf/config.properties.

CRR private-key:

  • de.netzwerk_universitaetsmedizin.codex.crr.privateKey: location of the CRR private-key as 4096 Bit RSA PEM encoded, not encrypted file

Generate a key-pair using:

  • openssl genrsa -out keypair.pem 4096
  • openssl rsa -in keypair.pem -pubout -out crr_public-key.pem
  • openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in keypair.pem -out crr_private-key.pem

CRR GECCO FHIR repository:

  • de.netzwerk_universitaetsmedizin.codex.fhir.serverBase: the http address base of the repository to store the received FHIR GECCO data
  • de.netzwerk_universitaetsmedizin.codex.fhir.username: username if the server storing the received FHIR GECCO data needs authentication using basic auth
  • de.netzwerk_universitaetsmedizin.codex.fhir.password: password if the server storing the received FHIR GECCO data needs authentication using basic auth
  • de.netzwerk_universitaetsmedizin.codex.fhir.bearerToken: bearer token if the server storing the received FHIR GECCO data needs token based authentication

Process exclude config:

  • org.highmed.dsf.bpe.process.excluded=dataTrigger/0.3.2,dataSend/0.3.2,dataTranslate/0.3.2: the processes trigger, send and translate are not needed in the CRR
Clone this wiki locally