Special Instructions
As X-Service User, this test might be easier to perform after XUA_Authenticate_User test.
X-Service User will have to perform a valid Get X-User Assertion transaction using an Healthcare Professional extension. But because it is required to include the SAML UserAuthenticationResponse in the GetXUserAssertionRequest, you will need to perform also an Authenticate User transaction.
Moreover if your system does not allow to perform a Get X-User Assertion transaction alone, you will have to trigger an action that leads to an ITI-40 Provide X-User Assertion transaction, such a PIXv3 Query or an XDS.b Stored Query.
Important : TLS is mandatory to every request in the XUA profile, as a consequence every endpoint has to use HTTPS.
Description
X-Service User will have to initiate a valid Get X-User Assertion transaction for an Healthcare Professional. The request must contain the Identity Assertion and the following attributes in the claims:
- HCP asRole of the accessing person
- Requested resource-id (EPR-SPID using HL7 CX syntax like 761337610435200998^^^SPID&2.16.756.5.30.1.127.3.10.3&ISO)
- Purpose of use
Then the X-Assertion Provider will checks the validity of the GetXUserAssertionRequest and issue an assertion.
The endPoint to use to play the X-Assertion Provider role as a simulator is: https://ehealthsuisse.ihe-europe.net:10443/STS?wsdl
For the Get X-User Assertion, the messages exchanged between your SUT
and the Assertion Provider should have been recorded and be available
in Gazelle Webservice Tester :
- Access the messages in Gazelle Webservice Tester from the "Mock messages";
- Find
out the message of interest, you can use the filters to ease your
search (we also recommand to do it before you move to the next step);
- We want to verify the conformance of the request sent by your SUT, click on the play icon next to the request type;
- You have been redirected to EVSClient, select CH:XUA in the EPR group and click on the "Go" button;
- Once the page of the validator opens, select the appropriate entry in the drop-down list and click on "Validate";
- When the validation report shows up, a pop-up raises, click on "OK";
- Copy the permanent link of the message in the test step using the "add link" feature.
Evaluation
The validation global result for the entire XUA request must be PASSED and include the UserAuthenticationResponse.
The GetXUserAssertionResponse must not be a SOAP Fault and contain an assertion. No need for EVSClient validation.