azure 无法在FHIR服务中获取相应的FHIR资源(患者数据)

o4hqfura  于 12个月前  发布在  其他
关注(0)|答案(2)|浏览(132)

我已经成功部署了DICOM Cast。并执行了Sync Medical Imaging Server for DICOM metadata into FHIR Server for Azure的所有步骤。但无法在FHIR服务中获得相应的FHIR资源。
我对this doc.的某些步骤感到困惑
1.在为您的FHIR和DICOM应用程序服务设置身份验证时,我无法在DICOM服务中设置Audience、Authority和Security:Enabled,也无法在FHIR服务中设置Security:Enabled。


2.在更新DICOM Cast的Key Vault时,您在一个文档中提到“搜索您的服务原则”,在选择原则下,我应该选择哪个原则?用户原则还是企业应用原则?如果是企业应用原则,我应该选择哪个应用?

目前,我还没有对DICOM服务进行认证,在服务原则中,我选择了用户原则。
下面是详细的容器日志:

info: Azure.Identity[1]
      DefaultAzureCredential.GetToken invoked. Scopes: [ https://dicom.healthcareapis.azure.com ] ParentRequestId: 
info: Azure.Identity[1]
      EnvironmentCredential.GetToken invoked. Scopes: [ https://dicom.healthcareapis.azure.com ] ParentRequestId: 
info: Azure.Identity[3]
      EnvironmentCredential.GetToken was unable to retrieve an access token. Scopes: [ https://dicom.healthcareapis.azure.com ] ParentRequestId:  Exception: Azure.Identity.CredentialUnavailableException (0x80131500): EnvironmentCredential authentication unavailable. Environment variables are not fully configured. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/environmentcredential/troubleshoot
info: Azure.Identity[1]
      WorkloadIdentityCredential.GetToken invoked. Scopes: [ https://dicom.healthcareapis.azure.com ] ParentRequestId: 
info: Azure.Identity[3]
      WorkloadIdentityCredential.GetToken was unable to retrieve an access token. Scopes: [ https://dicom.healthcareapis.azure.com ] ParentRequestId:  Exception: Azure.Identity.CredentialUnavailableException (0x80131500): WorkloadIdentityCredential authentication unavailable. The workload options are not fully configured. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/workloadidentitycredential/troubleshoot
info: Azure.Identity[1]
      ManagedIdentityCredential.GetToken invoked. Scopes: [ https://dicom.healthcareapis.azure.com ] ParentRequestId: 
info: Azure.Identity[8]
      False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:31Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] MSAL MSAL.NetCore with assembly version '4.54.1.0'. CorrelationId(0c85f10d-5c3c-4f91-a149-c05e7048dae4)
info: Azure.Identity[8]
      False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:31Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] === AcquireTokenForClientParameters ===
      SendX5C: False
      ForceRefresh: False
      
info: Azure.Identity[8]
      False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:31Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] 
      === Request Data ===
      Authority Provided? - True
      Scopes - https://dicom.healthcareapis.azure.com
      Extra Query Params Keys (space separated) - 
      ApiId - AcquireTokenForClient
      IsConfidentialClient - True
      SendX5C - False
      LoginHint ? False
      IsBrokerConfigured - False
      HomeAccountId - False
      CorrelationId - 0c85f10d-5c3c-4f91-a149-c05e7048dae4
      UserAssertion set: False
      LongRunningOboCacheKey set: False
      Region configured: 
      
info: Azure.Identity[8]
      False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:31Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] === Token Acquisition (ClientCredentialRequest) started:
         Scopes: https://dicom.healthcareapis.azure.com
        Authority Host: login.microsoftonline.com
info: Azure.Identity[8]
      False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:31Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] [Region discovery] Not using a regional authority. 
info: Azure.Identity[8]
      False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:31Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] [Instance Discovery] Skipping Instance discovery because it is disabled. 
info: Azure.Core[1]
      Request [467f2d30-036f-41e2-ab12-9619b63ec6c7] GET http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=REDACTED
      Metadata:REDACTED
      x-ms-client-request-id:467f2d30-036f-41e2-ab12-9619b63ec6c7
      x-ms-return-client-request-id:true
      User-Agent:azsdk-net-Identity/1.10.0 (.NET 7.0.10; Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022)
      client assembly: Azure.Identity
info: Azure.Core[5]
      Response [467f2d30-036f-41e2-ab12-9619b63ec6c7] 200 OK (00.0s)
      Date:Thu, 14 Sep 2023 13:58:32 GMT
      Content-Type:application/json
      Content-Length:1438
      
info: Azure.Identity[8]
      False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:32Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] Checking client info returned from the server..
info: Azure.Identity[8]
      False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:32Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] Saving token response to cache..
info: Azure.Identity[8]
      False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:32Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] [SaveTokenResponseAsync] ID Token not present in response. 
info: Azure.Identity[8]
      False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:32Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] Cannot determine home account id - or id token or no client info and no subject 
info: Azure.Identity[8]
      False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:32Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] [SaveTokenResponseAsync] Saving AT in cache and removing overlapping ATs...
info: Azure.Identity[8]
      False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:32Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] Looking for scopes for the authority in the cache which intersect with https://dicom.healthcareapis.azure.com
info: Azure.Identity[8]
      False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:32Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] Intersecting scope entries count - 0
info: Azure.Identity[8]
      False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:32Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] 
        === Token Acquisition finished successfully:
info: Azure.Identity[8]
      False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:32Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4]  AT expiration time: 09/15/2023 12:56:16 +00:00, scopes: https://dicom.healthcareapis.azure.com. source: IdentityProvider
info: Azure.Identity[8]
      False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:32Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] Fetched access token from host login.microsoftonline.com. 
info: Azure.Identity[2]
      ManagedIdentityCredential.GetToken succeeded. Scopes: [ https://dicom.healthcareapis.azure.com ] ParentRequestId:  ExpiresOn: 2023-09-15T12:56:16.0260624+00:00
info: Azure.Identity[13]
      DefaultAzureCredential credential selected: Azure.Identity.ManagedIdentityCredential
info: Azure.Identity[2]
      DefaultAzureCredential.GetToken succeeded. Scopes: [ https://dicom.healthcareapis.azure.com ] ParentRequestId:  ExpiresOn: 2023-09-15T12:56:16.0260624+00:00
crit: Microsoft.Health.DicomCast.Core.Features.Worker.DicomCastWorker[0]
      Unhandled exception.
      Microsoft.Health.Dicom.Client.DicomWebException: Forbidden: Authorization failed.
         at Microsoft.Health.Dicom.Client.DicomWebClient.EnsureSuccessStatusCodeAsync(HttpResponseMessage response, Func`5 additionalFailureInspector) in /_/src/Microsoft.Health.Dicom.Client/DicomWebClient.cs:line 219
         at Microsoft.Health.Dicom.Client.DicomWebClient.GetChangeFeedLatest(String queryString, CancellationToken cancellationToken) in /_/src/Microsoft.Health.Dicom.Client/DicomWebClient.ChangeFeed.cs:line 41
         at Microsoft.Health.DicomCast.Core.Features.DicomWeb.Service.ChangeFeedRetrieveService.RetrieveLatestSequenceAsync(CancellationToken cancellationToken) in /_/converter/dicom-cast/src/Microsoft.Health.DicomCast.Core/Features/DicomWeb/Service/ChangeFeedRetrieveService.cs:line 41
         at Microsoft.Health.DicomCast.Core.Features.Worker.ChangeFeedProcessor.ProcessAsync(TimeSpan pollIntervalDuringCatchup, CancellationToken cancellationToken) in /_/converter/dicom-cast/src/Microsoft.Health.DicomCast.Core/Features/Worker/ChangeFeedProcessor.cs:line 70
         at Microsoft.Health.DicomCast.Core.Features.Worker.DicomCastWorker.ExecuteAsync(CancellationToken cancellationToken) in /_/converter/dicom-cast/src/Microsoft.Health.DicomCast.Core/Features/Worker/DicomCastWorker.cs:line 95
info: Microsoft.Hosting.Lifetime[0]
      Application is shutting down...

字符串
以下是 Postman 截图:


h43kikqp

h43kikqp1#

错误403 Forbidden通常发生在您未将FHIR Data Contributor等所需角色添加到ACI托管身份时。
当我尝试在不添加角色的情况下通过Postman获取患者数据时,我也得到了相同的错误403 Forbidden状态如下:

GET https://demofhir20.azurehealthcareapis.com/Patient

字符串

回复:


的数据
在您的情况下,确保在使用托管身份验证生成访问令牌时将FHIR Data ContributorDICOM Data Owner角色添加到ACI托管身份:



分配角色后,重新生成访问令牌,调用/patient API,成功获得响应,如下所示:

GET https://demofhir20.azurehealthcareapis.com/Patient

回复:


参考:dicom-server/docs/quickstarts/deploy-dicom-cast.md at main · microsoft/dicom-server (github.com)

xqkwcwgp

xqkwcwgp2#

无需遵循以下FHIR和DICOM应用程序服务的身份验证步骤。
然后,您将能够在FHIR服务中获取相应的FHIR资源(患者数据)。

相关问题