我已经成功部署了DICOM Cast。并执行了Sync Medical Imaging Server for DICOM metadata into FHIR Server for Azure的所有步骤。但无法在FHIR服务中获得相应的FHIR资源。
我对this doc.的某些步骤感到困惑
1.在为您的FHIR和DICOM应用程序服务设置身份验证时,我无法在DICOM服务中设置Audience、Authority和Security:Enabled,也无法在FHIR服务中设置Security:Enabled。
2.在更新DICOM Cast的Key Vault时,您在一个文档中提到“搜索您的服务原则”,在选择原则下,我应该选择哪个原则?用户原则还是企业应用原则?如果是企业应用原则,我应该选择哪个应用?
目前,我还没有对DICOM服务进行认证,在服务原则中,我选择了用户原则。
下面是详细的容器日志:
info: Azure.Identity[1]
DefaultAzureCredential.GetToken invoked. Scopes: [ https://dicom.healthcareapis.azure.com ] ParentRequestId:
info: Azure.Identity[1]
EnvironmentCredential.GetToken invoked. Scopes: [ https://dicom.healthcareapis.azure.com ] ParentRequestId:
info: Azure.Identity[3]
EnvironmentCredential.GetToken was unable to retrieve an access token. Scopes: [ https://dicom.healthcareapis.azure.com ] ParentRequestId: Exception: Azure.Identity.CredentialUnavailableException (0x80131500): EnvironmentCredential authentication unavailable. Environment variables are not fully configured. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/environmentcredential/troubleshoot
info: Azure.Identity[1]
WorkloadIdentityCredential.GetToken invoked. Scopes: [ https://dicom.healthcareapis.azure.com ] ParentRequestId:
info: Azure.Identity[3]
WorkloadIdentityCredential.GetToken was unable to retrieve an access token. Scopes: [ https://dicom.healthcareapis.azure.com ] ParentRequestId: Exception: Azure.Identity.CredentialUnavailableException (0x80131500): WorkloadIdentityCredential authentication unavailable. The workload options are not fully configured. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/workloadidentitycredential/troubleshoot
info: Azure.Identity[1]
ManagedIdentityCredential.GetToken invoked. Scopes: [ https://dicom.healthcareapis.azure.com ] ParentRequestId:
info: Azure.Identity[8]
False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:31Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] MSAL MSAL.NetCore with assembly version '4.54.1.0'. CorrelationId(0c85f10d-5c3c-4f91-a149-c05e7048dae4)
info: Azure.Identity[8]
False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:31Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] === AcquireTokenForClientParameters ===
SendX5C: False
ForceRefresh: False
info: Azure.Identity[8]
False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:31Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4]
=== Request Data ===
Authority Provided? - True
Scopes - https://dicom.healthcareapis.azure.com
Extra Query Params Keys (space separated) -
ApiId - AcquireTokenForClient
IsConfidentialClient - True
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - 0c85f10d-5c3c-4f91-a149-c05e7048dae4
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured:
info: Azure.Identity[8]
False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:31Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] === Token Acquisition (ClientCredentialRequest) started:
Scopes: https://dicom.healthcareapis.azure.com
Authority Host: login.microsoftonline.com
info: Azure.Identity[8]
False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:31Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] [Region discovery] Not using a regional authority.
info: Azure.Identity[8]
False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:31Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] [Instance Discovery] Skipping Instance discovery because it is disabled.
info: Azure.Core[1]
Request [467f2d30-036f-41e2-ab12-9619b63ec6c7] GET http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=REDACTED
Metadata:REDACTED
x-ms-client-request-id:467f2d30-036f-41e2-ab12-9619b63ec6c7
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Identity/1.10.0 (.NET 7.0.10; Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022)
client assembly: Azure.Identity
info: Azure.Core[5]
Response [467f2d30-036f-41e2-ab12-9619b63ec6c7] 200 OK (00.0s)
Date:Thu, 14 Sep 2023 13:58:32 GMT
Content-Type:application/json
Content-Length:1438
info: Azure.Identity[8]
False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:32Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] Checking client info returned from the server..
info: Azure.Identity[8]
False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:32Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] Saving token response to cache..
info: Azure.Identity[8]
False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:32Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] [SaveTokenResponseAsync] ID Token not present in response.
info: Azure.Identity[8]
False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:32Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] Cannot determine home account id - or id token or no client info and no subject
info: Azure.Identity[8]
False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:32Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] [SaveTokenResponseAsync] Saving AT in cache and removing overlapping ATs...
info: Azure.Identity[8]
False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:32Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] Looking for scopes for the authority in the cache which intersect with https://dicom.healthcareapis.azure.com
info: Azure.Identity[8]
False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:32Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] Intersecting scope entries count - 0
info: Azure.Identity[8]
False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:32Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4]
=== Token Acquisition finished successfully:
info: Azure.Identity[8]
False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:32Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] AT expiration time: 09/15/2023 12:56:16 +00:00, scopes: https://dicom.healthcareapis.azure.com. source: IdentityProvider
info: Azure.Identity[8]
False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:32Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] Fetched access token from host login.microsoftonline.com.
info: Azure.Identity[2]
ManagedIdentityCredential.GetToken succeeded. Scopes: [ https://dicom.healthcareapis.azure.com ] ParentRequestId: ExpiresOn: 2023-09-15T12:56:16.0260624+00:00
info: Azure.Identity[13]
DefaultAzureCredential credential selected: Azure.Identity.ManagedIdentityCredential
info: Azure.Identity[2]
DefaultAzureCredential.GetToken succeeded. Scopes: [ https://dicom.healthcareapis.azure.com ] ParentRequestId: ExpiresOn: 2023-09-15T12:56:16.0260624+00:00
crit: Microsoft.Health.DicomCast.Core.Features.Worker.DicomCastWorker[0]
Unhandled exception.
Microsoft.Health.Dicom.Client.DicomWebException: Forbidden: Authorization failed.
at Microsoft.Health.Dicom.Client.DicomWebClient.EnsureSuccessStatusCodeAsync(HttpResponseMessage response, Func`5 additionalFailureInspector) in /_/src/Microsoft.Health.Dicom.Client/DicomWebClient.cs:line 219
at Microsoft.Health.Dicom.Client.DicomWebClient.GetChangeFeedLatest(String queryString, CancellationToken cancellationToken) in /_/src/Microsoft.Health.Dicom.Client/DicomWebClient.ChangeFeed.cs:line 41
at Microsoft.Health.DicomCast.Core.Features.DicomWeb.Service.ChangeFeedRetrieveService.RetrieveLatestSequenceAsync(CancellationToken cancellationToken) in /_/converter/dicom-cast/src/Microsoft.Health.DicomCast.Core/Features/DicomWeb/Service/ChangeFeedRetrieveService.cs:line 41
at Microsoft.Health.DicomCast.Core.Features.Worker.ChangeFeedProcessor.ProcessAsync(TimeSpan pollIntervalDuringCatchup, CancellationToken cancellationToken) in /_/converter/dicom-cast/src/Microsoft.Health.DicomCast.Core/Features/Worker/ChangeFeedProcessor.cs:line 70
at Microsoft.Health.DicomCast.Core.Features.Worker.DicomCastWorker.ExecuteAsync(CancellationToken cancellationToken) in /_/converter/dicom-cast/src/Microsoft.Health.DicomCast.Core/Features/Worker/DicomCastWorker.cs:line 95
info: Microsoft.Hosting.Lifetime[0]
Application is shutting down...
字符串
以下是 Postman 截图:
的
2条答案
按热度按时间h43kikqp1#
错误403 Forbidden通常发生在您未将
FHIR Data Contributor
等所需角色添加到ACI托管身份时。当我尝试在不添加角色的情况下通过Postman获取患者数据时,我也得到了相同的错误,
403 Forbidden
状态如下:字符串
回复:
的数据
在您的情况下,确保在使用托管身份验证生成访问令牌时将
FHIR Data Contributor
和DICOM Data Owner
角色添加到ACI托管身份:的
分配角色后,重新生成访问令牌,调用
/patient
API,成功获得响应,如下所示:型
回复:
的
参考:dicom-server/docs/quickstarts/deploy-dicom-cast.md at main · microsoft/dicom-server (github.com)
xqkwcwgp2#
无需遵循以下FHIR和DICOM应用程序服务的身份验证步骤。
然后,您将能够在FHIR服务中获取相应的FHIR资源(患者数据)。