Skip to main content

Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.

Jump to: navigation, search

OHF IHE ATNA

Back to the OHF IHE Wiki

Network Authentication

The network authentication portion of ATNA provides mutual authentication between the "Secure nodes" running IHE Actors using X.509 certificates and TLSv1. In addition there is also the option to encrypt the network communication for the session. Network authentication is directly integrated with the OHF XDS Document Source, XDS Document Consumer, PIX Client, PIX Source, and PDQ Client. The OHF Bridge also supports it.

TLS Configuration

The X.509 certificates need by the plugin must be in the JKS (Java Key Store) format files.

To enable TLSv1 you must configure the plugin. This can be done programmatically using the org.eclipse.ohf.ihf.common.atna.ConfigurationManager class, or via environment variables.

Environment variables for the private keystore holding the private certificate of the node

javax.net.ssl.keyStore=<fullpath/keystore-file>.jks
javax.net.sll.keyStorePassword=XXXX (password for the above file)

Environment variables for the public certificates used to validate the remote node's certificiate

javax.net.ssl.trustStore=<fullpath/truststore-file>.jks
javax.net.ssl.trustStorePassword=XXXX (password for the above file)

(optional) Environment variables for debugging options

javax.net.debug=YYYY

Two common debugging options

javax.net.debug=all  or javax.net.debug=sslhandshake   

(optional) Environment variables for selecting the Ciphe Suites used by TLS

https.cipherSuites= common seperated list of ciphers.   

if not specified the plugin will by default use:

https.cipherSuites=SSL_RSA_WITH_NULL_SHA,TLS_RSA_WITH_AES_128_CBC_SHA

Note: Java uses the name SSL_RSA_WITH_NULL_SHA for the ciphe TLS_RSA_WITH_NULL_SHA. These are the same cipher.

AUDIT Messages

Audit Messages Reference information

ATNA uses DICOM supplement 95 as the source for its audit message content.

ATNA plugins

ATNA is composed of the following plugins:

  • org.eclipse.ohf.ihe.atna.agent <-- the main visible package for users
  • org.eclipse.ohf.ihe.atna.audit <-- auditing
  • org.eclipse.ohf.ihe.atna.payload
  • org.eclipse.ohf.ihe.atna.transport<-- open and TLS transport
  • org.eclipse.ohf.ihe.common.atna <-- configuration management for TLS properties

User Guide

Documentation regarding OHF ATNA Agent will appear here shortly

Back to the top