zorgplatform

package
v0.0.0-...-3734e06 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 24, 2026 License: GPL-3.0 Imports: 43 Imported by: 0

README

Zorgplatform Integration

Field Mapping

This section describes how fields from ChipSoft HiX (ChipSoft's EHR), Zorgplatform (ChipSoft's API to access data from HiX in FHIR format), and ORCA or Nuts are mapped to SCP entities.

Mapped SCP Field Source System Source System Field Mapping
Launch context EHR BSN Zorgplatform Patient.identifier (system=http://fhir.nl/fhir/NamingSystem/bsn) BSN from HiX auth token is ignored, taken from FHIR Patient resource instead
Launch context EHR Task ID HiX Auth token (http://sts.zorgplatform.online/ws/claims/2017/07/workflow/workflow-id)
Launch context EHR Task Zorgplatform Reference is Task/<workflow ID>, used to construct SCP Task
Launch context EHR Patient Zorgplatform Auth token (http://sts.zorgplatform.online/ws/claims/2017/07/workflow/workflow-id) Search narrowing guarantees that only the patient related to the workflow is returned
Condition ORCA Created by ORCA, as Zorgplatform doesn't provide a Condition.
Condition.code Zorgplatform Task.definitionReference ChipSoft workflow OID to snomed code (e.g. urn:oid:2.16.840.1.113883.2.4.3.224.2.1)
ServiceRequest ORCA Created by ORCA, as Zorgplatform doesn't provide a ServiceRequest.
ServiceRequest.status ORCA active (hardcoded)
ServiceRequest.identifier HiX Auth token (http://sts.zorgplatform.online/ws/claims/2017/07/workflow/workflow-id) system=http://sts.zorgplatform.online/ws/claims/2017/07/workflow/workflow-id
ServiceRequest.code ORCA snomed|719858009 telemonitoring (hardcoded)
ServiceRequest.display ORCA monitoren via telegeneeskunde (hardcoded)
ServiceRequest.reasonReference ORCA Constructed Condition
ServiceRequest.subject.identifier Zorgplatform Patient.identifier (system=http://fhir.nl/fhir/NamingSystem/bsn) plan (hardcoded)
ServiceRequest.subject.reference ORCA Launch context Patient reference
ServiceRequest.performer.identifier ORCA Configured (system=http://fhir.nl/fhir/NamingSystem/ura)
ServiceRequest.performer.display Nuts X509Credential.credentialSubject.subject.O Read from CSD
ServiceRequest.requester.identifier Nuts X509Credential.credentialSubject.subject.otherName Read from local wallet (system=http://fhir.nl/fhir/NamingSystem/ura)
ServiceRequest.requester.display Nuts X509Credential.credentialSubject.subject.O Read from local wallet
Practitioner Zorgplatform Patient.generalPractitioner Pre-populates QuestionnaireResponses
Patient Zorgplatform Sanitized Patient resource from Zorgplatform (see rows below for removed fields)
Zorgplatform Patient.contact.organization.reference External literal reference (of Zorgplatform) removed
Zorgplatform Patient.managingOrganization.reference External literal reference (of Zorgplatform) removed
Zorgplatform Patient.link.other.reference External literal reference (of Zorgplatform) removed
Zorgplatform Patient.generalPractitioner.reference External literal reference (of Zorgplatform) removed
Task.meta.profile ORCA http://santeonnl.github.io/shared-care-planning/StructureDefinition/SCPTask
Task.identifier Zorgplatform Auth token (http://sts.zorgplatform.online/ws/claims/2017/07/workflow/workflow-id)
Task.for.type ORCA Patient (hardcoded)
Task.for.reference ORCA Launch context Patient reference
Task.status ORCA requested (hardcoded)
Task.intent ORCA order (hardcoded)
Task.intent ORCA order (hardcoded)
Task.reasonCode ORCA Condition.code
Task.reasonReference.reference ORCA Launch context Condition reference Constructed Condition
Task.reasonReference.display ORCA Depends on Condition.code (hardcoded)
Task.requester ORCA ServiceRequest.requester.identifier
Task.performer ORCA ServiceRequest.performer[0].identifier
Task.focus.type ORCA ServiceRequest (hardcoded)
Task.focus.reference ORCA Launch context ServiceRequest reference Constructed ServiceRequest
Task.focus.display ORCA ServiceRequest.code.coding.[0].display

Access via local deployment

  1. az login
  2. configure the kv values, e.g: 
    {
"ORCA_CAREPLANCONTRIBUTOR_APPLAUNCH_ZORGPLATFORM_ENABLED": "true",
"ORCA_CAREPLANCONTRIBUTOR_APPLAUNCH_ZORGPLATFORM_SIGN_ISS": "<iss>", //The hl7 oid of the care organization configured in Zorgplatform
"ORCA_CAREPLANCONTRIBUTOR_APPLAUNCH_ZORGPLATFORM_SIGN_AUD": "<aud>", //The STS URL
"ORCA_CAREPLANCONTRIBUTOR_APPLAUNCH_ZORGPLATFORM_DECRYPT_ISS": "<iss>", //The STS URL
"ORCA_CAREPLANCONTRIBUTOR_APPLAUNCH_ZORGPLATFORM_DECRYPT_AUD": "<aud>", //The service URL configured in Zorgplatform
"ORCA_CAREPLANCONTRIBUTOR_APPLAUNCH_ZORGPLATFORM_DECRYPT_SIGNCERT": "<pem_certificate>", // PEM-formatted X.509 certificate(s) used to verify signatures provided by Zorgplatform. Should retain newlines, e.g. "-----BEGIN CERTIFICATE-----\nMIIGpTC...SIuTjA==\n-----END CERTIFICATE-----",
"ORCA_CAREPLANCONTRIBUTOR_APPLAUNCH_ZORGPLATFORM_BASEURL": "<url>", //https://zorgplatform.online OR https://acceptatie.zorgplatform.online
"ORCA_CAREPLANCONTRIBUTOR_APPLAUNCH_ZORGPLATFORM_STSURL": "<url>", //https://zorgplatform.online/sts OR https://acceptatie.zorgplatform.online/sts
"ORCA_CAREPLANCONTRIBUTOR_APPLAUNCH_ZORGPLATFORM_APIURL": "<url>", //https://api.zorgplatform.online/fhir/V1/ OR https://api.acceptatie.zorgplatform.online/fhir/V1/
"ORCA_CAREPLANCONTRIBUTOR_APPLAUNCH_ZORGPLATFORM_AZURE_KEYVAULT_URL": "<url>", //The URL of the Azure KeyVault to use
"ORCA_CAREPLANCONTRIBUTOR_APPLAUNCH_ZORGPLATFORM_AZURE_CREDENTIALTYPE": "<type>", //The Azure credential type, "default", "cli" or "managed_identity"
"ORCA_CAREPLANCONTRIBUTOR_APPLAUNCH_ZORGPLATFORM_AZURE_KEYVAULT_DECRYPTCERTNAME": "<certname>", //Name of the KV decrypt certificate (used to decrypt assertions that are received from Zorgplatform)
"ORCA_CAREPLANCONTRIBUTOR_APPLAUNCH_ZORGPLATFORM_AZURE_KEYVAULT_SIGNCERTNAME": "<certname>", //Name of the KV signing certificate (used to sign assertions that wil be sent to Zorgplatform)
"ORCA_CAREPLANCONTRIBUTOR_APPLAUNCH_ZORGPLATFORM_AZURE_KEYVAULT_CLIENTCERTNAME": "<certname>" //Name of the KV client certificate (used to set up mTLS with Zorgplatform)
}

Documentation

Index

Constants

View Source 
const HIX_LOCALUSER_SYSTEM = "https://santeonnl.github.io/shared-care-planning/ehr/hix/userid"

Variables

This section is empty.

Functions

func FormatXSDDateTime 

func FormatXSDDateTime(t time.Time) string

func GetCurrentXSDDateTime 

func GetCurrentXSDDateTime() string

Types

type AzureConfig 

type AzureConfig struct {
	KeyVaultConfig AzureKeyVaultConfig `koanf:"keyvault"`
	CredentialType string              `koanf:"credentialtype"`
}

type AzureKeyVaultConfig 

type AzureKeyVaultConfig struct {
	KeyVaultURL     string `koanf:"url"`
	DecryptCertName string `koanf:"decryptcertname"`
	SignCertName    string `koanf:"signcertname"`
	ClientCertName  string `koanf:"clientcertname"`
	AllowInsecure   bool   `koanf:"allowinsecure"`
}

type Config 

type Config struct {
	Enabled            bool           `koanf:"enabled"`
	ApiUrl             string         `koanf:"apiurl"`             //The FHIR API URL
	StsUrl             string         `koanf:"stsurl"`             //The SAML STS URL
	BaseUrl            string         `koanf:"baseurl"`            //The base URL of zorgplatform, can be either their acc or prd URL
	SAMLRequestTimeout time.Duration  `koanf:"samlrequesttimeout"` //The timeout for the SAML request, e.g. 10s, 100ms etc
	Tenants            tenants.Config `koanf:"tenants"`
	SigningConfig      SigningConfig  `koanf:"sign"`
	DecryptConfig      DecryptConfig  `koanf:"decrypt"`
	TaskPerformerUra   string         `koanf:"taskperformerura"`

	AzureConfig    AzureConfig    `koanf:"azure"`
	X509FileConfig X509FileConfig `koanf:"x509"`
}

func DefaultConfig 

func DefaultConfig() Config

type DecryptConfig 

type DecryptConfig struct {
	Issuer      string `koanf:"iss"`
	Audience    string `koanf:"aud"`
	SignCertPem string `koanf:"signcertpem"`
}

type LaunchContext 

type LaunchContext struct {
	Bsn                    string
	Practitioner           fhir.Practitioner
	PractitionerRole       fhir.PractitionerRole
	ServiceRequest         fhir.ServiceRequest
	WorkflowId             string
	ChipSoftOrganizationID string
}

type OtherSessionData 

type OtherSessionData struct {
	LaunchContext LaunchContext
	AccessToken   string
}

type RsaOaepXmlSuite 

type RsaOaepXmlSuite struct {
}

RsaOaepXmlSuite is a xmlenc.Decrypter that can decrypt using RSA-OAEP-MGF1P, with a potentially external key.

func (RsaOaepXmlSuite) Algorithm 

func (e RsaOaepXmlSuite) Algorithm() string

func (RsaOaepXmlSuite) Decrypt 

func (e RsaOaepXmlSuite) Decrypt(key interface{}, ciphertextEl *etree.Element) ([]byte, error)

type SecureTokenService 

type SecureTokenService interface {
	RequestAccessToken(ctx context.Context, launchContext LaunchContext, tokenType TokenType) (string, error)
}

type Service 

type Service struct {
	// contains filtered or unexported fields
}

func New 

func New(sessionManager *user.SessionManager[session.Data], config Config, tenants tenants.Config, baseURL string, frontendLandingUrl *url.URL, profile profile.Provider) (*Service, error)

func (*Service) CreateEHRProxies 

func (s *Service) CreateEHRProxies() (map[string]coolfhir.HttpProxy, map[string]fhirclient.Client)

CreateEHRProxies creates HTTP proxies and FHIR clients to interact with the Zorgplatform FHIR API. It should only be invoked once, because it creates caches with background goroutines.

func (*Service) RegisterHandlers 

func (s *Service) RegisterHandlers(mux *http.ServeMux)

func (*Service) RequestAccessToken 

func (s *Service) RequestAccessToken(ctx context.Context, launchContext LaunchContext, tokenType TokenType) (string, error)

RequestAccessToken generates the SAML assertion, signs it, sends the SOAP request to the Zorgplatform STS and returns the SAML access token

type SigningConfig 

type SigningConfig struct {
	Issuer   string `koanf:"iss"`
	Audience string `koanf:"aud"`
}

type TokenType 

type TokenType struct {
	Subject      func(element *etree.Element, launchContext *LaunchContext, applicationIssuer string)
	Role         func(element *etree.Element)
	PurposeOfUse func(element *etree.Element)
}

type X509FileConfig 

type X509FileConfig struct {
	DecryptCertFile string `koanf:"decryptcertfile"`
	ClientCertFile  string `koanf:"clientcertfile"`
	SignCertFile    string `koanf:"signcertfile"`
	SignKeyFile     string `koanf:"signkeyfile"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.