Unable to get corresponding FHIR resource(Patient's data) in FHIR service. about dicom-server HOT 7 CLOSED

It looks like you are trying to add the secrets to the keyvault but having trouble assigning the proper role that would allow you to add secrets to keyvault.

The above instruction is simply suggesting to add the servicepriciple that will be used to access that keyvault. If you are doing it manually and are logged in as yourself, then you should add your servicepriciple. But if this is automated process and you have created an app via appregistration in AAS which should be accessing the keyvault then add the appid of this app. Regardless of whatever serviceprinciple youa re using, that servicepriciple should have keyvault contributor access.

Overall the goal is allow to add all these properties to the keyvault.

from dicom-server.

Thank you for your reply, I've selected the user principle and am able to add DICOM & FHIR server secrets, But still unable to get the corresponding FHIR resources (Patient's data) in the FHIR service.

Right now, I've not authenticated the DICOM service.
You can see the logs for more details.

from dicom-server.

Did you add the dicom data owner and fhir data contributor roles to that userprinciple on the corresponding dicom and fhir server? Also what is the dicom-audience value you added?

from dicom-server.

Yes, I've added DICOM data owner and FHIR data contributor roles to the user principle. I'm unable to edit the authority and audience value of the DICOM server. So, I'm providing the default dicom-audience value which is provided by Azure.

from dicom-server.

environment credential and workload identity credential are not fully configured:
here is the detailed container log:

info: Microsoft.Health.DicomCast.TableStorage.Features.Storage.TableServiceClientInitializer[0]
      Created Table named 'TransientRetryExceptionTable'
info: Microsoft.Health.DicomCast.TableStorage.Features.Storage.TableServiceClientInitializer[0]
      Table Storage and tables successfully initialized
info: Azure.Identity[1]
      DefaultAzureCredential.GetToken invoked. Scopes: [ https://dc2healthdataservice-dc2fhirservice.fhir.azurehealthcareapis.com ] ParentRequestId: 
info: Azure.Identity[1]
      EnvironmentCredential.GetToken invoked. Scopes: [ https://dc2healthdataservice-dc2fhirservice.fhir.azurehealthcareapis.com ] ParentRequestId: 
info: Azure.Identity[3]
      EnvironmentCredential.GetToken was unable to retrieve an access token. Scopes: [ https://dc2healthdataservice-dc2fhirservice.fhir.azurehealthcareapis.com ] ParentRequestId:  Exception: Azure.Identity.CredentialUnavailableException (0x80131500): EnvironmentCredential authentication unavailable. Environment variables are not fully configured. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/environmentcredential/troubleshoot
info: Azure.Identity[1]
      WorkloadIdentityCredential.GetToken invoked. Scopes: [ https://dc2healthdataservice-dc2fhirservice.fhir.azurehealthcareapis.com ] ParentRequestId: 
info: Azure.Identity[3]
      WorkloadIdentityCredential.GetToken was unable to retrieve an access token. Scopes: [ https://dc2healthdataservice-dc2fhirservice.fhir.azurehealthcareapis.com ] ParentRequestId:  Exception: Azure.Identity.
 (0x80131500): WorkloadIdentityCredential authentication unavailable. The workload options are not fully configured. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/workloadidentitycredential/troubleshoot
info: Azure.Identity[1]
      ManagedIdentityCredential.GetToken invoked. Scopes: [ https://dc2healthdataservice-dc2fhirservice.fhir.azurehealthcareapis.com ] ParentRequestId: 

from dicom-server.

Let me start from the beginning. How are you deploying dicom and fhir? Are you deploying Dicom OSS via app service or you have a managed Dicom and Fhir service?

Setting up authority and audience is needed only of you are deploying oss using app service. You donot need to set up anything if you are using managed dicom service. The only set up you would need is this:
https://github.com/microsoft/dicom-server/blob/main/docs/how-to-guides/sync-dicom-metadata-to-fhir.md#update-key-vault-for-dicom-cast.

You can use this document to reference as well. This document is focused on provisioning dicomcast under private link but it also talks about regular setups needed. https://github.com/microsoft/dicom-server/blob/main/converter/dicom-cast/docs/workingWithPrivateLink.md

from dicom-server.

Hello @poadhika

I'm deploying DICOMCAST with OSS approach. I've already deployed the DICOM service and FHIR service. While deploying DICOMCast with OSS, I'm adding DICOM and FHIR service endpoints.

I've followed this documentation: https://github.com/microsoft/dicom-server/blob/main/docs/how-to-guides/sync-dicom-metadata-to-fhir.md#update-key-vault-for-dicom-cast

I did not get the option in Azure DICOM services for setting up authority and audience, it is available and we could set these two parameters in Azure FHIR service.

There is no documentation defined to set these two parameters (authority and audience) for Azure DICOM services, if you have any other way defined then please suggest.

from dicom-server.