The value for provider.id won’t affect the OpenID functionality at all. That only distinguishes different instances of provider definitions. The important property for distinguishing authentication methods is auth.method, which must be openid for the XNAT OpenID plugin.
--
Rick Herrick
XNAT Architect/Developer
Computational Imaging Laboratory
Washington University School of Medicine
From:
xnat_di...@googlegroups.com <xnat_di...@googlegroups.com> on behalf of Alastair Ferguson <afer...@arche-type.com.au>
Date: Tuesday, January 25, 2022 at 5:17 PM
To: xnat_discussion <xnat_di...@googlegroups.com>
Subject: [XNAT Discussion] Re: OpenID plugin & XNAT 1.8.3
* External Email - Caution * |
--
You received this message because you are subscribed to the Google Groups "xnat_discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
xnat_discussi...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/xnat_discussion/711f1d44-f36a-4ace-9150-6370a4d35291n%40googlegroups.com.
The materials in this message are private and may contain Protected Healthcare Information or other information of a sensitive nature. If you are not the intended recipient, be advised that any unauthorized use, disclosure, copying or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this email in error, please immediately notify the sender via telephone or return mail.
--
You received this message because you are subscribed to the Google Groups "xnat_discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to xnat_discussi...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/xnat_discussion/cf601ab5-17b6-47fe-a991-8a280831dd0cn%40googlegroups.com.
You received this message because you are subscribed to a topic in the Google Groups "xnat_discussion" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/xnat_discussion/WdTSFMEbEUs/unsubscribe.
To unsubscribe from this group and all its topics, send an email to xnat_discussi...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/xnat_discussion/b07a911f-96d9-4231-a93b-3598fda4fd8dn%40googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/xnat_discussion/935787d7-3850-4cfa-976c-d807bae788fen%40googlegroups.com.
Please, anyone here could help me? I am really stuck on this problem since a lot of days and I do not know how to fix it!
Thank you in advance.Matteo
Il giorno giovedì 13 ottobre 2022 alle 12:26:02 UTC+2 Matteo Riva ha scritto:
Hello everyone,I know that this is a old topic, but I wanted to let you know that I tried to change the line into:openid.redcap-keycloak-client.usernamePattern=[Username](Upper case U instead of u)
But nothing has change unfortunately 🙁 It keeps on creating new users with [providerId]-[sub]!
Someone had any idea?Thank you so much for any help!Matteo
Il giorno mercoledì 28 settembre 2022 alle 13:15:56 UTC+2 Matteo Riva ha scritto:
Hello Alex,I tried to copy the line in the *provider.properties and I tried everything:openid.redcap-keycloak-client.usernamePattern=[username]openid.redcap-keycloak-client.usernamePattern=[preferred_username]openid.redcap-keycloak-client.usernamePattern=[sub]openid.redcap-keycloak-client.usernamePattern=usernameopenid.redcap-keycloak-client.usernamePattern=preferred_username
But nothing has changed 🙁 It keeps on creating new users with [providerId]-[sub]!Matteo
Il giorno martedì 27 settembre 2022 alle 20:19:41 UTC+2 Alex ha scritto:
Hi Matteo,I think that if you don't specify the usernamePattern directive, the plugin is going to create a username based on the default pattern [providerId]_[sub]. I haven't tried different patterns since I was fine with the default. My suggestion is to experiment to see what pattern works for you. Maybe somone else in this group has suggestions based on their experience, I didn't find much documentation on this topic.Alex
On Monday, September 26, 2022 at 3:58:40 PM UTC-4 Matteo Riva wrote:
Hello Alex,Thank you again for your help and your kindness!Now it works properly! Just one last thing: when Keycloak creates a new user in xnat, the username is the ID present in Keycloak (e.g: instead of mriva as username, it creates a user with 12345abcd-keycloak-redcap-xnat username). Should I fix it with the username pattern you said in your last reply?
I hope this will be my last question. Then I think I am finally done with these issues 😀
Again, thank you so much Alex!Matteo
Il lun 26 set 2022, 20:21 Alex <ski...@gmail.com> ha scritto:
Hi Matteo,Good to hear that the plugin is working for you. On my system, once the user is authenticated via OpenID for the first time, a localdb user is created. The following directive forces XNAT to create a user and it is set to false in your config file:openid.providerid.forceUserCreate=trueThe username pattern for these users is defined in the following configuration file directive:openid.providerid.usernamePattern=[providerId]-[sub]Hopefully this will fix the the user creation issue.Thanks,Alex
On Monday, September 26, 2022 at 2:57:58 AM UTC-4 Matteo Riva wrote:
Hello Alex,It works! After the changes you suggested, I can finally login in Xnat with the credentials of Keycloak! Thank you so much Alex!Nevertheless, if I login as admin in order to see if there the new user in Xnat, there isn't the new user in "Users" page. The new user is created in Keycloak and I can login through Keycloak in Xnat, so it works, but the new user is not created in Xnat!Is it normal? If not, how should I fix it? Thank you again!Let me know please!Matteo
Il giorno domenica 25 settembre 2022 alle 22:42:16 UTC+2 Matteo Riva ha scritto:
Hello Alex,I thank you so much!!
Yes, I will try to change those parameters tomorrow and see what happens! I will write for updates 😀
To view this discussion on the web visit https://groups.google.com/d/msgid/xnat_discussion/d86ea842-58e1-4002-9e80-11efd465d4d2n%40googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/xnat_discussion/fadcb287-405f-41d1-b5ea-04a7cc2047b1n%40googlegroups.com.
Hello,I was searching for something in PostgreSQL in order to identify how the users are created in PostgreSQL.Here is what I found using " psql -c "SELECT * FROM xdat_user"login | firstname | lastname | email | primary_password | primary_password_encrypt | quarantine_path | enabled | verified | salt | user_info | xdat_user_id | users_user_xdat_security_xdat_security_idThe strange username (for example, redcap-keycloak-client_9d981443-db6c-4d14-aa16-2bd43227ef34) is under the column "login". I tried to change the column name from "login" to "preferred_username". And...what happened was that a new column was created at the end of the table called again "login" and XNAT was completely broken (it could not even show me the login page)! I tried to change the new "login" column, to delete it, to delete the "preferred_username" column, but everything was useless: XNAT was broken!I had to do a restore of my VM to return to the original situation and now XNAT works again.Anyone had a suggestion, please?Thank you!Matteo
Il giorno martedì 25 ottobre 2022 alle 09:12:09 UTC+2 Matteo Riva ha scritto:
Hello Rick,Thank you again for your reply.
Now there is username, but unfortunately nothing is changing 🙁 Maybe I should change the identification from username to preferred_username in PostgreSQL (since preferred_username is returned by Keycloak). For example, in REDCap I do this (MariaDB):
To view this discussion on the web visit https://groups.google.com/d/msgid/xnat_discussion/b26e27d8-d2bf-4039-8919-eeab187c5f0en%40googlegroups.com.
Hello Rick,
Thank you so much for your reply and your help.
Okay, I will never modify database columns again 😁
The problem is this: if I go to Administer --> Users, instead of a normal username, I see that "strange" one.In summary, I would like to see a "normal" username (for example, username), present in Keycloak, instead of that long string (redcap-keycloak-client_9d981443-db6c-4d14-aa16-2bd43227ef34).But, as you suggested, maybe it is better to not care about it. After all, if I try to login with the OpenID, I still enter in XNAT normally and the first and the last names are correctly shown up:
Thank you also for telling me the good new! I am sure it can be so useful 😀Cheers,Matteo
Il giorno mercoledì 26 ottobre 2022 alle 00:58:33 UTC+2 Rick Herrick ha scritto:
My suggestion would be to avoid renaming database columns 😀 The reason your XNAT was broken was because XNAT looks for the login column to find users’ login names. The names of columns aren’t a configuration option, they’re where XNAT goes to find configuration options. If the columns are renamed it can’t find the info it needs to work properly. XNAT recognized that the table structure didn’t match what it expected and tried to recover by adding the login column back to the table, but then that would fail because each row must have a unique value for that column but they’re all set to the same value (null) so everything would explode at that point.
To view this discussion on the web visit https://groups.google.com/d/msgid/xnat_discussion/d2c3422c-1449-49cb-8a3b-1ee17b964755n%40googlegroups.com.