Wasis image loading issue "Failed to verify token: org.keycloak.exceptions"

[romeokaka]

Hi,

I have deployed successfully dcm4chee arc light 5.15.1. Every configuration is working fine including export rule to send data to central archive.The wan link is if 4mb. On accessing of Weasis from central PACS site I am facing the issue while loading CT study having images more than 600.The error comes after successfully downloading more than half of CT data.  Weasis shows network error. Screen shot is attached.  The log shows the following error.

2019-05-24 15:16:56,416 ERROR [org.keycloak.adapters.BearerTokenRequestAuthenticator] (default task-7) Failed to verify token: org.keycloak.exceptions.TokenNotActiveException: Token is not active

        at org.keycloak.TokenVerifier$2.test(TokenVerifier.java:86)
        at org.keycloak.TokenVerifier.verify(TokenVerifier.java:466)
        at org.keycloak.adapters.rotation.AdapterTokenVerifier.verifyToken(AdapterTokenVerifier.java:54)
        at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticateToken(BearerTokenRequestAuthenticator.java:103)
        at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticate(BearerTokenRequestAuthenticator.java:88)
        at org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:68)
        at org.keycloak.adapters.elytron.ElytronRequestAuthenticator.authenticate(ElytronRequestAuthenticator.java:44)
        at org.keycloak.adapters.elytron.KeycloakHttpServerAuthenticationMechanism.evaluateRequest(KeycloakHttpServerAuthenticationMechanism.java:96)
        at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:119)
        at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:84)
        at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:232)
        at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$800(HttpAuthenticator.java:211)
        at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:95)
        at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:93)
        at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)
        at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
        at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
        at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
        at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
        at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
        at org.keycloak.adapters.elytron.KeycloakServletExtension.lambda$null$0(KeycloakServletExtension.java:39)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
        at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
        at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
        at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
        at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
        at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)

        at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java

Thanks.

[Abdul Basit]

Please help to solve this issue. Waiting...

--
You received this message because you are subscribed to the Google Groups "dcm4che" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dcm4che+u...@googlegroups.com.
To post to this group, send email to dcm...@googlegroups.com.
Visit this group at https://groups.google.com/group/dcm4che.
To view this discussion on the web visit https://groups.google.com/d/msgid/dcm4che/16a1d2ca-e335-4e3e-b3ab-0a498381eb4d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Abdul Basit]

Hi,

Please guide to solve this problem.

[vrinda nayak]

This issue was already discussed. By default configuration, the Access Token Lifespan is 5 mins. Currently there is no possibility for Archive UI to pass the refresh token to Weasis or vice-versa Weasis requesting for refresh token from Archive UI, once the current Access Token has expired. A more correct way of achieving this would have been if Weasis can directly get token from Keycloak, wherein the adapter then also checks for refresh token, but I think currently this is not available in Weasis.

As a workaround for your case, you may change/increase the Access Token Lifespan value corresponding to SSO Session Idle. See attached realm settings.

To unsubscribe from this group and stop receiving emails from it, send an email to dcm...@googlegroups.com.

[romeokaka]

Hi vrinda,

Acknowledged and thank you for support.

One more question related to weasis image loading.

Archive is configured to save images in compressed format (JPEG Lossless, Non-Hierarchical, First-Order Prediction (Process 14 [Selection Value 1]) but when weasis load images the logs shows that the instances are converted to  Implicit VR Little Endian. Is there any way to accept compressed instances from weasis side. As this will fast the transfer of images over slower link.

Logs:

2019-05-28 17:19:43,217 INFO  [org.dcm4che3.net.Dimse] (EE-ManagedExecutorService-default-Thread-189) DCM4CHEE<-PACS-CONNECTOR(647) << 1:C-FIND-RSP[pcid=1, status=ff00H
  cuid=1.2.840.10008.5.1.4.1.2.2.1 - Study Root Query/Retrieve Information Model - FIND
  tsuid=1.2.840.10008.1.2 - Implicit VR Little Endian]
2019-05-28 17:19:43,217 INFO  [org.dcm4che3.net.Dimse] (EE-ManagedExecutorService-default-Thread-189) DCM4CHEE<-PACS-CONNECTOR(647) << 1:C-FIND-RSP[pcid=1, status=0H
  cuid=1.2.840.10008.5.1.4.1.2.2.1 - Study Root Query/Retrieve Information Model - FIND
  tsuid=1.2.840.10008.1.2 - Implicit VR Little Endian]
2019-05-28 17:19:43,217 INFO  [org.dcm4che3.net.Association] (EE-ManagedExecutorService-default-Thread-188) DCM4CHEE<-PACS-CONNECTOR(647) >> A-RELEASE-RQ
2019-05-28 17:19:43,217 INFO  [org.dcm4che3.net.Association] (EE-ManagedExecutorService-default-Thread-188) DCM4CHEE<-PACS-CONNECTOR(647) << A-RELEASE-RP
2019-05-28 17:19:43,217 INFO  [stdout] (pool-10-thread-4)

Regards,

[Abdul Basit]

Needs guidance.

To unsubscribe from this group and stop receiving emails from it, send an email to dcm4che+u...@googlegroups.com.

To post to this group, send email to dcm...@googlegroups.com.
Visit this group at https://groups.google.com/group/dcm4che.

To view this discussion on the web visit https://groups.google.com/d/msgid/dcm4che/14185d3d-0e6e-4323-a67b-8ec47e6a0f06%40googlegroups.com.

[Nicolas Roduit]

if you follow the instructions described here, you need to configure dicom-dcm4chee-arc.properties. "wado.addparams=&transferSyntax=*" will allow downloading all the syntaxes => that means the compression type of the remote archive.