DCM4CHEE-ARC v5.14.1 - forbidden, but can log in ** SOLVED **

237 views
Skip to first unread message

Docjay

unread,
Nov 7, 2018, 3:08:48 PM11/7/18
to dcm...@googlegroups.com
OS:  Centos 7
Archive version:  5.14.1
MYSQL 8
ApacheDS
Wildfly 11
KeyCloak 4.1.0

Firewall is disabled
SELinux is disabled

I've setup the the secured UI v5.14.1.  The installation went okay, I can connect to apachedDS fine with Directory Studio, but when I log into the archive, it doesn't present with the studies page and I don't see anything under Devices tab inside 'Configuration'.  It seems as if it's not talking to LDAP, but I don't see any errors in my log file to point me in that direction.

I've uploaded a screenshot of what I see and also the console from the browser.  I've also attached the server log from start to finish.
D4C5 forbidden.JPG
d4clog.txt

gunterze

unread,
Nov 12, 2018, 7:19:20 AM11/12/18
to dcm4che
Add LOG Category
            <logger category="org.keycloak" use-parent-handlers="true">
                <level name="DEBUG"/>
            </logger>

on the Wildfly instance, were you deployed the archive, to see debug messages of the keycloak adapter, e.g:

2018-11-12 13:07:42,832 DEBUG [org.keycloak.adapters.elytron.KeycloakHttpServerAuthenticationMechanism] (default task-1) Evaluating request for path [http://test-ng:8080/dcm4chee-arc/ui2/]
2018-11-12 13:07:42,832 DEBUG [org.keycloak.adapters.PreAuthActionsHandler] (default task-1) adminRequest http://test-ng:8080/dcm4chee-arc/ui2/
2018-11-12 13:07:42,833 DEBUG [org.keycloak.adapters.elytron.ElytronSessionTokenStore] (default task-1) Account was not in session, returning null
2018-11-12 13:07:42,833 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-1) there was no code
2018-11-12 13:07:42,833 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-1) redirecting to auth server
2018-11-12 13:07:42,833 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-1) callback uri: http://test-ng:8080/dcm4chee-arc/ui2/
2018-11-12 13:07:42,833 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-1) Sending redirect to login page: https://test-ng:8843/auth/realms/dcm4che/protocol/openid-connect
/auth?response_type=code&client_id=dcm4chee-arc-ui&redirect_uri=http%3A%2F%2Ftest-ng%3A8080%2Fdcm4chee-arc%2Fui2%2F&state=1aae0247-9ee7-4d4f-9972-5b9be80e9c4b&login=true&scope=openid
2018-11-12 13:07:48,394 DEBUG [org.keycloak.adapters.elytron.KeycloakHttpServerAuthenticationMechanism] (default task-1) Evaluating request for path [http://test-ng:8080/dcm4chee-arc/ui2/?state
=1aae0247-9ee7-4d4f-9972-5b9be80e9c4b&session_state=9c6dfe19-2449-438d-9370-8305ca52bcef&code=eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..bIjTh2QF8vtP7Lv5cJtqpQ.a2uiLpa3REq-Y4cZ__UVtIUdnmN
qjBdU14aWJrCrPUJEcTY6FhfCAsyKadPJpf9Bd-NM2LmfjpUDDnDkq3TWp8RnJazIH25d7RJ5q844AnuQkkwq3Rf1uqb3m-rCE0arYrLpFLPnQnkgaMfS8el3jS--llo3NWZOLpMqN8JXq98Xq7qTjaI_1Z23xwySmMj2kJqQnE-djK8-9NCh5zaOiLljUqbl
_i-bzlyu1RCgM0IXjivbamlxo7_DG9MY3ysL.IEdl_vpiDEVv2rLQ5Qbo5g]
2018-11-12 13:07:48,394 DEBUG [org.keycloak.adapters.PreAuthActionsHandler] (default task-1) adminRequest http://test-ng:8080/dcm4chee-arc/ui2/?state=1aae0247-9ee7-4d4f-9972-5b9be80e9c4b&sessio
n_state=9c6dfe19-2449-438d-9370-8305ca52bcef&code=eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..bIjTh2QF8vtP7Lv5cJtqpQ.a2uiLpa3REq-Y4cZ__UVtIUdnmNqjBdU14aWJrCrPUJEcTY6FhfCAsyKadPJpf9Bd-NM2Lm
fjpUDDnDkq3TWp8RnJazIH25d7RJ5q844AnuQkkwq3Rf1uqb3m-rCE0arYrLpFLPnQnkgaMfS8el3jS--llo3NWZOLpMqN8JXq98Xq7qTjaI_1Z23xwySmMj2kJqQnE-djK8-9NCh5zaOiLljUqbl_i-bzlyu1RCgM0IXjivbamlxo7_DG9MY3ysL.IEdl_vp
iDEVv2rLQ5Qbo5g
2018-11-12 13:07:48,394 DEBUG [org.keycloak.adapters.elytron.ElytronSessionTokenStore] (default task-1) Account was not in session, returning null
2018-11-12 13:07:48,394 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-1) there was a code, resolving
2018-11-12 13:07:48,394 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-1) checking state cookie for after code
2018-11-12 13:07:48,394 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-1) ** reseting application state cookie
2018-11-12 13:07:48,457 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-1) Verifying tokens
2018-11-12 13:07:48,458 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-1) Token Verification succeeded!
2018-11-12 13:07:48,458 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-1) successful authenticated
2018-11-12 13:07:48,468 DEBUG [org.keycloak.adapters.RequestAuthenticator] (default task-1) User '6488bd2c-90c7-4489-9d2b-f7ab5b9ee389' invoking 'http://test-ng:8080/dcm4chee-arc/ui2/?state=1aa
e0247-9ee7-4d4f-9972-5b9be80e9c4b&session_state=9c6dfe19-2449-438d-9370-8305ca52bcef&code=eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..bIjTh2QF8vtP7Lv5cJtqpQ.a2uiLpa3REq-Y4cZ__UVtIUdnmNqjBd
U14aWJrCrPUJEcTY6FhfCAsyKadPJpf9Bd-NM2LmfjpUDDnDkq3TWp8RnJazIH25d7RJ5q844AnuQkkwq3Rf1uqb3m-rCE0arYrLpFLPnQnkgaMfS8el3jS--llo3NWZOLpMqN8JXq98Xq7qTjaI_1Z23xwySmMj2kJqQnE-djK8-9NCh5zaOiLljUqbl_i-b
zlyu1RCgM0IXjivbamlxo7_DG9MY3ysL.IEdl_vpiDEVv2rLQ5Qbo5g' on client 'dcm4chee-arc-ui'
2018-11-12 13:07:48,469 DEBUG [org.keycloak.adapters.RequestAuthenticator] (default task-1) AUTHENTICATED
2018-11-12 13:07:48,469 DEBUG [org.keycloak.adapters.AuthenticatedActionsHandler] (default task-1) AuthenticatedActionsValve.invoke http://test-ng:8080/dcm4chee-arc/ui2/?state=1aae0247-9ee7-4d4
f-9972-5b9be80e9c4b&session_state=9c6dfe19-2449-438d-9370-8305ca52bcef&code=eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..bIjTh2QF8vtP7Lv5cJtqpQ.a2uiLpa3REq-Y4cZ__UVtIUdnmNqjBdU14aWJrCrPUJEc
TY6FhfCAsyKadPJpf9Bd-NM2LmfjpUDDnDkq3TWp8RnJazIH25d7RJ5q844AnuQkkwq3Rf1uqb3m-rCE0arYrLpFLPnQnkgaMfS8el3jS--llo3NWZOLpMqN8JXq98Xq7qTjaI_1Z23xwySmMj2kJqQnE-djK8-9NCh5zaOiLljUqbl_i-bzlyu1RCgM0IXji
vbamlxo7_DG9MY3ysL.IEdl_vpiDEVv2rLQ5Qbo5g
2018-11-12 13:07:48,469 DEBUG [org.keycloak.adapters.AuthenticatedActionsHandler] (default task-1) Policy enforcement is disabled.
2018-11-12 13:07:48,475 DEBUG [org.keycloak.adapters.elytron.KeycloakHttpServerAuthenticationMechanism] (default task-1) Evaluating request for path [http://test-ng:8080/dcm4chee-arc/ui2/]
2018-11-12 13:07:48,475 DEBUG [org.keycloak.adapters.PreAuthActionsHandler] (default task-1) adminRequest http://test-ng:8080/dcm4chee-arc/ui2/
2018-11-12 13:07:48,475 DEBUG [org.keycloak.adapters.elytron.ElytronAccount] (default task-1) session is active
2018-11-12 13:07:48,475 DEBUG [org.keycloak.adapters.elytron.ElytronSessionTokenStore] (default task-1) Cached account found
2018-11-12 13:07:48,483 DEBUG [org.keycloak.adapters.RequestAuthenticator] (default task-1) AUTHENTICATED: was cached
:
2018-11-12 13:07:49,088 DEBUG [org.keycloak.adapters.elytron.KeycloakHttpServerAuthenticationMechanism] (default task-5) Evaluating request for path [http://test-ng:8080/dcm4chee-arc/monitor/se
rverTime]
2018-11-12 13:07:49,088 DEBUG [org.keycloak.adapters.PreAuthActionsHandler] (default task-5) adminRequest http://test-ng:8080/dcm4chee-arc/monitor/serverTime
2018-11-12 13:07:49,088 DEBUG [org.keycloak.adapters.BearerTokenRequestAuthenticator] (default task-5) Verifying access_token
2018-11-12 13:07:49,089 DEBUG [org.keycloak.adapters.BearerTokenRequestAuthenticator] (default task-5) successful authorized
2018-11-12 13:07:49,090 DEBUG [org.keycloak.adapters.RequestAuthenticator] (default task-3) AUTHENTICATED: was cached

Docjay

unread,
Nov 12, 2018, 11:20:36 AM11/12/18
to dcm...@googlegroups.com
Gunter,

   thanks for the reply.  I've enabled DEBUG mode and uploaded a clean log file.  Nothing stands out to me, but maybe you can see something I didn't catch? 


server.-keycloak-debuglog

Gunter Zeilinger

unread,
Nov 13, 2018, 3:18:26 AM11/13/18
to dcm...@googlegroups.com
Guess you deployed the full secured version, which requires authentication for the UI and the RESTful services, and not the version with only secured UI:

2018-11-07 11:49:55,778 INFO  [org.jboss.as.server.deployment] (MSC service thread 1-3) WFLYSRV0027: Starting deployment of "dcm4chee-arc-ear-5.14.1-mysql-secure.ear" (runtime-name: "dcm4chee-arc-ear-5.14.1-mysql-secure.ear")

without adding an entry for the Web Application (dcm4chee-arc-war-5.14.1-secure.war) providing the RESTful services for the Keycloak adapter configuration of Wildfly (s. https://github.com/dcm4che/dcm4chee-arc-light/wiki/Installation-and-Configuration#wildfly-configuration point 20)

On Mon, Nov 12, 2018 at 5:20 PM Docjay <jlhe...@gmail.com> wrote:
Gunter,

   thanks for the reply.  I've enabled DEBUG and uploaded my clean log file.  Nothing stands out to me, but maybe you can see something I didn't catch? 

--
You received this message because you are subscribed to the Google Groups "dcm4che" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dcm4che+unsubscribe@googlegroups.com.
To post to this group, send email to dcm...@googlegroups.com.
Visit this group at https://groups.google.com/group/dcm4che.
For more options, visit https://groups.google.com/d/optout.

Docjay

unread,
Nov 13, 2018, 11:12:28 AM11/13/18
to dcm4che
Gunter,

    Yep, that was it, you nailed it.  I downloaded the wrong .zip file from sourceforge.  Thank you so much for helping me troubleshoot that!

Jamie
Reply all
Reply to author
Forward
0 new messages