Skip to first unread message
Алексей Потёмин
Mar 3, 2020, 4:34:25 AM3/3/20
to dcm4che
Hello all
I deployed services on docker-compose using the manual Run secured archive services on a single host and Getting-OIDC-Access-Token-using-curl . Tried different versions of images but got the same problem. When i use the token in HTTP requests I get an error "Forbidden", after 5 minutes the token expires and I get "Unauthorized" means authentication is happening. Tried without Keycloak everything worked fine. maybe some kind of problem in the iptables or somewhere else.
now i use this:
dcm4che/slapd-dcm4chee:2.4.44-19.0
dcm4che/keycloak:7.0.0
dcm4che/postgres-dcm4chee:12.0-19
dcm4che/dcm4chee-arc-psql:5.19.0-secure
everything is configured according to the instructions from the github
I will be glad to any ideas, thanks.
Gunter Zeilinger
Mar 3, 2020, 4:36:01 AM3/3/20
to dcm...@googlegroups.com
Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
--You received this message because you are subscribed to the Google Groups "dcm4che" group.To unsubscribe from this group and stop receiving emails from it, send an email to dcm4che+u...@googlegroups.com.To view this discussion on the web visit https://groups.google.com/d/msgid/dcm4che/f5b51ae6-9e73-40b5-8a65-4e331b4b07d2%40googlegroups.com.
Алексей Потёмин
Mar 3, 2020, 5:01:56 AM3/3/20
to dcm4che
Thanks for the answer, but I use 5.19.0-secure and tried 5.21.0-secure,the error is always the same.
what should I do? configure those roles?
вторник, 3 марта 2020 г., 15:36:01 UTC+6 пользователь gunterze написал:
Gunter Zeilinger
Mar 3, 2020, 5:12:11 AM3/3/20
to dcm...@googlegroups.com
Did you assign the user role "user" to the user, you used for authentication?
--You received this message because you are subscribed to the Google Groups "dcm4che" group.To unsubscribe from this group and stop receiving emails from it, send an email to dcm4che+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dcm4che/3ae924c4-5b5c-4505-80f7-89fc22ecd2e5%40googlegroups.com.
Алексей Потёмин
Mar 3, 2020, 5:19:31 AM3/3/20
to dcm4che
вторник, 3 марта 2020 г., 16:12:11 UTC+6 пользователь gunterze написал:
Gunter Zeilinger
Mar 3, 2020, 5:37:54 AM3/3/20
to dcm...@googlegroups.com
Did you used the same URL (particular same protocol, hostname and port) for fetching the token from keycloak as you configured as AUTH_SERVER_URL of the archive?
--You received this message because you are subscribed to the Google Groups "dcm4che" group.To unsubscribe from this group and stop receiving emails from it, send an email to dcm4che+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dcm4che/d41a9711-0df2-4873-b687-a07e1cdb85e9%40googlegroups.com.
Алексей Потёмин
Mar 3, 2020, 6:00:26 AM3/3/20
to dcm4che
I did like this:
вторник, 3 марта 2020 г., 16:37:54 UTC+6 пользователь gunterze написал:
RESULT=`curl -k --data "grant_type=client_credentials&client_id=curl&client_secret=secret_of_curl_client" https://my_public_ip:8843/auth/realms/dcm4che/protocol/openid-connect/token`
TOKEN=`echo $RESULT | sed 's/.*access_token":"\([^"]*\).*/\1/'`
curl -H "Authorization: Bearer $TOKEN" http://my_public_ip:8080/dcm4chee-arc/aets/DCM4CHEE/rs/studies
https://my_public_ip:8843/auth is written in file docker-compose.env and correctly visible when I run docker inspect dcm4chee-composer_arc_1
вторник, 3 марта 2020 г., 16:37:54 UTC+6 пользователь gunterze написал:
Gunter Zeilinger
Mar 3, 2020, 6:05:32 AM3/3/20
to dcm...@googlegroups.com
Is there any ERROR or WARN message in the server.log of the archive?
--You received this message because you are subscribed to the Google Groups "dcm4che" group.To unsubscribe from this group and stop receiving emails from it, send an email to dcm4che+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dcm4che/3ff41bf1-bdc9-40e9-a42f-05014e81d8f5%40googlegroups.com.
Алексей Потёмин
Mar 3, 2020, 9:38:57 AM3/3/20
to dcm4che
вторник, 3 марта 2020 г., 17:05:32 UTC+6 пользователь gunterze написал:
Is there any ERROR or WARN message in the server.log of the archive?
Yes, found it
2020-03-03 20:30:01,187 WARN [org.keycloak.adapters.RequestAuthenticator] (default task-10) SSL is required to authenticate. Remote address 37.150.108.15 is secure: false, SSL required for: EXTERNAL .
why does it require ssl, what can I do with it?
Алексей Потёмин
Mar 3, 2020, 10:44:11 PM3/3/20
to dcm4che
Yes, found it2020-03-03 20:30:01,187 WARN [org.keycloak.adapters.RequestAuthenticator] (default task-10) SSL is required to authenticate. Remote address 37.150.108.15 is secure: false, SSL required for: EXTERNAL .why does it require ssl, what can I do with it?
i found how configure it , in .env file add "SSL_REQUIRED=none" but..it's ok? what are the security risks actually?
can you explain to me exactly where the SSL should be, a question for everyone who has experience deploying dcm4chee
gunterze
Mar 4, 2020, 3:27:45 AM3/4/20
to dcm4che
Does using https also for accessing the RESTful service of the archive works with default SSL_REQUIRED=EXTERNAL?
Thought, SSL_REQUIRED=EXTERNAL only prevents to use a plain TCP connection to keycloak (AUTH_SERVER_URL) in public networks - you may post the question in the keycloak forum: https://keycloak.discourse.group .
Алексей Потёмин
Mar 4, 2020, 4:08:16 AM3/4/20
to dcm4che
if i use SSL_REQUIRED=EXTERNALand https requests I got this error:
vet...@gmail.com
Dec 27, 2020, 11:35:25 AM12/27/20
to dcm4che
Hi, I have the same types of errors. I've try to add the SSL_REQUIRED=none in the .env file but I didn't change.
Can you help me to access the log file on the docker version ?
Reply all
Reply to author
Forward
0 new messages