dcm4chee-arc-light error during authentication

[Artyom Gordienko]

Hello all.

I've installed dcm4chee-arc-5.22.0-psql-secure as described on https://github.com/dcm4che/dcm4chee-arc-light/wiki/Secure-Archive-UI-and-RESTful-Services-using-Keycloak page.

I tried to use google as identity provider(https://github.com/dcm4che/dcm4chee-arc-light/wiki/Google-as-Identity-Provider), but I got the following error:  

15:22:29,826 ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (default task-1) Failed to make identity provider oauth callback: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target ...

Can someone help me with this issue?

[Vrinda Nayak]

As of now, if you have secured archive with keycloak and configured forwarding of authorization requests using Google as identity provider, then it works only with http protocol. I invested some time today to make this work also with https, but realised two things :

- Securing archive with Keycloak manual setup currently doesn't work with https : Will update the wiki for this

- Once archive is secured to also work with https : This breaks Forwarding of authorization requests using Google as identity provider even with http protocol. : Opened issue

Can't give a time frame, but will try my best

[Artyom Gordienko]

Could you clarify which images you used, please(secure-ui or secure or just arc-light without security)?

Do you mean it works using google as identity provider when you try to log in to http://localhost:8080/dcm4chee-arc/ui2/?

It would be better if I can use docker-images without local installation.

[Vrinda Nayak]

> Could you clarify which images you used, please(secure-ui or secure or just arc-light without security)?

I used both UI and RESTful secured local installation.

> Do you mean it works using google as identity provider when you try to log in to http://localhost:8080/dcm4chee-arc/ui2/?

Yes

> It would be better if I can use docker-images without local installation.

We haven't tried this out with docker setup yet, but you could try following the same steps of creating Identity Provider in Keycloak / Google setup

[Vrinda Nayak]

Both of these issues

- Securing archive with Keycloak manual setup currently doesn't work with https : Will update the wiki for this

- Once archive is secured to also work with https : This breaks Forwarding of authorization requests using Google as identity provider even with http protocol. : Opened issue

are now fixed and the corresponding documentations have been updated.

The secure archive (manual setup) logins should now work also with https as well as logins with Google accounts (using http or https) should work as well. For dockerized version, logins with Google shall be possible once issue is completed.