Advanced authorization plugin dicomweb-plugin issue

296 views
Skip to first unread message

Alexandru Mihai Vuta

unread,
Aug 6, 2020, 6:12:42 AM8/6/20
to Orthanc Users
Hello,

I am using the advanced authorization plugin for orthanc that call "in-house" REST API to check authorization, based on Token header value.
Over dicomweb-plugin, this works ok for:
- AUTHZ_UNCHECKED_LEVELS=["patient", "series", "instances"]
I tried to add metadata also, but it seems that it's not a part of DICOM hierarchy.

In my orthanc console I found a strange message: "A validity duration cannot be negative"
image (7).png

What is validity duration message? Is about authorization plugin? My REST API is returning 200 HTTP code for token validation.

Thanks!
Message has been deleted

Sébastien Jodogne

unread,
Aug 17, 2020, 2:11:59 PM8/17/20
to Orthanc Users
I copy/paste here a message that was not properly handled by Google Groups:

Alexandru Mihai Vuta <vers...@gmail.com> 17 August 2020 at 15:35
To: Orthanc Users <orthan...@googlegroups.com>

"Hi, 

Fixed, before I used orthanc 1.5.x version. After upgrading to 1.7.2, authorization plugin do not accept anymore negative values for validity field (inside reponse object).
Now I have another issue that I think is a BUG in advanced authorization plugin.

Using DICOM-WEB plugin, the ADVANCED AUTHORIZATION PLUGIN is not able to secure metdata`s endpoint.
So I have this request made by OHIF viewer over DICOM-WEB plugin, asking for metadatas (got 403):

Authorization was provided via 'Token' header.

Authorization endpoint was called by ORTHANC with these information:

Obviously, my service was not able to allow this request because dicomUid is null. I think that studies/xxx/series/xxx/metadata endpoint is not a part of DICOM hierarchy.
How can I handle this issue?

Thanks!"

Sébastien Jodogne

unread,
Aug 17, 2020, 2:13:01 PM8/17/20
to Orthanc Users
My answer: Please provide a minimal working example so that other people can understand and reproduce your issue:


On Monday, August 17, 2020 at 8:11:59 PM UTC+2, Sébastien Jodogne wrote:
I copy/paste here a message that was not properly handled by Google Groups:

Alexandru Mihai Vuta <vers...@gmail.com> 17 August 2020 at 15:35
To: Orthanc Users <orthanc-users@googlegroups.com>

Alexandru Mihai Vuta

unread,
Aug 18, 2020, 6:27:52 AM8/18/20
to Orthanc Users
Ok, here is a demo project that simulate what I am trying to accomplish in production: https://github.com/alexvuta/orthanc-authorization-service-demo 

Finally I understand how this thing works:
 - if requests are made on /dicom-web/studies/*** endpoint, authorization plugin will provide 'dicom-uid' information in POST payload:
image (11).png

- if requests are made on /dicom-web/studies/***/metadata, no dicom-uid information will be provided in POST payload:
image (12).png
But, here it is not able to get dicom-uid information and we have uri information in payload to make authorization decisions based on url (e.g. get uid from provided url)
I don't get the reason why, since is on the same path (studies) :) 

However, in my example you can reproduce this based on README instructions.
I hope that my github example projec will be usefull for somebody one day.

Thanks!
Pe luni, 17 august 2020, la 21:13:01 UTC+3, s.jo...@gmail.com a scris:
My answer: Please provide a minimal working example so that other people can understand and reproduce your issue:


On Monday, August 17, 2020 at 8:11:59 PM UTC+2, Sébastien Jodogne wrote:
I copy/paste here a message that was not properly handled by Google Groups:

Alexandru Mihai Vuta <vers...@gmail.com> 17 August 2020 at 15:35
To: Orthanc Users <orthan...@googlegroups.com>
Reply all
Reply to author
Forward
0 new messages