XNAT 1.8.7 and OpenID Plugin 1.3.0

[Zachary Deering]

I'm attempting to use the OpenID plugin version 1.3.0 with the latest XNAT, 1.8.7, and experiencing issues. The configuration all works with version 1.2.0, but will not work with 1.3.0.

The openid-provider.conf file looks like this:

auth.method=openid

type=openid

provider.id=openid

visible=true

auto.enabled=true

auto.verified=true

name=OpenID Authentication Provider

disableUsernamePasswordLogin=false

enabled=shib

siteUrl=https://xnat.pm.jh.edu

preEstablishedRedirUri=/openid-login

openid.shib.clientId=<client-id>

openid.shib.clientSecret=<client-secret>

openid.shib.accessTokenUri=https://idp.jh.edu/idp/profile/oidc/token

openid.shib.userAuthUri=https://idp.jh.edu/idp/profile/oidc/authorize

openid.shib.userInfoUri= https://idp.jh.edu/idp/profile/oidc/userinfo

openid.shib.scopes=openid,info,profile,email,address,phone

openid.shib.link=<div id="login_box"><form id="login_form" class="noHide friendlyForm"><p>Click the button below to login with your Johns Hopkins information.</p><p><a href="/openid-login?providerId=shib" class="submit btn">Johns Hopkins Login</a></p></form></div>

openid.shib.shouldFilterEmailDomains=false

openid.shib.forceUserCreate=true

openid.shib.userAutoEnabled=true

openid.shib.userAutoVerified=true

openid.shib.pkceEnabled=true

openid.shib.emailProperty=verified_email

openid.shib.familyNameProperty=sn

openid.shib.givenNameProperty=givenname

openid.shib.usernamePattern=[uid]

However, when 1.3.0 of the plugin is loaded, no second login box appears on the login screen like it does with 1.2.0. I cannot find any log messages that indicate anything is wrong, it simply doesn't work.

Thanks,

Zach

[Rick Herrick]

Hey Zach,

You need to make a couple changes:

• In your provider properties, change provider.id=openid to provider.id=shib (the value for provider.id needs to match the value in the openid.xxx.property lines later)
• Update your enabled providers setting to include shib instead of openid

Technically, you should also set visible=true to visible=false, but I think the openid plugin just automatically sets visible to false without even looking at the value in the properties file.

That should get your login link displaying properly...

Rick Herrick

Senior Software Developer

rickh...@flywheel.io

------ Original Message ------

From "Zachary Deering" <zpde...@gmail.com>

To "xnat_discussion" <xnat_di...@googlegroups.com>

Date 3/17/2023 12:50:00 PM

Subject [XNAT Discussion] XNAT 1.8.7 and OpenID Plugin 1.3.0

--
You received this message because you are subscribed to the Google Groups "xnat_discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to xnat_discussi...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/xnat_discussion/d31561e2-83de-4f47-8a8a-97a7e229a6c4n%40googlegroups.com.

[Zachary Deering]

Thanks Rick! That took care of it - I had been following the examples at https://bitbucket.org/xnatx/openid-auth-plugin/src/develop/src/main/resources/ and didn't see anything indicating otherwise. Your help is much appreciated!

Zach