Keycloak and XNAT

[Matteo Riva]

Goodmorning everyone,

I am trying to create an OpenID Connection SSO in XNAT using Keycloak.

I have already installed the plugin:

https://bitbucket.org/xnatx/openid-auth-plugin/src/develop/

But I do not know how to change the parameters in order to tell XNAT that I want Keycloak and not Google, AAF, etc. I think I should change these parameters:

#

# xnat-openid-auth-plugin: openid-provider-sample-AAF.properties

#

# Copy to $XNAT_HOME/config/auth as 'openid-provider.properties'

#

#

# Needs to be 'openid'

auth.method=openid

type=openid

provider.id=openid

visible=true

auto.enabled=true

auto.verified=true

# Name displayed in the UI

name=OpenID Authentication Provider

# Toggle username & password login visibility

disableUsernamePasswordLogin=false

# List of providers that appear on the login page, see options below.

enabled=aaf

# Site URL - the main domain, needed to build the pre-established URL below.

siteUrl=

preEstablishedRedirUri=/openid-login

# AAF OpenID

openid.aaf.clientId=

openid.aaf.clientSecret=

openid.aaf.accessTokenUri=https://central.test.aaf.edu.au/providers/op/token

openid.aaf.userAuthUri=https://central.test.aaf.edu.au/providers/op/authorize

openid.aaf.scopes=openid,profile,email

openid.aaf.link=<p>To sign-in using your AAF credentials, please click on the button below.</p><p><a href="/openid-login?providerId=aaf"><img src="/images/aaf_service_223x54.png" /></a></p>

# Flag that sets if we should be checking email domains

openid.aaf.shouldFilterEmailDomains=true

# Domains below are allowed to login, only checked when 'shouldFilterEmailDomains' is true

openid.aaf.allowedEmailDomains=redboxresearchdata.com.au

# Flag to force the user creation process, normally this should be set to true

openid.aaf.forceUserCreate=true

# Flag to set the enabled property of new users, set to false to allow admins to manually enable users before allowing logins, set to true to allow access right away

openid.aaf.userAutoEnabled=false

# Flag to set the verified property of new users

openid.aaf.userAutoVerified=false

# Property names to use when creating users

openid.aaf.emailProperty=email

openid.aaf.givenNameProperty=name

openid.aaf.familyNameProperty=deliberately_unknown_property

(I took the text above from the file openid-provider-sample-AAF.properties)

Can someone help me please? Maybe with an example or a new file with "Keycloak parameters". Anything would be useful.

Thank you so much in advance.

Matteo

[Matteo Riva]

P.S: I have a JSON file from Keycloak with all realm and resource specifications. Could it be helpful?