OpenID plugin for XNAT

[Alastair Ferguson]

HI there,

I know there was some work done on an OpenID plugin for XNAT 1.7.5 - I was just wondering what the roadmap is for this plugin?

Is it likely to be introduced anytime soon?

Let me know.

Thanks,

Alastair Ferguson

[Tom Close]

Hi Alastair,

The plugin has been completed and is just waiting on 1.7.5 to be released.

Rick is planning to alter the plugin slightly to improve its integration with changes made in 1.7.5 but my understanding is that they should be ready when 1.7.5 is.

Cheers,

Tom

[Alastair Ferguson]

That’s great news.

Thanks!

Alastair Ferguson
Founder
Azure and AWS Certified Solutions Architect
Arche-type Australia Pty Ltd
1300 30 99 34
https://arche-type.com.au

Microsoft 365 and Office 365 Discounts - Read More

-- 
You received this message because you are subscribed to a topic in the Google Groups "xnat_discussion" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/xnat_discussion/etRg5Ra2XE4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to xnat_discussi...@googlegroups.com.
To post to this group, send email to xnat_di...@googlegroups.com.
Visit this group at https://groups.google.com/group/xnat_discussion.
To view this discussion on the web visit https://groups.google.com/d/msgid/xnat_discussion/8cea3f7b-99f9-44a8-9b66-ba8045ec8da9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Verónica García]

Hi Tom, 

Related to authentication protocols, do you know if there is any plugin for supporting SAML 2.0 as well?

Best,

Verónica.

[M. TopKat]

Hi Tom,

Any idea when release 1.7.5 will be available? Or perhaps if a Release candidate is already available from download?

Regards,

Topkat

Op dinsdag 18 september 2018 06:40:50 UTC+2 schreef Tom Close:

[Michael McKay]

Today. We just released it. Sorry for the delay.

-Mike

[M. TopKat]

Hi Mike,

Thanx. I will install 175.1 ASAP.

Is the openID plugin working with 1.7.5.1? Or should we wait for an update of the plugin?

Regards,
TopKat

Op vrijdag 18 januari 2019 00:06:38 UTC+1 schreef Michael McKay:

[Tom Close]

@TopKat: I will chase this up now that 1.7.5 has been released and get back to you

@Veronica: Sorry, I didn't see your message. We were weighing up whether to go with OpenID connect or SAML for the plugin, especially as our target federation only had beta support for OpenID Connect at the time. But the ability to connect to FB/Google swayed the decision in the end. So in short no, we don't have plans for a SAML plugin, sorry.

[M. TopKat]

Hi Tom,

I saw some updates on https://github.com/qcif/xnat-openid-auth-plugin, so I just tried to install the OpenID plugin with XNAT 1.7.5.1 and it is working :)

But... of course there is a but.

First:

When a user logs in using OpenID a new UserID is created, but the properties like last_name, first_name, email are not filled in from the IdP. They stay empty. Is it possible to use the properties provided by the IdP?

Second:

The UserID (for XNAT) created uses the 'sub' property from the IdP. Is it possible to use another property from the IdP. For instance if the openid.oidc.username has a value you could use this one. If it doesn't have a value you generate the UserID as you do now.

In the openid-provider.properties is changed:

provider.id=openid
# Property names to use when creating users
openid.oidc.username=uids
openid.oidc.emailProperty=email
openid.oidc.givenNameProperty=given_name
openid.oidc.familyNameProperty=sn

Regards,

Guido

Op maandag 21 januari 2019 08:07:11 UTC+1 schreef Tom Close:

[M. TopKat]

Hi,

The UserInfo can be found in the UserInfo response header:

https://rograce.github.io/openid-connect-documentation/explore_auth_code_flow#userinfo-successful-response

I'm not a java programmer, otherwise I would have a look at the plugin myself.

Of course I'm willing to test the plugin.

Regards,

Guido

Op maandag 11 februari 2019 11:03:17 UTC+1 schreef M. TopKat:

[Marcel Koek]

Our OIDC IdP does not return the userinfo via the id_token either (this is perfectly within oidc spec BTW). As far as I can see, the oidc plugin delegates dealing with this to the spring security oauth library. This oauth library is perfectly capably of requesting the userinfo from the userinfo endpoint if not returned via the id_token but requested in the scope (email, profle, etc...). The filter has to be told where to find the userinfo endpoint, so the only thing missing here is configuring the userinfo endpoint in the sprint security oauth filter. I am not a java developer or spring security expert either, so I don't know where to start.

Hopefully this is easy to do. Anyone any ideas?

[Tom Close]

Sorry, I still haven't got around to testing the OIDC plugin with 1.7.5 yet and am not a Java developer myself. I will contact the guys who developed the plugin and see whether this is possible. I have a vague recollection of a discussion around importing these attributes, but can't remember the details.