Skip to content

Secured Archive Non TLS

Vrinda edited this page Mar 27, 2023 · 1 revision

This is available only from archive version 5.13.1 onwards.

Refer Forwarding for unsecured archive non TLS for doing the basic configuration. Ensure Secured Archive configurations are done for both archives. The following configuration are explained with the assumption that two archives are connected to two different Keycloaks.

A Keycloak Client child object shall be configured on Archive 2. This shall be referenced in the Web Application configured on Archive 2. The Keycloak Client ID that is used shall correspond to the client configured/created in dcm4che realm of Keycloak 2.

Configuration

Keycloak Configuration : Keycloak 2 (used for authentication of Archive 2)

  • Create a new Client test in dcm4che realm. This configuration is used only for the sake of accessing the token.

            Client Id : test  (This will be required for dcmKeycloakClientID in LDAP Configuration)
            Access Type : Confidential
            Service Accounts Enabled : ON
            Standard Flow Enabled : OFF
            Note down its Secret-Key under the Credentials tab (This will be required for dcmKeycloakClientSecret in LDAP Configuration)
    
  • Once the client is created, go to the Service Account Roles tab and assign the role user.

Wildfly Configuration

  • Install keycloak-admin-client library as JBoss modules. Replace 5.x.x with correct version number.

      > cd  $WILDFLY_HOME
      > unzip $DCM4CHEE_ARC/jboss-modules/dcm4che-jboss-modules-5.x.x.zip
    

The keycloak-admin-client is part of the dcm4che-jboss-modules-5.x.x.zip. Ensure you have keycloak-admin-client folder within $DCM4CHEE_ARC/modules/org location.

LDAP Configuration

One may either

  • create a LDIF file (e.g.):

      version: 1
      dn: cn=RS Forward,dicomDeviceName=dcm4chee-arc,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
      objectClass: dcmRSForwardRule
      cn: RS Forward
      dcmWebAppName: archive2WebApp
      dcmRSOperation: CreatePatient
      dcmRSOperation: UpdatePatient
      dcmRSOperation: DeletePatient
      -
      
      dn: dcmKeycloakClientID=test,dicomDeviceName=dcm4chee-arc2,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
      objectClass: dcmKeycloakClient
      dcmKeycloakClientID: test
      dcmKeycloakRealm: dcm4che
      dcmURI: http://localhost:8680/auth
      dcmKeycloakClientSecret: ee379e31-dd0f-4dd2-8c81-81fbfa84d5b5
      dcmTLSAllowAnyHostname: TRUE
      -
      
      dn: dcmWebAppName=archive2WebApp,dicomDeviceName=dcm4chee-arc2,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
      objectClass: dcmWebApp
      dcmWebAppName: archive2WebApp
      dcmWebServiceClass: DCM4CHEE_ARC_AET
      dcmWebServicePath: /dcm4chee-arc/aets/DCM4CHEE/rs
      dicomNetworkConnectionReference: cn=http,dicomDeviceName=dcm4chee-arc2,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
      dcmKeycloakClientID: test
      -
    

    and import it to the LDAP Server by using the ldapmodify command line utility.

One may refer to RESTful Forward Rule, Web Application and Keycloak Client to understand the description of attributes and also has the complete list of supported RESTful operations supported by this feature in archive.

Note :

  • The dcmURI, dcmKeycloakClientID and dcmKeycloakClientSecret values shall be adapted to the values used in your Keycloak 2 configuration.

Go to the Control tab on Configuration page in archive UI and reload the configuration.

Clone this wiki locally