-
Notifications
You must be signed in to change notification settings - Fork 244
Secured Archive Non TLS
This is available only from archive version 5.13.1 onwards.
Refer Forwarding for unsecured archive non TLS for doing the basic configuration. Ensure Secured Archive configurations are done for both archives. The following configuration are explained with the assumption that two archives are connected to two different Keycloaks.
A Keycloak Client
child object shall be configured on Archive 2
. This shall be referenced in the Web Application
configured on Archive 2
. The Keycloak Client ID
that is used shall correspond to the client configured/created in
dcm4che
realm of Keycloak 2
.
-
Create a new Client
test
indcm4che
realm. This configuration is used only for the sake of accessing the token.Client Id : test (This will be required for dcmKeycloakClientID in LDAP Configuration) Access Type : Confidential Service Accounts Enabled : ON Standard Flow Enabled : OFF Note down its Secret-Key under the Credentials tab (This will be required for dcmKeycloakClientSecret in LDAP Configuration)
-
Once the client is created, go to the
Service Account Roles
tab and assign the roleuser
.
-
Install
keycloak-admin-client
library as JBoss modules. Replace5.x.x
with correct version number.> cd $WILDFLY_HOME > unzip $DCM4CHEE_ARC/jboss-modules/dcm4che-jboss-modules-5.x.x.zip
The keycloak-admin-client
is part of the dcm4che-jboss-modules-5.x.x.zip
. Ensure you have keycloak-admin-client
folder
within $DCM4CHEE_ARC/modules/org
location.
One may either
-
create a LDIF file (e.g.):
version: 1 dn: cn=RS Forward,dicomDeviceName=dcm4chee-arc,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org objectClass: dcmRSForwardRule cn: RS Forward dcmWebAppName: archive2WebApp dcmRSOperation: CreatePatient dcmRSOperation: UpdatePatient dcmRSOperation: DeletePatient - dn: dcmKeycloakClientID=test,dicomDeviceName=dcm4chee-arc2,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org objectClass: dcmKeycloakClient dcmKeycloakClientID: test dcmKeycloakRealm: dcm4che dcmURI: http://localhost:8680/auth dcmKeycloakClientSecret: ee379e31-dd0f-4dd2-8c81-81fbfa84d5b5 dcmTLSAllowAnyHostname: TRUE - dn: dcmWebAppName=archive2WebApp,dicomDeviceName=dcm4chee-arc2,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org objectClass: dcmWebApp dcmWebAppName: archive2WebApp dcmWebServiceClass: DCM4CHEE_ARC_AET dcmWebServicePath: /dcm4chee-arc/aets/DCM4CHEE/rs dicomNetworkConnectionReference: cn=http,dicomDeviceName=dcm4chee-arc2,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org dcmKeycloakClientID: test -
and import it to the LDAP Server by using the ldapmodify command line utility.
One may refer to RESTful Forward Rule, Web Application and Keycloak Client to understand the description of attributes and also has the complete list of supported RESTful operations supported by this feature in archive.
Note :
- The
dcmURI
,dcmKeycloakClientID
anddcmKeycloakClientSecret
values shall be adapted to the values used in your Keycloak 2 configuration.
Go to the Control tab on Configuration page in archive UI and reload the configuration.
DCM4CHEE 5 Documentation