fix

minimal-setup/basic-auth/docker-compose.yml

@@ -6,7 +6,7 @@ version: "3"
 services:
 
   nginx:
-    image: orthancteam/orthanc-nginx:24.5.1
+    image: orthancteam/orthanc-nginx:24.6.1
     depends_on: [orthanc, orthanc-auth-service, orthanc-for-shares]
     restart: unless-stopped
     ports: ["80:80"]
@@ -107,7 +107,7 @@ services:
         }
 
   orthanc-auth-service:
-    image: orthancteam/orthanc-auth-service:24.5.1
+    image: orthancteam/orthanc-auth-service:24.6.1
     restart: unless-stopped
     environment:
       SECRET_KEY: "change-me-I-am-a-secret-key"
@@ -121,7 +121,7 @@ services:
         }
 
   ohif:
-    image: orthancteam/ohif-v3:24.5.1
+    image: orthancteam/ohif-v3:24.6.1
 #  uncomment if you want to customize ohif configuration
 #    volumes:
 #      - ./ohif-app-config.js:/usr/share/nginx/html/app-config.js

minimal-setup/keycloak-meddream-full/docker-compose.yml

@@ -6,7 +6,7 @@ version: "3"
 services:
 
   nginx:
-    image: orthancteam/orthanc-nginx:24.5.1
+    image: orthancteam/orthanc-nginx:24.6.1
     depends_on: [orthanc, orthanc-auth-service, orthanc-for-api, meddream-viewer, keycloak]
     restart: unless-stopped
     ports: ["80:80"]
@@ -76,7 +76,7 @@ services:
         }
 
   orthanc-auth-service:
-    image: orthancteam/orthanc-auth-service:24.5.1
+    image: orthancteam/orthanc-auth-service:24.6.1
     depends_on: [keycloak, meddream-token-service]
     # permissions can be customized in the permissions.json file
     volumes:
@@ -102,7 +102,7 @@ services:
       POSTGRES_HOST_AUTH_METHOD: "trust"
 
   keycloak:
-    image: orthancteam/orthanc-keycloak:24.5.1
+    image: orthancteam/orthanc-keycloak:24.6.1
     depends_on: [keycloak-db]
     restart: unless-stopped
     environment:
@@ -125,11 +125,11 @@ services:
       POSTGRES_DB: "keycloak"
 
   meddream-token-service:
-    image: orthancteam/meddream-token-service:24.5.1
+    image: orthancteam/meddream-token-service:24.6.1
     restart: unless-stopped
 
   meddream-viewer:
-    image: orthancteam/meddream-viewer:24.5.1
+    image: orthancteam/meddream-viewer:24.6.1
     restart: unless-stopped
     depends_on:
       - orthanc-for-api

minimal-setup/keycloak/docker-compose.yml

@@ -6,7 +6,7 @@ version: "3"
 services:
 
   nginx:
-    image: orthancteam/orthanc-nginx:permissions-ui
+    image: orthancteam/orthanc-nginx:24.6.1
     depends_on: [orthanc, orthanc-auth-service, keycloak]
     restart: unless-stopped
     ports: ["80:80"]
@@ -25,7 +25,7 @@ services:
 
   orthanc:
 # to use OHIF-plugin:  use the master-unstable image
-    image: orthancteam/orthanc:24.6.2
+    image: orthancteam/orthanc-pre-release:master-unstable
     volumes:
       - orthanc-storage:/var/lib/orthanc/db
     depends_on: [orthanc-db]
@@ -91,7 +91,7 @@ services:
         }
 
   orthanc-auth-service:
-    image: orthancteam/orthanc-auth-service:permissions-ui
+    image: orthancteam/orthanc-auth-service:24.6.1
     # always disable port mapping in production !!!
     # ports: ["8000:8000"]
     # permissions can be customized in the permissions.json file
@@ -123,15 +123,15 @@ services:
 
 # to use OHIF-plugin: you don't need this container
   ohif:
-    image: orthancteam/ohif-v3:24.5.1
+    image: orthancteam/ohif-v3:24.6.1
 #  uncomment if you want to customize ohif configuration
 #    volumes:
 #      - ./ohif-app-config.js:/usr/share/nginx/html/app-config.js
     restart: unless-stopped
 
 
   keycloak:
-    image: orthancteam/orthanc-keycloak:permissions-ui
+    image: orthancteam/orthanc-keycloak:24.6.1
     depends_on: [keycloak-db]
     restart: unless-stopped
 #    healthcheck:

release-notes.md

@@ -4,13 +4,12 @@ SPDX-FileCopyrightText: 2022 - 2024 Orthanc Team SRL <[email protected]>
 SPDX-License-Identifier: GPL-3.0-or-later
 -->
 
+v 24.6.1
+========
+
 - when requesting a user-profile with e.g. a basic auth token, the auth-service now
   returns the Anonymous profile instead of a 400 such that the auth-plugin can cache
   the response.
-
-v 24.6.0
-========
-
 - added a new route `/settings/roles` (GET/PUT) in the auth-service to allow reading/editing
   the permissions and authorized-labels for each role.  Also introduced a new `available-labels`
   field in the permission.json.

sources/orthanc_auth_service/shares/keycloak_admin.py

@@ -63,7 +63,7 @@ def get_user_profile_from_api_key(self, api_key: str) -> Optional[UserProfileRes
                     return None
 
                 # retrieve the roles for this user
-                keycloak_role_url = urljoin(self._keycloak_admin_uri, f"users/{user['id']}/role-mappings")
+                keycloak_role_url = urljoin(self._keycloak_admin_uri, f"users/{user['id']}/role-mappings/realm/composite")
                 keycloak_role_response = requests.get(keycloak_role_url, headers=headers)
                 if keycloak_role_response.status_code != 200:
                     logging.error("Unable to retrieve roles for user")
@@ -72,8 +72,8 @@ def get_user_profile_from_api_key(self, api_key: str) -> Optional[UserProfileRes
                 # keep only the roles that we have defined ourselves
                 user_roles = []
                 resp_roles = keycloak_role_response.json()
-                for resp_role in resp_roles['realmMappings']:
-                    if resp_role['name'] in self._roles_configuration.get_all_roles():
+                for resp_role in resp_roles:
+                    if resp_role['name'] in self.get_all_roles():
                         user_roles.append(resp_role['name'])
 
                 profile_from_config = self._roles_configuration.get_role_configuration(user_roles)