orthanc + ohif viewer + orthanc auth service + keycloak

Question

orthanc + ohif viewer + orthanc auth service + keycloak

Closed this issue 2 months ago · 3 comments

hi.

when i try to open study in ohif viewer i get the following in log:

Aug 19 14:12:34 pacs uvicorn[1426]: INFO:root:created token: {"request": {"id": null, "resources": [{"dicom_uid": "1.2.826.0.1.3680043.8.1055.1.20111103111148288.98361414.79379639", "orthanc_id": "9fcadbc3-58807fe5-05a2969e-ab4aafaa-af735eaa", "url": null, "level": "study"}], "type": "viewer-instant-link", "expiration_date": "2023-08-19T15:12:33.984896+00:00", "validity_duration": 3600}, "token": "xxxxxxx", "url": null}
Aug 19 14:12:34 pacs uvicorn[1426]: INFO: x.x.x.x:30501 - "PUT /tokens/viewer-instant-link HTTP/1.1" 200 OK
Aug 19 14:12:34 pacs uvicorn[1426]: INFO:root:validating token: {"dicom_uid": null, "orthanc_id": null, "token_key": "token", "token_value"xxxxxxxxxx ", "server_id": null, "level": "system", "method": "get", "uri": "/ohif/viewer"}
Aug 19 14:12:34 pacs uvicorn[1426]: WARNING:root:Token Validation: no ids found
Aug 19 14:12:34 pacs uvicorn[1426]: INFO:root:validate token: {"granted": false, "validity": 60}

while in orthanc logs i get this:
I0819 15:42:36.615098 HttpServer.cpp:1262] (http) GET /ohif/viewer
I0819 15:42:36.615234 PluginsManager.cpp:161] (plugins) Testing whether access to system "/ohif/viewer" is allowed with a resource token
I0819 15:42:36.615325 PluginsManager.cpp:161] (plugins) New HTTP request to: http://x.x.x.x:8000/tokens/validate (timeout: 10s)
I0819 15:42:36.741085 PluginsManager.cpp:161] (plugins) HTTP status code 200 in 125 ms after POST request on: http://x.x.x.x:8000/tokens/validate
I0819 15:42:36.741362 PluginsManager.cpp:161] (plugins) Testing whether access to system "/ohif/viewer" is allowed with a resource token -> not granted

what can be the issue here?

Answer 1 · 2023-08-22T13:33:16.000Z

Hi,

Are you using dicom-web or dicom-json as OHIF plugin datasource?

If it's dicom-json, try to switch to dicom-web and see if it persists.

also try adding:

"Authorization": {
 "UncheckedFolders": [
      "/ohif/",
 ],

to your config.

I remember having this issue, can't remember how I fixed it though.

Answer 2 · 2023-08-29T09:20:11.000Z

@amazy

I think I resolved a similar issue with permissions by building OHIF with PUBLIC_URL=/ohif/ option. I believe OHIF was malfunctioning, loading some assets from /ohif/viewer/ and then trying to load from /viewer/ and failing after checking the token.

Answer 3 · 2024-07-03T14:34:58.000Z

closing issue due to inactivity