orthanc-team/orthanc-auth-service

othanc not working over remote connection

holakunle opened this issue · 4 comments

holakunle commented

Screenshot 2023-10-14 182516
hello

please orthanc is not working over remote connection using NUMERIC IP, please note i specified all the fields required as regards documentation. please review.. devtools shows it keeps pointing back to

<iframe src="http://localhost/keycloak/realms/orthanc/protocol/openid-connect/3p-cookies/step1.html" title="keycloak-3p-check-iframe" style="display: none;"></iframe>

any help

threehappypenguins commented

I'm having the exact same issue.

I also have enabled https and tried with https://my.domain.com/orthanc/ui/app/ and I'm getting the same result. Blank page.

threehappypenguins commented

I figured it out. The answer is found here:

Accessing this demo from a remote client
If you wish to access this demo from a remote computer, you must configure the domain on which this setup is accessible (in this sample: mydomain.com). Update these settings:

orthanc: ORTHANC_JSON -> OrthancExplorer2 -> Keycloak -> "Url": "http://mydomain.com/keycloak/"
keycloak: KC_HOSTNAME_URL: "http://mydomain.com/keycloak"
keycloak: KC_HOSTNAME_ADMIN_URL: "http://mydomain.com/keycloak"

You have to enable https (or it won't work), as shown in the json file. Uncomment this:

      # KC_HOSTNAME_URL: "https://mydomain.com/keycloak"
      # KC_HOSTNAME_ADMIN_URL: "https://mydomain.com/keycloak"

Then change to your actual domain. I'm not sure why the docs show http://mydomain.com/keycloak/ as an example. It should be https://mydomain.com/keycloak/.

Also, the proper cert files can be mounted like this in docker in the nginx container (I used certbot standalone, and I also use the OHIF plugin):

  nginx:
    image: orthancteam/orthanc-nginx:24.2.0
    depends_on: [orthanc, orthanc-auth-service, keycloak]
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /etc/letsencrypt/live/mydomain.com/fullchain.pem:/etc/nginx/tls/crt.pem
      - /etc/letsencrypt/live/mydomain.com/privkey.pem:/etc/nginx/tls/key.pem
    environment:
      ENABLE_ORTHANC: "true"
      ENABLE_KEYCLOAK: "true"
      ENABLE_ORTHANC_TOKEN_SERVICE: "true"
      ENABLE_HTTPS: "true"
# to use OHIF-plugin: you don't need the OHIF reverse proxy
      ENABLE_OHIF: "false"

I also create a file, permissions.jsonc:

{
  "roles" : {
    "admin-role": {
      "permissions": ["all"],
      "authorized_labels": ["*"]
    },
    "doctor-role": {
      "permissions":["view", "download", "share", "send"],
      "authorized_labels": ["*"]
    },
    "external-role": {
      "permissions":["view", "download"],
      "authorized_labels": ["external"]
    }
  }
}

Then mount it accordingly to the orthanc-auth-service container. When I check the logs, I see:

be patient, Keycloak may need more than 1 min to start

This is important because it does need several minutes to start. Then I can navigate to https://mydomain.com/orthanc/ui/app/ without issues and log in with admin and change-me. However, my problem now is that there is no way to upload studies (no upload button), and no way for me to change my admin password. The keycloak admin login (https://mydomain.com/keycloak/admin/master/console/) is a completely separate admin login with its own password.

holakunle commented

Ok. Thanks 😊

amazy commented

closing issue due to inactivity