Hello.
I managed to configure keycloak authenication. And it works.
If I use "loginStyle": "popup" it works as expected.
The only problem is that if I use "loginStyle": "redirect" (and I would like to use this method), even in case of a successful authentication, I'm redirected back to the login page. However, if in the browser I change the URL to http://server/studyList, I'm actually able to see the study list, and at the same time, in keycloak, the user has a session and so on.
If in /opt/ohif/bundle/programs/server/packages/oauth.js, in var config = { I _force_ the redirectUrl to "/studyList", then I'm able to use redirect login style.
Do you have any suggestion or experience?
Thanks.
Hi there,
Is authRedirectUri set?
There might also be a bug in this setup, though I haven't seen this behaviour myself.
This is my configuration
{
...
"defaultServiceType": "dimse",
"dropCollections": true,
"keycloak": {
"clientId": "my-client",
"authRedirectUrl": "/studyList",
"sslRequired": "external",
"loginStyle": "redirect",
"realmPublicKey": "xxx",
"clientSecret": "yyy"
},
"public": {
"userAuthenticationRoutesEnabled": true,
"custom": {
"keycloak": {
"authServerUrl": "https://keycloak:8443/auth",
"realmName": "dcm4che",
"adminUsername": "admin",
"adminPassword": "xxxxxxxxxx"
}
},
...
}
It's an i, not an l in authRedirectUri. Could you change that? I apologize for the confusion.
No problem at all. My fault.
However, it seems that this option is not taken into account. Or I'm writing it in the wrong place.
This is what I can see in the browser address bar:
https://keycloak:8443/auth/realms/dcm4che/protocol/openid-connect/auth?client_id=my-client&redirect_uri=http://ohif:3000/_oauth/keycloak&state=eyJsb2dpblN0e.....
Interesting.. There might be an issue somewhere. I see it pulling the redirectUri here: https://github.com/mxab/meteor-keycloak/blob/fd34f7c29712cef3e8c20c8dcd792193ac39683e/keycloak-oauth/keycloak-client.js#L38
so maybe indeed the option isn't being used properly. I swear I've used it before, though.
In any case, the short term plan is to drop the accounts:keycloak package in favour of a generic OpenID Connect client library. There's a branch here: https://github.com/OHIF/Viewers/tree/oidc where it's in progress.
Should be fixed now, though you have to change your settings to use something like:
javascript
"public": {
"custom": {
"oidc": [{
"authServerUrl": "Your OAuth provider URL",
"clientId": "Your OAuth ClientID",
"authRedirectUri": "The redirect URI after the user is logged in (e.g. /studylist)",
"postLogoutRedirectUri": "The redirect URI after the user is logged out (e.g. /)",
"responseType": "OAuth response type, which defines which flow is used. Default is 'id_token token'. You should probably leave this as is",
"scope": "Scope for the token request. Default 'email profile openid'. You should generally include 'oidc'"
}]
}
}
Should be fixed now, though you have to change your settings to use something like:
Sorry, I'm totally new to keycloak and openid...
I get this _error_ in the URL
http://hostname:3000/#error=unsupported_response_type&error_description=Client+is+not+allowed+to+initiate+browser+login+with+given+response_type.+Implicit+flow+is+disabled+for+the+client.&state=b56e3b0f502b418787b302753fb9cd3f
Maybe keycloak is not configured in the right way. Do you have any hint?
Thanks.
Yep, there is an 'Implicit Flow Enabled' toggle when you set up a Keycloak client. It's disabled by default, but you need to enable it.

It works!
Thank you very much!
My console error is

so, change setting 'Implicit Flow Enabled' works for me! 3Q
Hello, I want to configure Ohif Viewer with dcm4che secure. But I am getting an error
TypeError: OHIF.user.userLoggedIn is not a function.
Invalid parameter: redirect_uri
:8843/auth/realms/dcm4che/protocol/openid-connect/auth?client_id=ohif-viewer&redirect_uri=http://0.0.0.0:3300/_oauth/keycloak&state=eyJsb2dpblN0eWxlIjoicG9wdXAiLCJjcmVkZW50aWFsVG9rZW4iOiIyYVUySlBpeWYzNW5PZWszejJPUGRVR2RGcGxNQ0hOY1lBblhFNHNlV2JNIiwiaXNDb3Jkb3ZhIjpmYWxzZX0=&nonce=rGVP0srYL0LkhZnqLCPNPpJZofJSPKH6uB3hEp8HCWw&response_mode=query&response_type=code&scope=oidc:1 GET https://192.168.1.109:8843/auth/realms/dcm4che/protocol/openid-connect/auth?client_id=ohif-viewer&redirect_uri=http://0.0.0.0:3300/_oauth/keycloak&state=eyJsb2dpblN0eWxlIjoicG9wdXAiLCJjcmVkZW50aWFsVG9rZW4iOiIyYVUySlBpeWYzNW5PZWszejJPUGRVR2RGcGxNQ0hOY1lBblhFNHNlV2JNIiwiaXNDb3Jkb3ZhIjpmYWxzZX0=&nonce=rGVP0srYL0LkhZnqLCPNPpJZofJSPKH6uB3hEp8HCWw&response_mode=query&response_type=code&scope=oidc 400
Most helpful comment
Yep, there is an 'Implicit Flow Enabled' toggle when you set up a Keycloak client. It's disabled by default, but you need to enable it.