vs49688
commented
3 years ago Could you please post the full stack trace with my version of the plugin? There's a few failure points in createRestTemplate(), so I'd like line numbers to narrow it down.
Closed exxa-tech closed 3 years ago
vs49688
commented
3 years ago Could you please post the full stack trace with my version of the plugin? There's a few failure points in createRestTemplate(), so I'd like line numbers to narrow it down.
exxa-tech
commented
3 years ago It doesn't seem to be logging the issue anymore in /var/log/tomcat7/localhost.2021-01-18.log - that was where the error was. Having looked through the contents of /data/xnat/home/logs and /var/log/tomcat7 there is nothing I can discern to any issues apart from:
2021-01-18 15:05:58,637 [http-nio-8443-exec-3] WARN org.nrg.xnat.security.XnatProviderManager - The provider ID openid is enabled, but there is no configured definition for that ID
In security.log.
I noticed that my name comes up only as "Mr Alastair Ferguson" in first name only so I don't have a surname according to AAF / MQ. Not sure if that is relevant.
vs49688
commented
3 years ago That's a configuration issue then. Could you check your fields against this? https://github.com/Australian-Imaging-Service/xnat-openid-auth-plugin/blob/xnat176/src/main/resources/openid-provider-sample-AAF.properties
exxa-tech
commented
3 years ago Did a diff of the actual properties file and the sample file provide above:
alastair@A::H::F auth % diff openid-provider.properties openid_sample.properties
5c5
< #
---
> #
12,13c12,13
< auto.enabled=false
< auto.verified=false
---
> auto.enabled=true
> auto.verified=true
21c21
< siteUrl=https://xnat.exxa.tech
---
> siteUrl=
24,25c24,25
< openid.aaf.clientId=XXXXXX
< openid.aaf.clientSecret=XXXXXXXX
---
> openid.aaf.clientId=
> openid.aaf.clientSecret=
30,32c30,31
< # Flag that sets if we should be checking email domains
< openid.aaf.shouldFilterEmailDomains=false
< #openid.aaf.shouldFilterEmailDomains=true - This will probably need to be changed when we go live###
---
> # Flag that sets if we should be checking email domains
> openid.aaf.shouldFilterEmailDomains=true
34c33
< # openid.aaf.allowedEmailDomains=mq.edu.au
---
> openid.aaf.allowedEmailDomains=redboxresearchdata.com.auI removed the actual client_id and secret. The rest of them don't mean anything or affect AAF running / permissions.
exxa-tech
commented
3 years ago Zane has fixed this with a couple of hours! @vs49688 Will assign to you to close and explain.
I had tasked myself with getting AAF working.
First issue was a typo which means in the pod - /data/xnat/home/config/auth/openid-provider.properties displays:
openid.aaf.clientID=
rather than
openid.aaf.clientId=
This meant this the client_id was not being submitted for authentication to the AAF servers and automatically failing. The two files that needed updating were:
charts/xnat/charts/xnat-web/values.yaml and charts/xnat/charts/xnat-web/templates/secrets.yaml
Fixed / pushed here with this commit:
https://github.com/Australian-Imaging-Service/charts/commit/1a1f71f4b6b792e7e52f5ec8ffcae797ab4af22c
Second issue discovered is when submitting URL request to AAF it needs to be in the format https://xnat.example.com/openid-login NOT https://xnat.example.com or again won't work.
After these were fixed. I get the following issue:
I can login fine but whenever I go to look at a Project, I get this error and I can’t view any data:
**Security Warning
Your account has not been granted access to this project's data. If you would like to view this data, you will need to request access. Request Access**
This is brand new XNAT, I made my user an Administrator, Full Data Access, that user created the project so is an owner of the Project and still no luck. I can access the images if I navigate to Browse > Data > MR Sessions or Subjects. I can also perform normal admin tasks.
I did find this in the Tomcat log files:
SEVERE: Servlet.service() for servlet [default] in context with path [] threw exception org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'scopedTarget.createRestTemplate' defined in au.edu.qcif.xnat.auth.openid.OpenIdAuthPlugin: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.security.oauth2.client.OAuth2RestTemplate]: Factory method 'createRestTemplate' threw exception; nested exception is java.lang.NullPointerException
Have tried with @vs49688 's repo - both prebuilt and compiled and the Radiologics prebuilt from USYD and same message.
@dean-taylor - Issue created as requested.