[bug] OHIF with OpenID authentication has a bug when modifying the filters, it crashes and starts placing a lot of question points in the URL

[insinfo]

Describe the Bug

OHIF with OpenID authentication has a bug when modifying the filters, it crashes and starts placing a lot of question points in the URL until the data finishes loading

https://youtu.be/SkxtMPLIp_w

Steps to Reproduce

keycloak 24.0.4 realm

keycloak 24.0.4 realm

```json { "id": "ohif", "realm": "ohif", "displayName": "OHIF", "displayNameHtml": "

OHIF

", "notBefore": 1715802496, "defaultSignatureAlgorithm": "RS256", "revokeRefreshToken": false, "refreshTokenMaxReuse": 0, "accessTokenLifespan": 300, "accessTokenLifespanForImplicitFlow": 900, "ssoSessionIdleTimeout": 1800, "ssoSessionMaxLifespan": 36000, "ssoSessionIdleTimeoutRememberMe": 0, "ssoSessionMaxLifespanRememberMe": 0, "offlineSessionIdleTimeout": 2592000, "offlineSessionMaxLifespanEnabled": false, "offlineSessionMaxLifespan": 5184000, "clientSessionIdleTimeout": 0, "clientSessionMaxLifespan": 0, "clientOfflineSessionIdleTimeout": 0, "clientOfflineSessionMaxLifespan": 0, "accessCodeLifespan": 60, "accessCodeLifespanUserAction": 300, "accessCodeLifespanLogin": 1800, "actionTokenGeneratedByAdminLifespan": 43200, "actionTokenGeneratedByUserLifespan": 300, "oauth2DeviceCodeLifespan": 600, "oauth2DevicePollingInterval": 5, "enabled": true, "sslRequired": "external", "registrationAllowed": false, "registrationEmailAsUsername": false, "rememberMe": false, "verifyEmail": false, "loginWithEmailAllowed": true, "duplicateEmailsAllowed": false, "resetPasswordAllowed": false, "editUsernameAllowed": false, "bruteForceProtected": false, "permanentLockout": false, "maxTemporaryLockouts": 0, "maxFailureWaitSeconds": 900, "minimumQuickLoginWaitSeconds": 60, "waitIncrementSeconds": 60, "quickLoginCheckMilliSeconds": 1000, "maxDeltaTimeSeconds": 43200, "failureFactor": 30, "roles": { "realm": [ { "id": "c38f5d50-8c9c-4214-b700-7406902202fb", "name": "default-roles-ohif", "description": "${role_default-roles}", "composite": true, "composites": { "realm": [ "offline_access", "uma_authorization" ], "client": { "account": [ "manage-account", "view-profile" ] } }, "clientRole": false, "containerId": "ohif", "attributes": {} }, { "id": "6c3af6bd-09e5-41ab-a997-ecb926e06a9c", "name": "offline_access", "description": "${role_offline-access}", "composite": false, "clientRole": false, "containerId": "ohif", "attributes": {} }, { "id": "eb61ea0f-059d-4aeb-8179-6d223882be4e", "name": "uma_authorization", "description": "${role_uma_authorization}", "composite": false, "clientRole": false, "containerId": "ohif", "attributes": {} } ], "client": { "realm-management": [ { "id": "20b8764b-3db0-47bf-80f3-fdc5e2a80651", "name": "view-events", "description": "${role_view-events}", "composite": false, "clientRole": true, "containerId": "84e7b84d-ab74-452e-8a24-a0e657f100ea", "attributes": {} }, { "id": "5fdc7311-003e-4644-b497-3b88f0fd2771", "name": "query-realms", "description": "${role_query-realms}", "composite": false, "clientRole": true, "containerId": "84e7b84d-ab74-452e-8a24-a0e657f100ea", "attributes": {} }, { "id": "b85a57ed-b33a-41b2-8748-d02f9f334b42", "name": "realm-admin", "description": "${role_realm-admin}", "composite": true, "composites": { "client": { "realm-management": [ "view-events", "query-realms", "query-groups", "manage-clients", "query-clients", "impersonation", "manage-identity-providers", "view-identity-providers", "query-users", "manage-realm", "manage-authorization", "view-authorization", "view-realm", "manage-users", "view-clients", "manage-events", "create-client", "view-users" ] } }, "clientRole": true, "containerId": "84e7b84d-ab74-452e-8a24-a0e657f100ea", "attributes": {} }, { "id": "cb1ebb2f-7772-417e-8ed6-9f144e53aa66", "name": "query-groups", "description": "${role_query-groups}", "composite": false, "clientRole": true, "containerId": "84e7b84d-ab74-452e-8a24-a0e657f100ea", "attributes": {} }, { "id": "0c2b9722-d7cb-49c1-9eba-216b8485f0a9", "name": "manage-clients", "description": "${role_manage-clients}", "composite": false, "clientRole": true, "containerId": "84e7b84d-ab74-452e-8a24-a0e657f100ea", "attributes": {} }, { "id": "003085ed-b327-4dc2-bcfe-b97f25dbfdb2", "name": "impersonation", "description": "${role_impersonation}", "composite": false, "clientRole": true, "containerId": "84e7b84d-ab74-452e-8a24-a0e657f100ea", "attributes": {} }, { "id": "e60cd69e-6ebb-4e2b-aefc-7529f62bd410", "name": "query-clients", "description": "${role_query-clients}", "composite": false, "clientRole": true, "containerId": "84e7b84d-ab74-452e-8a24-a0e657f100ea", "attributes": {} }, { "id": "97678c0b-a333-443b-af67-39be0c9b9656", "name": "manage-identity-providers", "description": "${role_manage-identity-providers}", "composite": false, "clientRole": true, "containerId": "84e7b84d-ab74-452e-8a24-a0e657f100ea", "attributes": {} }, { "id": "f96be28a-ed19-4e0c-a2cc-85ba3daed401", "name": "view-identity-providers", "description": "${role_view-identity-providers}", "composite": false, "clientRole": true, "containerId": "84e7b84d-ab74-452e-8a24-a0e657f100ea", "attributes": {} }, { "id": "081be3e8-f3a9-4d2a-94ee-ec357082d019", "name": "query-users", "description": "${role_query-users}", "composite": false, "clientRole": true, "containerId": "84e7b84d-ab74-452e-8a24-a0e657f100ea", "attributes": {} }, { "id": "376fec14-86c7-4986-8f09-9d4b93880c57", "name": "manage-realm", "description": "${role_manage-realm}", "composite": false, "clientRole": true, "containerId": "84e7b84d-ab74-452e-8a24-a0e657f100ea", "attributes": {} }, { "id": "1c105710-6a0e-40bb-8e45-924017eff426", "name": "manage-authorization", "description": "${role_manage-authorization}", "composite": false, "clientRole": true, "containerId": "84e7b84d-ab74-452e-8a24-a0e657f100ea", "attributes": {} }, { "id": "6f0f4bad-7761-487d-babd-62500ca02380", "name": "view-authorization", "description": "${role_view-authorization}", "composite": false, "clientRole": true, "containerId": "84e7b84d-ab74-452e-8a24-a0e657f100ea", "attributes": {} }, { "id": "59cf0f7d-0ccc-4b2d-ab23-dd00a95727d2", "name": "manage-users", "description": "${role_manage-users}", "composite": false, "clientRole": true, "containerId": "84e7b84d-ab74-452e-8a24-a0e657f100ea", "attributes": {} }, { "id": "089145da-eb3c-4a06-a623-01f1c0278710", "name": "view-realm", "description": "${role_view-realm}", "composite": false, "clientRole": true, "containerId": "84e7b84d-ab74-452e-8a24-a0e657f100ea", "attributes": {} }, { "id": "bbf8231a-f92c-4c7d-a962-f1ffc3a77486", "name": "view-clients", "description": "${role_view-clients}", "composite": true, "composites": { "client": { "realm-management": [ "query-clients" ] } }, "clientRole": true, "containerId": "84e7b84d-ab74-452e-8a24-a0e657f100ea", "attributes": {} }, { "id": "b76f0563-eb1a-4e85-853d-2c5fd41820ab", "name": "manage-events", "description": "${role_manage-events}", "composite": false, "clientRole": true, "containerId": "84e7b84d-ab74-452e-8a24-a0e657f100ea", "attributes": {} }, { "id": "bc00ccc2-f675-4649-a1fc-0138da85c2ef", "name": "create-client", "description": "${role_create-client}", "composite": false, "clientRole": true, "containerId": "84e7b84d-ab74-452e-8a24-a0e657f100ea", "attributes": {} }, { "id": "982241da-f30d-4a9b-a425-d69fb5f1b0ee", "name": "view-users", "description": "${role_view-users}", "composite": true, "composites": { "client": { "realm-management": [ "query-groups", "query-users" ] } }, "clientRole": true, "containerId": "84e7b84d-ab74-452e-8a24-a0e657f100ea", "attributes": {} } ], "pacs": [ { "id": "46283d0b-9b8b-46f2-a111-dfa460103f2f", "name": "uma_protection", "composite": false, "clientRole": true, "containerId": "3785434d-2af8-478c-b135-f0b11d1d3205", "attributes": {} } ], "security-admin-console": [], "admin-cli": [], "account-console": [], "broker": [ { "id": "49b1694a-21f5-4eb0-a9c4-4f847313d722", "name": "read-token", "description": "${role_read-token}", "composite": false, "clientRole": true, "containerId": "f7f76add-411b-420d-9be1-bd120ed99918", "attributes": {} } ], "ohif-viewer": [], "account": [ { "id": "09c7d784-69d0-47f3-970a-89802278b10d", "name": "view-consent", "description": "${role_view-consent}", "composite": false, "clientRole": true, "containerId": "e6bee9db-9634-4cd2-93d3-cdaa1f011dd8", "attributes": {} }, { "id": "472357ac-3ab7-4aa5-9978-c6e1a219f3a8", "name": "view-applications", "description": "${role_view-applications}", "composite": false, "clientRole": true, "containerId": "e6bee9db-9634-4cd2-93d3-cdaa1f011dd8", "attributes": {} }, { "id": "6ae38e13-39e5-4000-962f-ef0175f57c60", "name": "manage-account-links", "description": "${role_manage-account-links}", "composite": false, "clientRole": true, "containerId": "e6bee9db-9634-4cd2-93d3-cdaa1f011dd8", "attributes": {} }, { "id": "7ab293a8-ce2c-42c3-acb5-d48b810046ed", "name": "view-groups", "description": "${role_view-groups}", "composite": false, "clientRole": true, "containerId": "e6bee9db-9634-4cd2-93d3-cdaa1f011dd8", "attributes": {} }, { "id": "f9955697-0a92-4252-bc3a-0f3b19a40c59", "name": "delete-account", "description": "${role_delete-account}", "composite": false, "clientRole": true, "containerId": "e6bee9db-9634-4cd2-93d3-cdaa1f011dd8", "attributes": {} }, { "id": "368522c4-b8f0-40af-ac53-b96496c4a44a", "name": "manage-account", "description": "${role_manage-account}", "composite": true, "composites": { "client": { "account": [ "manage-account-links" ] } }, "clientRole": true, "containerId": "e6bee9db-9634-4cd2-93d3-cdaa1f011dd8", "attributes": {} }, { "id": "af2a7fbc-38da-49cd-8495-c798530fe251", "name": "view-profile", "description": "${role_view-profile}", "composite": false, "clientRole": true, "containerId": "e6bee9db-9634-4cd2-93d3-cdaa1f011dd8", "attributes": {} }, { "id": "aa4e09d0-cafa-40b8-827b-99f11af55276", "name": "manage-consent", "description": "${role_manage-consent}", "composite": true, "composites": { "client": { "account": [ "view-consent" ] } }, "clientRole": true, "containerId": "e6bee9db-9634-4cd2-93d3-cdaa1f011dd8", "attributes": {} } ] } }, "groups": [], "defaultRole": { "id": "c38f5d50-8c9c-4214-b700-7406902202fb", "name": "default-roles-ohif", "description": "${role_default-roles}", "composite": true, "clientRole": false, "containerId": "ohif" }, "requiredCredentials": [ "password" ], "otpPolicyType": "totp", "otpPolicyAlgorithm": "HmacSHA1", "otpPolicyInitialCounter": 0, "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, "otpPolicyCodeReusable": false, "otpSupportedApplications": [ "totpAppFreeOTPName", "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName" ], "localizationTexts": {}, "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ "ES256" ], "webAuthnPolicyRpId": "", "webAuthnPolicyAttestationConveyancePreference": "not specified", "webAuthnPolicyAuthenticatorAttachment": "not specified", "webAuthnPolicyRequireResidentKey": "not specified", "webAuthnPolicyUserVerificationRequirement": "not specified", "webAuthnPolicyCreateTimeout": 0, "webAuthnPolicyAvoidSameAuthenticatorRegister": false, "webAuthnPolicyAcceptableAaguids": [], "webAuthnPolicyExtraOrigins": [], "webAuthnPolicyPasswordlessRpEntityName": "keycloak", "webAuthnPolicyPasswordlessSignatureAlgorithms": [ "ES256" ], "webAuthnPolicyPasswordlessRpId": "", "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", "webAuthnPolicyPasswordlessCreateTimeout": 0, "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, "webAuthnPolicyPasswordlessAcceptableAaguids": [], "webAuthnPolicyPasswordlessExtraOrigins": [], "users": [ { "id": "6143a7a2-f43b-4f84-ad82-33679cfa62ff", "username": "service-account-pacs", "emailVerified": false, "createdTimestamp": 1715781594554, "enabled": true, "totp": false, "serviceAccountClientId": "pacs", "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ "default-roles-ohif" ], "clientRoles": { "pacs": [ "uma_protection" ] }, "notBefore": 0, "groups": [] } ], "scopeMappings": [ { "clientScope": "offline_access", "roles": [ "offline_access" ] } ], "clientScopeMappings": { "account": [ { "client": "account-console", "roles": [ "manage-account", "view-groups" ] } ] }, "clients": [ { "id": "e6bee9db-9634-4cd2-93d3-cdaa1f011dd8", "clientId": "account", "name": "${client_account}", "rootUrl": "${authBaseUrl}", "baseUrl": "/realms/ohif/account/", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "**********", "redirectUris": [ "/realms/ohif/account/*" ], "webOrigins": [], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { "post.logout.redirect.uris": "+" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", "roles", "profile", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id": "81be1c6e-8879-4e33-965e-e8a377879e8f", "clientId": "account-console", "name": "${client_account-console}", "rootUrl": "${authBaseUrl}", "baseUrl": "/realms/ohif/account/", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [ "/realms/ohif/account/*" ], "webOrigins": [], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, "protocolMappers": [ { "id": "069b1a13-c19f-4be7-a27e-146bf051e0bd", "name": "audience resolve", "protocol": "openid-connect", "protocolMapper": "oidc-audience-resolve-mapper", "consentRequired": false, "config": {} } ], "defaultClientScopes": [ "web-origins", "roles", "profile", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id": "315fbb4d-f9c8-46f6-888e-d6c69d415ee0", "clientId": "admin-cli", "name": "${client_admin-cli}", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "**********", "redirectUris": [], "webOrigins": [], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": false, "implicitFlowEnabled": false, "directAccessGrantsEnabled": true, "serviceAccountsEnabled": false, "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { "post.logout.redirect.uris": "+" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", "roles", "profile", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id": "f7f76add-411b-420d-9be1-bd120ed99918", "clientId": "broker", "name": "${client_broker}", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "**********", "redirectUris": [], "webOrigins": [], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { "post.logout.redirect.uris": "+" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", "roles", "profile", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id": "53d51818-e1bf-4fc2-aa20-5541f2646f12", "clientId": "ohif-viewer", "name": "", "description": "", "rootUrl": "http://localhost", "adminUrl": "http://localhost", "baseUrl": "/", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [ "*" ], "webOrigins": [ "*" ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": true, "serviceAccountsEnabled": false, "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { "saml.assertion.signature": "false", "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", "login_theme": "keycloak", "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "saml.server.signature": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature.keyinfo.ext": "false", "exclude.session.state.from.auth.response": "false", "oidc.ciba.grant.enabled": "false", "backchannel.logout.session.required": "true", "saml_force_name_id_format": "false", "saml.client.signature": "false", "tls.client.certificate.bound.access.tokens": "false", "saml.authnstatement": "false", "display.on.consent.screen": "false", "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": true, "nodeReRegistrationTimeout": -1, "defaultClientScopes": [ "web-origins", "roles", "profile", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id": "3785434d-2af8-478c-b135-f0b11d1d3205", "clientId": "pacs", "rootUrl": "http://127.0.0.1", "baseUrl": "/pacs-admin", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "**********", "redirectUris": [ "*" ], "webOrigins": [ "*" ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": true, "directAccessGrantsEnabled": true, "serviceAccountsEnabled": true, "authorizationServicesEnabled": true, "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { "saml.assertion.signature": "false", "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", "post.logout.redirect.uris": "+", "saml.server.signature": "false", "saml.server.signature.keyinfo.ext": "false", "exclude.session.state.from.auth.response": "false", "saml_force_name_id_format": "false", "saml.client.signature": "false", "tls.client.certificate.bound.access.tokens": "false", "saml.authnstatement": "false", "display.on.consent.screen": "false", "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": true, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { "id": "6aad2e40-2917-4549-a823-b8765ea4b13f", "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientAddress", "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientAddress", "jsonType.label": "String" } }, { "id": "560fea50-208a-487a-82ff-de6edd81eb80", "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientHost", "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientHost", "jsonType.label": "String" } }, { "id": "248bf04e-057a-46f4-be6c-1a64728e0203", "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientId", "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientId", "jsonType.label": "String" } } ], "defaultClientScopes": [ "web-origins", "roles", "profile", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ], "authorizationSettings": { "allowRemoteResourceManagement": true, "policyEnforcementMode": "ENFORCING", "resources": [], "policies": [], "scopes": [], "decisionStrategy": "UNANIMOUS" } }, { "id": "84e7b84d-ab74-452e-8a24-a0e657f100ea", "clientId": "realm-management", "name": "${client_realm-management}", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "**********", "redirectUris": [], "webOrigins": [], "notBefore": 0, "bearerOnly": true, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { "post.logout.redirect.uris": "+" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", "roles", "profile", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id": "f7dd8587-4035-4590-a1c0-ebf576c4dfe3", "clientId": "security-admin-console", "name": "${client_security-admin-console}", "rootUrl": "${authAdminUrl}", "baseUrl": "/admin/ohif/console/", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "**********", "redirectUris": [ "/admin/ohif/console/*" ], "webOrigins": [ "+" ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, "protocolMappers": [ { "id": "3c48b046-72a2-4779-abb5-760c58fe2c19", "name": "locale", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "locale", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "locale", "jsonType.label": "String" } } ], "defaultClientScopes": [ "web-origins", "roles", "profile", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] } ], "clientScopes": [ { "id": "254e8b40-a391-4451-a8d2-28934e5b63dc", "name": "acr", "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "false", "display.on.consent.screen": "false" }, "protocolMappers": [ { "id": "2f956edb-d6e5-4a83-b19e-937686d620a9", "name": "acr loa level", "protocol": "openid-connect", "protocolMapper": "oidc-acr-mapper", "consentRequired": false, "config": { "id.token.claim": "true", "introspection.token.claim": "true", "access.token.claim": "true" } } ] }, { "id": "09747e03-0974-4937-a444-2170c1185842", "name": "phone", "description": "OpenID Connect built-in scope: phone", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "display.on.consent.screen": "true", "consent.screen.text": "${phoneScopeConsentText}" }, "protocolMappers": [ { "id": "6e91d83d-746b-499a-9f1c-76d821f2c51d", "name": "phone number", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "phoneNumber", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "phone_number", "jsonType.label": "String" } }, { "id": "b185e72e-0fef-43ed-971b-a8e4c420c8b9", "name": "phone number verified", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "phoneNumberVerified", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "phone_number_verified", "jsonType.label": "boolean" } } ] }, { "id": "3a2f720d-06aa-4a21-bb8b-a2fe8ff740ba", "name": "roles", "description": "OpenID Connect scope for add user roles to the access token", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "false", "display.on.consent.screen": "true", "consent.screen.text": "${rolesScopeConsentText}" }, "protocolMappers": [ { "id": "f312bcba-a892-4fa1-ab66-a784cb3359f7", "name": "client roles", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-client-role-mapper", "consentRequired": false, "config": { "user.attribute": "foo", "access.token.claim": "true", "claim.name": "resource_access.${client_id}.roles", "jsonType.label": "String", "multivalued": "true" } }, { "id": "a9ab2bd5-835d-4f5f-aa07-2845ccd3d361", "name": "audience resolve", "protocol": "openid-connect", "protocolMapper": "oidc-audience-resolve-mapper", "consentRequired": false, "config": {} }, { "id": "cf2ec6d5-ac10-4d67-9c10-1cf6f83d1ba5", "name": "realm roles", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-realm-role-mapper", "consentRequired": false, "config": { "user.attribute": "foo", "access.token.claim": "true", "claim.name": "realm_access.roles", "jsonType.label": "String", "multivalued": "true" } } ] }, { "id": "775a0614-070f-4ee3-9eb5-7dace1a3ee9f", "name": "address", "description": "OpenID Connect built-in scope: address", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "display.on.consent.screen": "true", "consent.screen.text": "${addressScopeConsentText}" }, "protocolMappers": [ { "id": "5e9c8afa-e924-4378-b957-391c204dfa97", "name": "address", "protocol": "openid-connect", "protocolMapper": "oidc-address-mapper", "consentRequired": false, "config": { "user.attribute.formatted": "formatted", "user.attribute.country": "country", "user.attribute.postal_code": "postal_code", "userinfo.token.claim": "true", "user.attribute.street": "street", "id.token.claim": "true", "user.attribute.region": "region", "access.token.claim": "true", "user.attribute.locality": "locality" } } ] }, { "id": "532b1821-92bf-4ff7-95b6-cba1f2ca3545", "name": "role_list", "description": "SAML role list", "protocol": "saml", "attributes": { "consent.screen.text": "${samlRoleListScopeConsentText}", "display.on.consent.screen": "true" }, "protocolMappers": [ { "id": "e606a1b0-6772-441e-9799-44ec896ca13d", "name": "role list", "protocol": "saml", "protocolMapper": "saml-role-list-mapper", "consentRequired": false, "config": { "single": "false", "attribute.nameformat": "Basic", "attribute.name": "Role" } } ] }, { "id": "7361627f-bb6e-4ddf-ba05-9f2e449fd636", "name": "email", "description": "OpenID Connect built-in scope: email", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "display.on.consent.screen": "true", "consent.screen.text": "${emailScopeConsentText}" }, "protocolMappers": [ { "id": "99f6051f-a4dc-46fc-bc46-8fdb224028cb", "name": "email verified", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "emailVerified", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "email_verified", "jsonType.label": "boolean" } }, { "id": "4401b7fa-7a4a-416e-91dd-bd94835bcd05", "name": "email", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "email", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "email", "jsonType.label": "String" } } ] }, { "id": "ee4aefa7-398a-4ced-b9fb-f25ad83a1e4e", "name": "profile", "description": "OpenID Connect built-in scope: profile", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "display.on.consent.screen": "true", "consent.screen.text": "${profileScopeConsentText}" }, "protocolMappers": [ { "id": "fddd6ec8-99d1-4654-af68-5a08285845a7", "name": "nickname", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "nickname", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "nickname", "jsonType.label": "String" } }, { "id": "4d70b18c-6ac1-4210-be64-3d975d127eeb", "name": "username", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "username", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "preferred_username", "jsonType.label": "String" } }, { "id": "e60ad476-a109-4f6d-8b8f-638ea737d641", "name": "given name", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "firstName", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "given_name", "jsonType.label": "String" } }, { "id": "1ecac05a-a740-4f49-bdde-66df4b57fdab", "name": "middle name", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "middleName", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "middle_name", "jsonType.label": "String" } }, { "id": "7adb553b-e335-412d-8633-21b1e68fbf5c", "name": "zoneinfo", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "zoneinfo", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "zoneinfo", "jsonType.label": "String" } }, { "id": "b51200b1-ffb2-4222-989d-c78af76318d4", "name": "family name", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "lastName", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "family_name", "jsonType.label": "String" } }, { "id": "cd73c78e-5e78-422d-8f68-818ef766529d", "name": "picture", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "picture", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "picture", "jsonType.label": "String" } }, { "id": "7242207c-dd96-4932-8914-2f36e2d91689", "name": "full name", "protocol": "openid-connect", "protocolMapper": "oidc-full-name-mapper", "consentRequired": false, "config": { "id.token.claim": "true", "access.token.claim": "true", "userinfo.token.claim": "true" } }, { "id": "237dace9-0b8e-4e4c-82c7-b3d588630009", "name": "website", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "website", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "website", "jsonType.label": "String" } }, { "id": "88c56ac7-47a8-45e2-8774-1757b0df8d87", "name": "updated at", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "updatedAt", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "updated_at", "jsonType.label": "String" } }, { "id": "ec68ab29-95cd-476c-a528-fa8d0ca97ae9", "name": "locale", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "locale", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "locale", "jsonType.label": "String" } }, { "id": "0245d1ab-f14b-4bb2-97d2-6f0e1bab41fe", "name": "birthdate", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "birthdate", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "birthdate", "jsonType.label": "String" } }, { "id": "0d95b1c0-85d9-4dfa-b269-e07a890b023d", "name": "profile", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "profile", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "profile", "jsonType.label": "String" } }, { "id": "7c391683-f6a1-4cd7-aca9-2f6690f1700d", "name": "gender", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "gender", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "gender", "jsonType.label": "String" } } ] }, { "id": "28c9327f-b38d-4dd8-81f7-3a5bc95c019f", "name": "offline_access", "description": "OpenID Connect built-in scope: offline_access", "protocol": "openid-connect", "attributes": { "consent.screen.text": "${offlineAccessScopeConsentText}", "display.on.consent.screen": "true" } }, { "id": "6ae5b114-291d-4265-826a-59d66c7257c4", "name": "microprofile-jwt", "description": "Microprofile - JWT built-in scope", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "display.on.consent.screen": "false" }, "protocolMappers": [ { "id": "53f31712-86fe-429a-897f-56f6a68ff04a", "name": "upn", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "username", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "upn", "jsonType.label": "String" } }, { "id": "400bbe92-0c89-42a5-9deb-846465f37832", "name": "groups", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-realm-role-mapper", "consentRequired": false, "config": { "multivalued": "true", "userinfo.token.claim": "true", "user.attribute": "foo", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "groups", "jsonType.label": "String" } } ] }, { "id": "bf928a3a-12bd-4fcc-9c8c-a7302161af9c", "name": "web-origins", "description": "OpenID Connect scope for add allowed web origins to the access token", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "false", "display.on.consent.screen": "false", "consent.screen.text": "" }, "protocolMappers": [ { "id": "47ff8af3-462d-450d-b72e-ed8c280f2df7", "name": "allowed web origins", "protocol": "openid-connect", "protocolMapper": "oidc-allowed-origins-mapper", "consentRequired": false, "config": {} } ] } ], "defaultDefaultClientScopes": [ "role_list", "profile", "email", "roles", "web-origins", "acr" ], "defaultOptionalClientScopes": [ "offline_access", "address", "phone", "microprofile-jwt" ], "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", "xXSSProtection": "1; mode=block", "strictTransportSecurity": "max-age=31536000; includeSubDomains" }, "smtpServer": {}, "eventsEnabled": false, "eventsListeners": [ "jboss-logging" ], "enabledEventTypes": [], "adminEventsEnabled": false, "adminEventsDetailsEnabled": false, "identityProviders": [], "identityProviderMappers": [], "components": { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ { "id": "abc1fcf9-610c-4682-a68c-f2786d19ca2f", "name": "Allowed Protocol Mapper Types", "providerId": "allowed-protocol-mappers", "subType": "anonymous", "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ "saml-role-list-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-address-mapper", "oidc-usermodel-attribute-mapper", "oidc-full-name-mapper" ] } }, { "id": "ce5e7488-00e2-4ce5-99b4-b77ea86a1470", "name": "Allowed Client Scopes", "providerId": "allowed-client-templates", "subType": "anonymous", "subComponents": {}, "config": { "allow-default-scopes": [ "true" ] } }, { "id": "73fcfae3-4890-4c85-becf-f43b29b24db9", "name": "Max Clients Limit", "providerId": "max-clients", "subType": "anonymous", "subComponents": {}, "config": { "max-clients": [ "200" ] } }, { "id": "5faf17f3-6b8f-40ed-9bdc-ae74a638a197", "name": "Full Scope Disabled", "providerId": "scope", "subType": "anonymous", "subComponents": {}, "config": {} }, { "id": "fe7ccadb-4534-4944-a245-bd78633144af", "name": "Consent Required", "providerId": "consent-required", "subType": "anonymous", "subComponents": {}, "config": {} }, { "id": "483b67ab-fe56-4ba9-ab65-3b9ac59bf048", "name": "Trusted Hosts", "providerId": "trusted-hosts", "subType": "anonymous", "subComponents": {}, "config": { "host-sending-registration-request-must-match": [ "true" ], "client-uris-must-match": [ "true" ] } }, { "id": "ebf46274-4329-40c7-8342-7a9c2d3181e5", "name": "Allowed Protocol Mapper Types", "providerId": "allowed-protocol-mappers", "subType": "authenticated", "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ "saml-user-property-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-address-mapper", "saml-role-list-mapper", "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper" ] } }, { "id": "4a34d375-8480-4368-8eb7-516e382e5f28", "name": "Allowed Client Scopes", "providerId": "allowed-client-templates", "subType": "authenticated", "subComponents": {}, "config": { "allow-default-scopes": [ "true" ] } } ], "org.keycloak.userprofile.UserProfileProvider": [ { "id": "1626a49c-1b57-4ca1-a4d7-35e697d0ecc0", "providerId": "declarative-user-profile", "subComponents": {}, "config": { "kc.user.profile.config": [ "{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}],\"unmanagedAttributePolicy\":\"ENABLED\"}" ] } } ], "org.keycloak.keys.KeyProvider": [ { "id": "b8a36dae-a9a7-4d74-b6f6-51dbcf36da2d", "name": "hmac-generated-hs512", "providerId": "hmac-generated", "subComponents": {}, "config": { "priority": [ "100" ], "algorithm": [ "HS512" ] } }, { "id": "527b473f-81bf-4bc1-8c41-667bcefa7414", "name": "aes-generated", "providerId": "aes-generated", "subComponents": {}, "config": { "priority": [ "100" ] } }, { "id": "ad0ab7c0-d4e0-470c-a43c-f4c4d71d5f9e", "name": "rsa-generated", "providerId": "rsa-generated", "subComponents": {}, "config": { "priority": [ "100" ] } }, { "id": "6f1171b4-22eb-4a94-ae64-7c33ed2b8817", "name": "hmac-generated", "providerId": "hmac-generated", "subComponents": {}, "config": { "priority": [ "100" ], "algorithm": [ "HS256" ] } } ] }, "internationalizationEnabled": false, "supportedLocales": [], "authenticationFlows": [ { "id": "0131114f-fc73-4b02-aa5e-bbf7502229e2", "alias": "Handle Existing Account", "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "idp-confirm-link", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": true, "flowAlias": "Handle Existing Account - Alternatives - 0", "userSetupAllowed": false } ] }, { "id": "63219518-105b-4639-8e1d-23d603d2b25f", "alias": "Handle Existing Account - Alternatives - 0", "description": "Subflow of Handle Existing Account with alternative executions", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "idp-email-verification", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", "userSetupAllowed": false } ] }, { "id": "0c5dd2e0-f444-4406-a8f7-88248808bc2e", "alias": "Verify Existing Account by Re-authentication", "description": "Reauthentication of existing account", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "idp-username-password-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication - auth-otp-form - Conditional", "userSetupAllowed": false } ] }, { "id": "f39d06f8-846f-4b4a-9a19-d597187f6d2a", "alias": "Verify Existing Account by Re-authentication - auth-otp-form - Conditional", "description": "Flow to determine if the auth-otp-form authenticator should be used or not.", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "conditional-user-configured", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "d212c8b1-e4dc-4e19-8ed1-d564406885af", "alias": "browser", "description": "browser based authentication", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "auth-cookie", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, "autheticatorFlow": true, "flowAlias": "forms", "userSetupAllowed": false } ] }, { "id": "1d9bc1ff-3b71-4730-ac2c-fae8e1babcdd", "alias": "clients", "description": "Base authentication for clients", "providerId": "client-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "client-secret", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "9a4f37bf-d5d8-41e9-ac3e-ed41575b9ec9", "alias": "direct grant", "description": "OpenID Connect Resource Owner Grant", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "direct-grant-validate-username", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, "autheticatorFlow": true, "flowAlias": "direct grant - direct-grant-validate-otp - Conditional", "userSetupAllowed": false } ] }, { "id": "41cd9c0d-f025-4405-a68d-bc1ad872e48c", "alias": "direct grant - direct-grant-validate-otp - Conditional", "description": "Flow to determine if the direct-grant-validate-otp authenticator should be used or not.", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "conditional-user-configured", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "898f145d-bb61-49d2-9304-43f42a482199", "alias": "docker auth", "description": "Used by Docker clients to authenticate against the IDP", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "docker-http-basic-authenticator", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "9445cbe0-4307-490e-b996-026391c5064b", "alias": "first broker login", "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticatorConfig": "review profile config", "authenticator": "idp-review-profile", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": true, "flowAlias": "first broker login - Alternatives - 0", "userSetupAllowed": false } ] }, { "id": "a544691e-13d5-498f-8986-777358e2d251", "alias": "first broker login - Alternatives - 0", "description": "Subflow of first broker login with alternative executions", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticatorConfig": "create unique user config", "authenticator": "idp-create-user-if-unique", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, "autheticatorFlow": true, "flowAlias": "Handle Existing Account", "userSetupAllowed": false } ] }, { "id": "fcb61660-2e54-4434-be96-ce0b5e5bae13", "alias": "forms", "description": "Username, password, otp and other auth forms.", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "auth-username-password-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, "autheticatorFlow": true, "flowAlias": "forms - auth-otp-form - Conditional", "userSetupAllowed": false } ] }, { "id": "db889a6f-c3c3-4801-8f61-8c1c682df4a9", "alias": "forms - auth-otp-form - Conditional", "description": "Flow to determine if the auth-otp-form authenticator should be used or not.", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "conditional-user-configured", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "3829b8aa-55c8-401a-8684-88c36b74502a", "alias": "registration", "description": "registration flow", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "registration-page-form", "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": true, "flowAlias": "registration form", "userSetupAllowed": false } ] }, { "id": "618d1456-42bb-4737-aa06-f5bde16480fc", "alias": "registration form", "description": "registration form", "providerId": "form-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "registration-user-creation", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "bdd6828c-026b-4a31-9b20-88c1816c7f08", "alias": "reset credentials", "description": "Reset credentials for a user if they forgot their password or something", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "reset-credentials-choose-user", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, "autheticatorFlow": true, "flowAlias": "reset credentials - reset-otp - Conditional", "userSetupAllowed": false } ] }, { "id": "35023257-a65f-4146-9cff-5a07bc1c106a", "alias": "reset credentials - reset-otp - Conditional", "description": "Flow to determine if the reset-otp authenticator should be used or not.", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "conditional-user-configured", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "98ff3c64-bf5e-4101-b218-6dc3b7717f2c", "alias": "saml ecp", "description": "SAML ECP Profile Authentication Flow", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "http-basic-authenticator", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false } ] } ], "authenticatorConfig": [ { "id": "f0446a79-4b15-4c18-abe7-a316f984ece4", "alias": "create unique user config", "config": { "require.password.update.after.registration": "false" } }, { "id": "3a38d4a4-dc5b-4020-9a94-64b61ad9c997", "alias": "review profile config", "config": { "update.profile.on.first.login": "missing" } } ], "requiredActions": [ { "alias": "CONFIGURE_TOTP", "name": "Configure OTP", "providerId": "CONFIGURE_TOTP", "enabled": true, "defaultAction": false, "priority": 10, "config": {} }, { "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, "config": {} }, { "alias": "UPDATE_PASSWORD", "name": "Update Password", "providerId": "UPDATE_PASSWORD", "enabled": true, "defaultAction": false, "priority": 30, "config": {} }, { "alias": "UPDATE_PROFILE", "name": "Update Profile", "providerId": "UPDATE_PROFILE", "enabled": true, "defaultAction": false, "priority": 40, "config": {} }, { "alias": "VERIFY_EMAIL", "name": "Verify Email", "providerId": "VERIFY_EMAIL", "enabled": true, "defaultAction": false, "priority": 50, "config": {} }, { "alias": "delete_account", "name": "Delete Account", "providerId": "delete_account", "enabled": false, "defaultAction": false, "priority": 60, "config": {} }, { "alias": "delete_credential", "name": "Delete Credential", "providerId": "delete_credential", "enabled": true, "defaultAction": false, "priority": 100, "config": {} }, { "alias": "update_user_locale", "name": "Update User Locale", "providerId": "update_user_locale", "enabled": true, "defaultAction": false, "priority": 1000, "config": {} } ], "browserFlow": "browser", "registrationFlow": "registration", "directGrantFlow": "direct grant", "resetCredentialsFlow": "reset credentials", "clientAuthenticationFlow": "clients", "dockerAuthenticationFlow": "docker auth", "firstBrokerLoginFlow": "first broker login", "attributes": { "cibaBackchannelTokenDeliveryMode": "poll", "cibaExpiresIn": "120", "cibaAuthRequestedUserHint": "login_hint", "oauth2DeviceCodeLifespan": "600", "oauth2DevicePollingInterval": "5", "parRequestUriLifespan": "60", "cibaInterval": "5", "realmReusableOtpCode": "false" }, "keycloakVersion": "24.0.4", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] }, "clientPolicies": { "policies": [] } } ```

.env

PACS_PATH=/var/local/dcm4chee-arc
ETC_PATH=/etc

Dockerfile openresty

FROM openresty/openresty:1.21.4.2-0-bullseye-fat

RUN apt-get update && \
  apt-get install -y openssl libssl-dev git gcc wget unzip make&& \
  apt-get clean

RUN apt-get install --assume-yes lua5.4 libzmq3-dev lua5.4-dev
RUN cd /tmp && \
  wget http://luarocks.org/releases/luarocks-3.9.2.tar.gz && \
  tar zxpf luarocks-3.9.2.tar.gz && \
  cd luarocks-3.9.2 && \
  ./configure && \
  make && \
  make install

RUN luarocks install lua-cjson
RUN luarocks install lua-resty-string

RUN luarocks install lua-resty-session
RUN luarocks install lua-resty-jwt
RUN luarocks install lua-resty-openidc
RUN luarocks install lua-resty-http
RUN luarocks install lua-resty-auto-ssl

EXPOSE 80

server.conf

server {
    # http2
    listen 443 ssl default_server;

    #ssl_certificate /var/www/html/config/riodasostras_rj_gov_br_chained.crt;
    #ssl_certificate_key /var/www/html/config/riodasostras_rj_gov_br.key;
    ssl_certificate /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;

    server_name pacs.riodasostras.rj.gov.br; # substitute your machine's IP address or FQDN and port
    root /opt/nginx/html;
    resolver 127.0.0.11 valid=1s ipv6=off;
    access_log off;
    error_log /var/logs/nginx/error.log;

    # https://github.com/bungle/lua-resty-session/issues/15
    set $session_check_ssi off;
    lua_code_cache off;
    set $session_secret Eeko7aeb6iu5Wohch9Loo1aitha0ahd1;
    set $session_storage cookie;

    expires 0;
    add_header Cache-Control private;

     location /auth {
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        #proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_pass http://10.0.0.29:3333;
    }

    location /oviyam/ {
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        #proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Port $server_port;

        #sub_filter_once on;
        #sub_filter_types text/html;
        #sub_filter "Exames do Dia" "Exames do Dia teste'";

        proxy_pass http://10.0.0.29:83/;
        #proxy_redirect http://$proxy_host:83 http://pacs.riodasostras.rj.gov.br/oviyam/;

    }

    location ^~ /pacs/ {
        if ($request_method = 'OPTIONS') {
            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            #
            # Custom headers and headers various browsers *should* be OK with but aren't
            #
            add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
            #
            # Tell client that this pre-flight info is valid for 20 days
            #
            add_header 'Access-Control-Allow-Headers' 'Authorization';
            add_header 'Access-Control-Allow-Credentials' true;
            add_header 'Access-Control-Max-Age' 1728000;
            add_header 'Content-Length' 0;
            return 204;
        }
        if ($request_method = 'POST') {
            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
            add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
        }
        if ($request_method = 'GET') {
            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
            add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
            add_header 'Access-Control-Allow-Headers' 'Authorization';
            add_header 'Access-Control-Allow-Credentials' true;
        }

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Port $server_port;
        expires 0;
        add_header Cache-Control private;
        proxy_pass http://10.0.0.29:8080/;
        #proxy_read_timeout 90;
        #proxy_redirect http://10.0.0.29:8080 http://$server_name/pacs/;
    }

    # account for DCM4CHER post login redirect
    location ^~ /dcm4chee-arc/ui2/ {
        return 301 http://$server_name/pacs$request_uri;
    }

    # Do not cache sw.js, required for offline-first updates.
    location /sw.js {
        add_header Cache-Control "no-cache";
        proxy_cache_bypass $http_pragma;
        proxy_cache_revalidate on;
        expires off;
        access_log off;
    }

    # Send OHIF Viewer requests to the OHIF Viewer server.
    location / {
        # access_by_lua_block {
        #     local opts = {               
        #         redirect_uri_path = "/redirect_uri",
        #         redirect_uri = "http://localhost/redirect_uri",
        #         discovery = "http://10.0.0.29/auth/realms/ohif/.well-known/openid-configuration",
        #         token_endpoint_auth_method = "client_secret_basic",
        #         client_id = "pacs",
        #         client_secret = "66279641-eba6-47f5-9fdb-70c4ac74d548",
        #         client_jwt_assertion_expires_in = 60 * 60,
        #         ssl_verify = "no",
        #         scope = "openid email profile",
        #         refresh_session_interval = 900,
        #         redirect_uri_scheme = "http",
        #         redirect_after_logout_uri = "http://localhost:3000/realms/key/protocol/openid-connect/logout?redirect_uri=http://localhost/",
        #         redirect_after_logout_with_id_token_hint = false,
        #         session_contents = {id_token=tru}
        #     }

        #     -- call authenticate for OpenID Connect user authentication
        #     local res, err = require("resty.openidc").authenticate(opts)
        #     if err or not res then
        #         ngx.print(err)
        #         ngx.status = 200
        #         ngx.say(err and err or "no access_token provided")
        #         ngx.exit(ngx.HTTP_FORBIDDEN)
        #     end
        #     -- Or set cookie?
        #     -- ngx.req.set_header("Authorization", "Bearer " .. res.access_token)
        #     -- ngx.req.set_header("X-USER", res.id_token.sub)
        # }

        add_header Cache-Control "no-cache";
        proxy_cache_bypass $http_pragma;
        proxy_cache_revalidate on;
        expires off;
        access_log off;

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Port $server_port;
        # host.docker.internal
        proxy_pass http://10.0.0.29:3000/;
        #proxy_read_timeout 90;
        #proxy_redirect http://viewer:3000 http://$server_name;
    }

}

nginx.conf

worker_processes 2;
error_log /var/logs/nginx/error.log;
pid /var/run/nginx.pid;
include /usr/share/nginx/modules/*.conf; # See /usr/share/doc/nginx/README.dynamic.

events {
    worker_connections 1024; ## Default: 1024
    use epoll; # http://nginx.org/en/docs/events.html
    multi_accept on; # http://nginx.org/en/docs/ngx_core_module.html#multi_accept
}

# Core Modules Docs:
# http://nginx.org/en/docs/http/ngx_http_core_module.html
http {
    include '/usr/local/openresty/nginx/conf/mime.types';
    #default_type application/octet-stream;

    proxy_buffer_size   128k;
    proxy_buffers   4 256k;
    proxy_busy_buffers_size   256k;

    default_type text/plain;

    keepalive_timeout 65;
    keepalive_requests 100000;
    tcp_nopush on;
    tcp_nodelay on;

    # lua_ settings
    #
    lua_package_path '/usr/local/openresty/lualib/?.lua;;/usr/local/share/lua/5.4/?.lua;;';
    lua_shared_dict discovery 1m; # cache for discovery metadata documents
    lua_shared_dict jwks 1m; # cache for JWKs
    # lua_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;

    variables_hash_max_size 2048;
    server_names_hash_bucket_size 128;
    server_tokens off;

    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
    '$status $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';

    include /etc/nginx/conf.d/*.conf;
}

app-config.js

window.config = {
  routerBasename: '/',
  // whiteLabeling: {},
  extensions: [],
  modes: [],
  customizationService: {},
  showStudyList: true,
  // some windows systems have issues with more than 3 web workers
  maxNumberOfWebWorkers: 3,
  // below flag is for performance reasons, but it might not work for all servers
  showWarningMessageForCrossOrigin: true,
  showCPUFallbackMessage: true,
  showLoadingIndicator: true,
  strictZSpacingForVolumeViewport: true,
  groupEnabledModesFirst: true,
  maxNumRequests: {
    interaction: 100,
    thumbnail: 75,
    // Prefetch number is dependent on the http protocol. For http 2 or
    // above, the number of requests can be go a lot higher.
    prefetch: 25,
  },
  // filterQueryParam: false,
  defaultDataSourceName: 'dicomweb',
  dataSources: [
    {
      namespace: '@ohif/extension-default.dataSourcesModule.dicomweb',
      sourceName: 'dicomweb',
      configuration: {
        friendlyName: 'DCM4CHEE wado server',
        name: 'aws',
        //wadoUriRoot: 'https://d33do7qe4w26qo.cloudfront.net/dicomweb',
        //qidoRoot: 'https://d33do7qe4w26qo.cloudfront.net/dicomweb',
        //wadoRoot: 'https://d33do7qe4w26qo.cloudfront.net/dicomweb',
        wadoUriRoot: '/pacs/dcm4chee-arc/aets/DCM4CHEE/wado',
        qidoRoot: '/pacs/dcm4chee-arc/aets/DCM4CHEE/rs',
        wadoRoot: '/pacs/dcm4chee-arc/aets/DCM4CHEE/rs',
        qidoSupportsIncludeField: false,
        imageRendering: 'wadors',
        thumbnailRendering: 'wadors',
        enableStudyLazyLoad: true,
        supportsFuzzyMatching: false,
        supportsWildcard: true,
        staticWado: true,
        singlepart: 'bulkdata,video',
        // whether the data source should use retrieveBulkData to grab metadata,
        // and in case of relative path, what would it be relative to, options
        // are in the series level or study level (some servers like series some study)
        bulkDataURI: {
          enabled: true,
          relativeResolution: 'studies',
        },
        omitQuotationForMultipartRequest: true,
      },
    },

  ],
  httpErrorHandler: error => {
    // This is 429 when rejected from the public idc sandbox too often.
    console.warn(error.status);

    // Could use services manager here to bring up a dialog/modal if needed.
    console.warn('test, navigate to https://ohif.org/');
  },

  hotkeys: [
    {
      commandName: 'incrementActiveViewport',
      label: 'Next Viewport',
      keys: ['right'],
    },
    {
      commandName: 'decrementActiveViewport',
      label: 'Previous Viewport',
      keys: ['left'],
    },
    { commandName: 'rotateViewportCW', label: 'Rotate Right', keys: ['r'] },
    { commandName: 'rotateViewportCCW', label: 'Rotate Left', keys: ['l'] },
    { commandName: 'invertViewport', label: 'Invert', keys: ['i'] },
    {
      commandName: 'flipViewportHorizontal',
      label: 'Flip Horizontally',
      keys: ['h'],
    },
    {
      commandName: 'flipViewportVertical',
      label: 'Flip Vertically',
      keys: ['v'],
    },
    { commandName: 'scaleUpViewport', label: 'Zoom In', keys: ['+'] },
    { commandName: 'scaleDownViewport', label: 'Zoom Out', keys: ['-'] },
    { commandName: 'fitViewportToWindow', label: 'Zoom to Fit', keys: ['='] },
    { commandName: 'resetViewport', label: 'Reset', keys: ['space'] },
    { commandName: 'nextImage', label: 'Next Image', keys: ['down'] },
    { commandName: 'previousImage', label: 'Previous Image', keys: ['up'] },
    // {
    //   commandName: 'previousViewportDisplaySet',
    //   label: 'Previous Series',
    //   keys: ['pagedown'],
    // },
    // {
    //   commandName: 'nextViewportDisplaySet',
    //   label: 'Next Series',
    //   keys: ['pageup'],
    // },
    {
      commandName: 'setToolActive',
      commandOptions: { toolName: 'Zoom' },
      label: 'Zoom',
      keys: ['z'],
    },
    // ~ Window level presets
    {
      commandName: 'windowLevelPreset1',
      label: 'W/L Preset 1',
      keys: ['1'],
    },
    {
      commandName: 'windowLevelPreset2',
      label: 'W/L Preset 2',
      keys: ['2'],
    },
    {
      commandName: 'windowLevelPreset3',
      label: 'W/L Preset 3',
      keys: ['3'],
    },
    {
      commandName: 'windowLevelPreset4',
      label: 'W/L Preset 4',
      keys: ['4'],
    },
    {
      commandName: 'windowLevelPreset5',
      label: 'W/L Preset 5',
      keys: ['5'],
    },
    {
      commandName: 'windowLevelPreset6',
      label: 'W/L Preset 6',
      keys: ['6'],
    },
    {
      commandName: 'windowLevelPreset7',
      label: 'W/L Preset 7',
      keys: ['7'],
    },
    {
      commandName: 'windowLevelPreset8',
      label: 'W/L Preset 8',
      keys: ['8'],
    },
    {
      commandName: 'windowLevelPreset9',
      label: 'W/L Preset 9',
      keys: ['9'],
    },
  ],

  oidc: [
    {
      // ~ REQUIRED
      // Authorization Server URL
      authority: 'https://pacs.riodasostras.rj.gov.br/auth/realms/ohif/',
      client_id: 'ohif-viewer',
      redirect_uri: 'https://pacs.riodasostras.rj.gov.br/callback',
      response_type: 'code',//id_token token
      scope: 'openid',
      // ~ OPTIONAL
      //post_logout_redirect_uri: '/logout-redirect.html',
      //revoke_uri: 'https://accounts.google.com/o/oauth2/revoke?token=',
      automaticSilentRenew: true,
      revokeAccessTokenOnSignout: true,
    },
  ],

};

docker-compose.yml

version: "3.8"
networks:
  dcm4chee_default:
    #driver: overlay

volumes:
    storage-storage:
      driver: local
      driver_opts:
        type: cifs
        device: //10.0.0.30/Imagens/dcm4chee-arc/wildfly/data/fs1
        o: addr=10.0.0.30,username=pacs,password=P@csPMR0,file_mode=0600,dir_mode=0700,uid=1023,gid=1023,vers=2.0
    storage-wildfly:
      driver: local
      driver_opts:
        type: none
        o: bind        
        device: ${PACS_PATH}/wildfly          
    storage-db:
      driver: local
      driver_opts:
        type: none
        o: bind        
        device: ${PACS_PATH}/db       
    storage-ldap:     
      driver: local
      driver_opts:
        type: none
        o: bind        
        device: ${PACS_PATH}/ldap    
    storage-slapd:     
      driver: local
      driver_opts:
        type: none
        o: bind        
        device: ${PACS_PATH}/slapd.d   
    storage-oviyam:     
      driver: local
      driver_opts:
        type: none
        o: bind        
        device: ${PACS_PATH}/oviyam    

    storage-dbkeycloak:     
      driver: local
      driver_opts:
        type: none
        o: bind        
        device: ${PACS_PATH}/dbkeycloak    

services:
  ldap:
    image: dcm4che/slapd-dcm4chee:2.4.44-12.0
    ports: 
      - "389:389" 
    #restart: always
    networks:
      - dcm4chee_default
    volumes:
      - ${ETC_PATH}/localtime:/etc/localtime:ro
      - ${ETC_PATH}/timezone:/etc/timezone:ro
      - storage-ldap:/var/lib/ldap 
      - storage-slapd:/etc/ldap/slapd.d 
  db:
    image: dcm4che/postgres-dcm4chee:10.0-12
    ports:
      - "5432:5432" 
    #restart: always
    networks:
      - dcm4chee_default
    volumes:
      - ${ETC_PATH}/localtime:/etc/localtime:ro 
      - ${ETC_PATH}/timezone:/etc/timezone:ro 
      - storage-db:/var/lib/postgresql/data 
    environment:
      POSTGRES_DB: pacsdb 
      POSTGRES_USER: pacs 
      POSTGRES_PASSWORD: pacs
  arc:
    image: dcm4che/dcm4chee-arc-psql:5.12.0
    ports: 
      - "8080:8080"
      - "8443:8443"
      - "9990:9990"
      - "11112:11112"
      - "2575:2575"
    #restart: always
    networks:
      - dcm4chee_default   
    environment:
      POSTGRES_DB: pacsdb 
      POSTGRES_USER: pacs 
      POSTGRES_PASSWORD: pacs
      WILDFLY_WAIT_FOR: ldap:389 db:5432      
    volumes:
      - ${ETC_PATH}/localtime:/etc/localtime:ro 
      - ${ETC_PATH}/timezone:/etc/timezone:ro 
      - storage-wildfly:/opt/wildfly/standalone
      - storage-storage:/opt/wildfly/standalone/data/fs1      
    depends_on:
      - ldap
      - db  
  oviyam:
    image: informaticamedica/oviyam:2.7.1
    ports: ["83:8080","1025:1025"]
    #restart: always
    networks:
      - dcm4chee_default
    volumes:
      - storage-oviyam:/usr/local/tomcat/work
      - ${PACS_PATH}/tomcat-users.xml:/usr/local/tomcat/conf/tomcat-users.xml
    depends_on:
      - arc  

  dbkeycloak:
    image: postgres
    #restart: unless-stopped
    volumes:
        - storage-dbkeycloak:/var/lib/postgresql/data
    environment: 
        POSTGRES_DB: keycloak
        POSTGRES_USER: pacs
        POSTGRES_PASSWORD: pacs
    logging:
      options:
        max-size: 10m
        max-file: "13"    
    ports:
        - 5433:5432
    networks: 
        - dcm4chee_default
  keycloak:
    image: quay.io/keycloak/keycloak:24.0.4     
    #,"--http-relative-path=auth"
    #,"--hostname-strict=false"
    command: ["start-dev","--proxy-headers", "xforwarded"]
    restart: unless-stopped
    environment:
      KC_DB: postgres
      KC_DB_USERNAME: pacs
      KC_DB_PASSWORD: pacs
      KC_DB_URL_PORT: 5433
      KC_DB_URL: jdbc:postgresql://10.0.0.29:5433/keycloak
      KEYCLOAK_ADMIN: admin
      KEYCLOAK_ADMIN_PASSWORD: Pa55w0rd   
      KC_HTTP_ENABLED: true
      #KC_HOSTNAME: keycloak
      #KC_HOSTNAME_URL: http://localhost:3333/auth
      #KC_HOSTNAME_ADMIN_URL: http://localhost:3333/auth
      KC_HTTP_RELATIVE_PATH: /auth
      KC_HOSTNAME_STRICT_HTTPS: false
      KC_HOSTNAME_STRICT: false
      #KC_PROXY: edge
      #KC_PROXY_ADDRESS_FORWARDING: true     
    ports:
        - 3333:8080
    depends_on:
        - dbkeycloak
    networks:
        - dcm4chee_default    
  openresty:
    build:
      context: ./openresty
      dockerfile: Dockerfile
    image: openresty
    ports:
      - 80:80   
      - 443:443
    networks:
      - dcm4chee_default
    volumes:  
      - ${PACS_PATH}/openresty/nginx.conf:/usr/local/openresty/nginx/conf/nginx.conf:ro          
      - ${PACS_PATH}/openresty/server.conf:/etc/nginx/conf.d/default.conf
      - ${PACS_PATH}/openresty/logs:/var/logs/nginx
      - ${PACS_PATH}/openresty/ssl/riodasostras_rj_gov_br_chained.crt:/etc/nginx/ssl/nginx.crt
      - ${PACS_PATH}/openresty/ssl/riodasostras_rj_gov_br.key:/etc/nginx/ssl/nginx.key

  ohif:   
    image: ohif/app:v3.9.0-beta.7
    volumes:
      - ${PACS_PATH}/ohif/app-config.js:/usr/share/nginx/html/app-config.js
    ports:      
      - 3000:80
    networks:
      - dcm4chee_default  
    depends_on:     
      - openresty        

The current behavior

crash while loading data and put a bunch of question marks in the URL while loading data

The expected behavior

not crash while loading data and not put a bunch of question marks in the URL while loading data

OS

debian bookworm

Node version

?

Browser

Chrome last version in windows

[vinifa]

I had the same problem. And everything indicates without regards to authentication. Commenting on the part with authentication, the system works correctly again.

[sedghi]

@IbrahimCSAE test if our new setup would solve this as well please

[IbrahimCSAE]

Yes this is fixed @sedghi , closing it

[sedghi]

We recently added several recipes for implementing authentication with Keycloak in OHIF. You can find them here:

https://docs.ohif.org/deployment/user-account-control