qcaas-nhs-sjt
commented
8 months ago @vvcb To give an update, spent much of today on this issue. Making slow progress as nothing is very well documented and there are lots of dependency issues as often happens in spring boot in my experience.
In order to activate security mode, I had to setup SSL directly on the container (which is done), however because of the standard security in linux on aks clusters we cannot run this on port 443, unfortunately assigning java permissions to run a server hasn't done anything so I couldn't seem to get around this with linux capabilities in the ususal way so I've had to give it port number 8443 on the container. This wouldn't be a problem but different components of spring boot redirect you to the server port automatically rather than using the port for the reverse proxy. I've managed to largely get around this using a rewrite rule on the nginx ingress rules for WebAPI and I've managed to get authentication sort of working. However there is still one redirect which happens once you've logged on. If you ignore the error and go back to the home page you'll be logged in, though currently I have no permissions.
Sadly, many of the parameters are either incorrect in the documentation for ATLAS are just incomplete or out of date and don't tell the whole story. I'll keep trying to figure this out on Thursday, fingers crossed fresh eyes and i'll get it sorted.
vvcb
As architect I would like to add authentication/authorisation to OHDSI Atlas and Web API.
AC: This should use keycloak to authenticate users and give them appropriate access according to the users role membership in keycloak