http://mircwiki.rsna.org/index.php?title=CTP_Authentication_Using_OpenAM&feed=atom&action=historyCTP Authentication Using OpenAM - Revision history2024-03-29T10:55:59ZRevision history for this page on the wikiMediaWiki 1.35.5http://mircwiki.rsna.org/index.php?title=CTP_Authentication_Using_OpenAM&diff=7654&oldid=prevJohnperry: /* DEBUG Logging */2014-03-06T02:14:21Z<p><span dir="auto"><span class="autocomment">DEBUG Logging</span></span></p>
<table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 02:14, 6 March 2014</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l75" >Line 75:</td>
<td colspan="2" class="diff-lineno">Line 75:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Save the file and start CTP. Authentication steps will be logged in the <b><tt>CTP/logs/ctp.log</tt></b> file.</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Save the file and start CTP. Authentication steps will be logged in the <b><tt>CTP/logs/ctp.log</tt></b> file.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>Note that <del class="diffchange diffchange-inline">this </del>file is overwritten in a CTP upgrade.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>Note that <ins class="diffchange diffchange-inline">the <b><tt>CTP/log4j.properties</tt></b> </ins>file is overwritten in a CTP upgrade.</div></td></tr>
</table>Johnperryhttp://mircwiki.rsna.org/index.php?title=CTP_Authentication_Using_OpenAM&diff=7653&oldid=prevJohnperry: /* OpenAMTest */2014-03-06T02:10:08Z<p><span dir="auto"><span class="autocomment">OpenAMTest</span></span></p>
<table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 02:10, 6 March 2014</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l40" >Line 40:</td>
<td colspan="2" class="diff-lineno">Line 40:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Set the OpenAM Server field to point to your OpenAM server.</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Set the OpenAM Server field to point to your OpenAM server.</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* Set the Test Server to point to an unused port on your test computer. The program will open a server on this port to receive the connections from the browser after it has been redirected by the OpenAM server.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* Set the Test Server <ins class="diffchange diffchange-inline">field </ins>to point to an unused port on your test computer. The program will open a server on this port to receive the connections from the browser after it has been redirected by the OpenAM server.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Click the SSO Cookie button. The program will contact the OpenAM server to get the name of the SSO cookie and display it.</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Click the SSO Cookie button. The program will contact the OpenAM server to get the name of the SSO cookie and display it.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Click the Login button. The program will launch your browser and go to the OpenAM login page.</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Click the Login button. The program will launch your browser and go to the OpenAM login page.</div></td></tr>
</table>Johnperryhttp://mircwiki.rsna.org/index.php?title=CTP_Authentication_Using_OpenAM&diff=7652&oldid=prevJohnperry at 17:46, 5 March 20142014-03-05T17:46:13Z<p></p>
<table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 17:46, 5 March 2014</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l12" >Line 12:</td>
<td colspan="2" class="diff-lineno">Line 12:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>*<b>openAMURL</b> specifies the full URL of the OpenAM server, including the protocol and the port. </div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>*<b>openAMURL</b> specifies the full URL of the OpenAM server, including the protocol and the port. </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>A brief description of the authentication <del class="diffchange diffchange-inline">mechanism </del>may be helpful in testing.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>A brief description of the authentication <ins class="diffchange diffchange-inline">process </ins>may be helpful in testing.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>A user establishes a Single-Sign-On (SSO) session with the OpenAM server by accessing the server's login page. In CTP installations (including ISN), the login page URL includes the URL of the target system to which the user wishes to be redirected (CTP or the Edge Server). For example, to be authenticated and then redirected to a CTP server, the login URL might be:</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>A user establishes a Single-Sign-On (SSO) session with the OpenAM server by accessing the server's login page. In CTP installations (including ISN), the login page URL includes the URL of the target system to which the user wishes to be redirected (CTP or the Edge Server). For example, to be authenticated and then redirected to a CTP server, the login URL might be:</div></td></tr>
</table>Johnperryhttp://mircwiki.rsna.org/index.php?title=CTP_Authentication_Using_OpenAM&diff=7651&oldid=prevJohnperry: /* OpenAMTest */2014-03-05T17:41:46Z<p><span dir="auto"><span class="autocomment">OpenAMTest</span></span></p>
<table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 17:41, 5 March 2014</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l37" >Line 37:</td>
<td colspan="2" class="diff-lineno">Line 37:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>The default values are ones that were used at the Mallinckrodt Institute of Radiology during ISN testing, so they <del class="diffchange diffchange-inline">won’t be </del>useful <del class="diffchange diffchange-inline">in your case</del>. </div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>The default values are ones that were used at the Mallinckrodt Institute of Radiology during ISN testing, so they <ins class="diffchange diffchange-inline">are </ins>useful <ins class="diffchange diffchange-inline">only as examples</ins>. </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Set the OpenAM Server field to point to your OpenAM server.</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Set the OpenAM Server field to point to your OpenAM server.</div></td></tr>
</table>Johnperryhttp://mircwiki.rsna.org/index.php?title=CTP_Authentication_Using_OpenAM&diff=7650&oldid=prevJohnperry at 17:38, 5 March 20142014-03-05T17:38:38Z<p></p>
<table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 17:38, 5 March 2014</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l20" >Line 20:</td>
<td colspan="2" class="diff-lineno">Line 20:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>The OpenAM server returns a page containing a form allowing the user to enter the username and password.</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>The OpenAM server returns a page containing a form allowing the user to enter the username and password.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>When the Log In button is clicked on the page, the browser posts the form to the OpenAM server, which authenticates the user and, if the credentials are accepted, redirects the browser to the URL specified in the <b><tt>goto</tt></b> query parameter. The redirect response sent by the OpenAM server to the browser includes a Set-Cookie header setting a domain cookie for the SSO session. The browser then provides that cookie in all subsequent requests in that domain.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>When the Log In button is clicked on the page, the browser posts the form to the OpenAM server, which authenticates the user and, if the credentials are accepted, redirects the browser to the URL specified in the <b><tt>goto</tt></b> query parameter. The redirect response sent by the OpenAM server to the browser includes a Set-Cookie header setting a domain cookie for the SSO session. The browser then provides that cookie in all subsequent requests <ins class="diffchange diffchange-inline">to servers </ins>in that domain.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>:Note: All testing has been done with the OpenAM server and the destination CTP server in the same domain. It's not clear whether the SSO session cookie is set on the domain of the destination URL or on the domain of the OpenAM server. A test with the two servers in different domains did not result in the destination server receiving the SSO cookie.</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>:Note: All testing has been done with the OpenAM server and the destination CTP server in the same domain. It's not clear whether the SSO session cookie is set on the domain of the destination URL or on the domain of the OpenAM server. A test with the two servers in different domains did not result in the destination server receiving the SSO cookie.</div></td></tr>
</table>Johnperryhttp://mircwiki.rsna.org/index.php?title=CTP_Authentication_Using_OpenAM&diff=7649&oldid=prevJohnperry at 17:36, 5 March 20142014-03-05T17:36:28Z<p></p>
<table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 17:36, 5 March 2014</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l3" >Line 3:</td>
<td colspan="2" class="diff-lineno">Line 3:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>The CTP OpenAM authentication mechanism uses an external OpenAM server to authenticate users' sessions and to obtain users' roles. This mechanism is different from the LDAP mechanism in that no user information is stored locally. </div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>The CTP OpenAM authentication mechanism uses an external OpenAM server to authenticate users' sessions and to obtain users' roles. This mechanism is different from the LDAP mechanism in that no user information is stored locally. </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>The OpenAM authentication mechanism is configured in the <b><tt>OpenAM</tt></b> child element of the <b><tt>Server</tt></b> element in the CTP configuration file (<b><tt>config.xml</tt></b>). The Server element is described in the [[CTP-The_RSNA_Clinical_Trial_Processor#Server|top-level CTP article]]. To configure CTP to use OpenAM authentication, The <b><tt>usersClassName</tt></b> attribute of the Server element must be set to <b><tt>org.rsna.server.UsersOpenAMImpl</tt></b>, and the <b><tt>OpenAM</tt></b> child element must be appended to the Server element. The OpenAM child element is shown below:</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>The OpenAM authentication mechanism is configured in the <b><tt>OpenAM</tt></b> child element of the <b><tt>Server</tt></b> element in the CTP configuration file (<b><tt>config.xml</tt></b>). The Server element is described in the [[CTP-The_RSNA_Clinical_Trial_Processor#Server|top-level CTP article]]. To configure CTP to use OpenAM authentication, The <b><tt>usersClassName</tt></b> attribute of the Server element must be set to <b><tt>org.rsna.server.UsersOpenAMImpl</tt></b>, and the <b><tt>OpenAM</tt></b> child element must be appended to the Server element. The <ins class="diffchange diffchange-inline"><b><tt></ins>OpenAM<ins class="diffchange diffchange-inline"></tt></b> </ins>child element is shown below:</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><pre></div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><pre></div></td></tr>
</table>Johnperryhttp://mircwiki.rsna.org/index.php?title=CTP_Authentication_Using_OpenAM&diff=7648&oldid=prevJohnperry at 17:35, 5 March 20142014-03-05T17:35:39Z<p></p>
<table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 17:35, 5 March 2014</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l3" >Line 3:</td>
<td colspan="2" class="diff-lineno">Line 3:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>The CTP OpenAM authentication mechanism uses an external OpenAM server to authenticate users' sessions and to obtain users' roles. This mechanism is different from the LDAP mechanism in that no user information is stored locally. </div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>The CTP OpenAM authentication mechanism uses an external OpenAM server to authenticate users' sessions and to obtain users' roles. This mechanism is different from the LDAP mechanism in that no user information is stored locally. </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>The OpenAM authentication mechanism is configured in the OpenAM child element of the <b><tt>Server</tt></b> element in the CTP configuration file (<b><tt>config.xml</tt></b>). The Server element is described in the [[CTP-The_RSNA_Clinical_Trial_Processor#Server|top-level CTP article]]. To configure CTP to use OpenAM authentication, The <b><tt>usersClassName</tt></b> attribute of the Server element must be set to <b><tt>org.rsna.server.UsersOpenAMImpl</tt></b>, and the OpenAM child element must be appended to the Server element. The OpenAM child element is shown below:</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>The OpenAM authentication mechanism is configured in the <ins class="diffchange diffchange-inline"><b><tt></ins>OpenAM<ins class="diffchange diffchange-inline"></tt></b> </ins>child element of the <b><tt>Server</tt></b> element in the CTP configuration file (<b><tt>config.xml</tt></b>). The Server element is described in the [[CTP-The_RSNA_Clinical_Trial_Processor#Server|top-level CTP article]]. To configure CTP to use OpenAM authentication, The <b><tt>usersClassName</tt></b> attribute of the Server element must be set to <b><tt>org.rsna.server.UsersOpenAMImpl</tt></b>, and the <ins class="diffchange diffchange-inline"><b><tt></ins>OpenAM<ins class="diffchange diffchange-inline"></tt></b> </ins>child element must be appended to the Server element. The OpenAM child element is shown below:</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><pre></div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><pre></div></td></tr>
</table>Johnperryhttp://mircwiki.rsna.org/index.php?title=CTP_Authentication_Using_OpenAM&diff=7647&oldid=prevJohnperry: Protected "CTP Authentication Using OpenAM" ([edit=sysop] (indefinite) [move=sysop] (indefinite))2014-03-05T17:33:53Z<p>Protected "<a href="/index.php?title=CTP_Authentication_Using_OpenAM" title="CTP Authentication Using OpenAM">CTP Authentication Using OpenAM</a>" ([edit=sysop] (indefinite) [move=sysop] (indefinite))</p>
<table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface">
<tr class="diff-title" lang="en">
<td colspan="1" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="1" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 17:33, 5 March 2014</td>
</tr><tr><td colspan="2" class="diff-notice" lang="en"><div class="mw-diff-empty">(No difference)</div>
</td></tr></table>Johnperryhttp://mircwiki.rsna.org/index.php?title=CTP_Authentication_Using_OpenAM&diff=7646&oldid=prevJohnperry at 16:54, 5 March 20142014-03-05T16:54:45Z<p></p>
<table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 16:54, 5 March 2014</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l22" >Line 22:</td>
<td colspan="2" class="diff-lineno">Line 22:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>When the Log In button is clicked on the page, the browser posts the form to the OpenAM server, which authenticates the user and, if the credentials are accepted, redirects the browser to the URL specified in the <b><tt>goto</tt></b> query parameter. The redirect response sent by the OpenAM server to the browser includes a Set-Cookie header setting a domain cookie for the SSO session. The browser then provides that cookie in all subsequent requests in that domain.</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>When the Log In button is clicked on the page, the browser posts the form to the OpenAM server, which authenticates the user and, if the credentials are accepted, redirects the browser to the URL specified in the <b><tt>goto</tt></b> query parameter. The redirect response sent by the OpenAM server to the browser includes a Set-Cookie header setting a domain cookie for the SSO session. The browser then provides that cookie in all subsequent requests in that domain.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>:Note: All testing has been done with the OpenAM server and the destination CTP server in the same domain. It's not clear whether the SSO session cookie is set on the domain of the destination URL or on the domain of the OpenAM server. A <del class="diffchange diffchange-inline">simple </del>test with the two servers in different domains did not result in the destination server receiving the SSO cookie.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>:Note: All testing has been done with the OpenAM server and the destination CTP server in the same domain. It's not clear whether the SSO session cookie is set on the domain of the destination URL or on the domain of the OpenAM server. A test with the two servers in different domains did not result in the destination server receiving the SSO cookie.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>When the destination system receives the HTTP connection from the browser, it sees the session cookie and validates it with the OpenAM server. With a valid cookie, the system can obtain the user's attributes from the OpenAM server.</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>When the destination system receives the HTTP connection from the browser, it sees the session cookie and validates it with the OpenAM server. With a valid cookie, the system can obtain the user's attributes from the OpenAM server.</div></td></tr>
</table>Johnperryhttp://mircwiki.rsna.org/index.php?title=CTP_Authentication_Using_OpenAM&diff=7645&oldid=prevJohnperry at 16:54, 5 March 20142014-03-05T16:54:00Z<p></p>
<table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 16:54, 5 March 2014</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l22" >Line 22:</td>
<td colspan="2" class="diff-lineno">Line 22:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>When the Log In button is clicked on the page, the browser posts the form to the OpenAM server, which authenticates the user and, if the credentials are accepted, redirects the browser to the URL specified in the <b><tt>goto</tt></b> query parameter. The redirect response sent by the OpenAM server to the browser includes a Set-Cookie header setting a domain cookie for the SSO session. The browser then provides that cookie in all subsequent requests in that domain.</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>When the Log In button is clicked on the page, the browser posts the form to the OpenAM server, which authenticates the user and, if the credentials are accepted, redirects the browser to the URL specified in the <b><tt>goto</tt></b> query parameter. The redirect response sent by the OpenAM server to the browser includes a Set-Cookie header setting a domain cookie for the SSO session. The browser then provides that cookie in all subsequent requests in that domain.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>:Note: All testing has been done with the OpenAM server and the destination CTP server in the same domain. It's not clear whether the SSO session cookie is set on the domain of the destination URL or on the domain of the OpenAM server.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>:Note: All testing has been done with the OpenAM server and the destination CTP server in the same domain. It's not clear whether the SSO session cookie is set on the domain of the destination URL or on the domain of the OpenAM server<ins class="diffchange diffchange-inline">. A simple test with the two servers in different domains did not result in the destination server receiving the SSO cookie</ins>.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>When the destination system receives the HTTP connection from the browser, it sees the session cookie and validates it with the OpenAM server. With a valid cookie, the system can obtain the user's attributes from the OpenAM server.</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>When the destination system receives the HTTP connection from the browser, it sees the session cookie and validates it with the OpenAM server. With a valid cookie, the system can obtain the user's attributes from the OpenAM server.</div></td></tr>
</table>Johnperry