Skip to content

Secured Archive TLS

Jump to bottom Edit New page
Vrinda edited this page Mar 27, 2023 · 1 revision

This is available only from archive version 5.13.1 onwards.

Refer Forwarding for secured archive non TLS for doing the basic configuration.

To enable TLS with Secured Archive, one would need to add dcmTLSAllowAnyHostname attribute in the RS Forward Rule. Also, https connection shall be configured on Archive 2, and the same shall be referenced in the Web Application configured on Archive 2.

Configuration

LDAP Configuration

One may either

  • create a LDIF file (e.g.):

      version: 1
  dn: cn=RS Forward,dicomDeviceName=dcm4chee-arc,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
  objectClass: dcmRSForwardRule
  cn: RS Forward
  dcmWebAppName: archive2WebApp
  dcmRSOperation: CreatePatient
  dcmRSOperation: UpdatePatient
  dcmRSOperation: DeletePatient
  dcmTLSAllowAnyHostname: true
  -
  
  dn: cn=https,dicomDeviceName=dcm4chee-arc2,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
  objectClass: dcmNetworkConnection
  objectClass: dicomNetworkConnection
  dicomHostname: localhost
  cn: https
  dcmProtocol: HTTP
  dicomPort: 8743
  dicomTLSCipherSuite: TLS_RSA_WITH_AES_128_CBC_SHA
  dicomTLSCipherSuite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
  - 
  
  dn: dcmWebAppName=archive2WebApp,dicomDeviceName=dcm4chee-arc2,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
  objectClass: dcmWebApp
  dcmWebAppName: archive2WebApp
  dcmWebServiceClass: DCM4CHEE_ARC_AET
  dcmWebServicePath: /dcm4chee-arc/aets/DCM4CHEE/rs
  dicomNetworkConnectionReference: cn=http,dicomDeviceName=dcm4chee-arc2,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
  dicomNetworkConnectionReference: cn=https,dicomDeviceName=dcm4chee-arc2,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
  dcmKeycloakClientID: test
  -

  dn: dcmKeycloakClientID=test,dicomDeviceName=dcm4chee-arc2,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
  objectClass: dcmKeycloakClient
  dcmKeycloakClientID: test
  dcmKeycloakRealm: dcm4che
  dcmURI: http://localhost:8680/auth
  dcmKeycloakClientSecret: ee379e31-dd0f-4dd2-8c81-81fbfa84d5b5
  dcmTLSAllowAnyHostname: TRUE
  -

    and import it to the LDAP Server by using the ldapmodify command line utility.

One may refer to RESTful Forward Rule, Web Application and Keycloak Client to understand the description of attributes and also has the complete list of supported RESTful operations supported by this feature in archive.

Note :

  • The dcmURI, dcmKeycloakClientID and dcmKeycloakClientSecret values shall be adapted to the values used in your Keycloak 2 configuration.
  • The dicomHostname and dicomPort shall be adapted to the values used in your Wildfly configuration for Archive 2.

Go to the Control tab on Configuration page in archive UI and reload the configuration.

Add a custom footer

DCM4CHEE 5 Documentation

Clone this wiki locally