release

minimal-setup/keycloak/README.md

@@ -72,7 +72,13 @@ Update these settings:
 
 # Enabling API keys
 
-If you wish to enable support for api-keys authentication, you should log in the Keycloak admin console and:
+If you wish to enable support for api-keys authentication (which is mandatory for permissions management from UI),
+you have to get the `KEYCLOAK_CLIENT_SECRET` value from the Keycloak logs (displayed only during the very first boot) and
+put it into the `docker-compose.yml` file (`orthanc-auth-service` container). Then, restart the Docker setup: `docker compose up -d`.
+
+Here is the old version of this:
+<strike>
+You should log in the Keycloak admin console and:
 - in http://localhost/keycloak/admin/master/console/ (login/pwd: `admin`/`change-me`), left panel: Clients
 - In the `orthanc` realm
 - select `admin-cli`
@@ -83,22 +89,22 @@ If you wish to enable support for api-keys authentication, you should log in the
 - `Service accounts roles` tab --> `Assign role` button
 - **select `Filter by clients` in the combo box** and `view-users` in the search filter
 - check `realm-management view-users` and click `Assign`
+</strike>
 
-Then, you should add an API-key to a user.  Still in the Keycloak admin area:
+Then, you can add an API-key to a user.  Still in the Keycloak admin area:
 - In the `orthanc` realm
 - Open `Users` and select the `external` user
 - In the `Attributes` tab, click `Add an attribute` and enter:
 - `api-key` as the Key and `api-key-for-external-user-that-should-be-a-long-random-string` as the Value.
 - Click `Save`
 
-Then, in the `docker-compose.yml` uncomment the 2 lines related to these 2 env var:
-- `ENABLE_KEYCLOAK_API_KEYS`
-- `KEYCLOAK_CLIENT_SECRET`
+Then, in the `docker-compose.yml` uncomment this line:
+- `ENABLE_KEYCLOAK_API_KEYS: "true"`
 - make sure that the Orthanc Authorization plugin contains this line:
   `"TokenHttpHeaders" : [ "api-key" ],`
 
 And restart the Docker setup:
-- `docker compose up`
+- `docker compose up -d`
 
 Then, in a terminal, type this command to access the API with an api-key.
 

minimal-setup/keycloak/docker-compose.yml

@@ -6,7 +6,7 @@ version: "3"
 services:
 
   nginx:
-    image: orthancteam/orthanc-nginx:24.9.0
+    image: orthancteam/orthanc-nginx:24.11.0
     depends_on: [orthanc, orthanc-auth-service, keycloak]
     restart: unless-stopped
     ports: ["80:80"]
@@ -24,8 +24,7 @@ services:
       ENABLE_OHIF: "true"
 
   orthanc:
-    #image: orthancteam/orthanc:24.8.3
-    image: orthancteam/orthanc-pre-release:master-unstable
+    #image: orthancteam/orthanc:24.10.3
     volumes:
       - orthanc-storage:/var/lib/orthanc/db
     depends_on: [orthanc-db]
@@ -91,7 +90,7 @@ services:
         }
 
   orthanc-auth-service:
-    image: orthancteam/orthanc-auth-service:main
+    image: orthancteam/orthanc-auth-service:24.11.0
     # always disable port mapping in production !!!
     # ports: ["8000:8000"]
     # permissions can be customized in the permissions.json file
@@ -109,8 +108,8 @@ services:
       PUBLIC_ORTHANC_ROOT: "http://localhost/orthanc/"
       PUBLIC_LANDING_ROOT: "http://localhost/orthanc/ui/app/token-landing.html"
       # to use OHIF-plugin:  make sure to use http://localhost/orthanc/ohif/
-#      PUBLIC_OHIF_ROOT: "http://localhost/ohif/"
-      PUBLIC_OHIF_ROOT: "http://localhost/orthanc/ohif/"
+      PUBLIC_OHIF_ROOT: "http://localhost/ohif/"
+#      PUBLIC_OHIF_ROOT: "http://localhost/orthanc/ohif/"
       USERS: |
         {
           "share-user": "change-me"
@@ -133,7 +132,7 @@ services:
 
 
   keycloak:
-    image: orthancteam/orthanc-keycloak:24.9.0
+    image: orthancteam/orthanc-keycloak:24.11.0
     depends_on: [keycloak-db]
     restart: unless-stopped
     environment:

release-notes.md

@@ -4,6 +4,12 @@ SPDX-FileCopyrightText: 2022 - 2024 Orthanc Team SRL <[email protected]>
 SPDX-License-Identifier: GPL-3.0-or-later
 -->
 
+v 24.11.0
+========
+
+- Improved Keycloak image to automate its initial configuration.
+
+
 v 24.9.1
 ========