OHDSI Home | Forums | Wiki | Github

OpenSSL and WebAPI set up


(Ambuj) #1

Hello Guys,
@Chris_Knoll @pavgra
I was successfully able to deploy OHDSI tools in non production environment without any security.

From last few days I am trying to host the OHDSI tools in a secure environment using OPENSSL but couldn’t get them worked.

I have created a keystore which is not signed by CA as I am doing it for non production use.
I tried port 8443, 443, 8080 and 80 in settings.xml and none of them worked.
I am attaching the screenshots for-

  1. Settings.xml
  2. server.xml from tomcat
  3. AchillesWeb page which is working as it is not using WebAPI at all
  4. Error for localhost/WebAPI/source/sources
  5. Error while loading Atlas

Can someone please help me out here and let me know if any changes are incorrect or I missed anything here.

TIA





@Ajit_Londhe please see if you can help me out here.
Does WepAPI supports openssl? as I do not want to use any of the available security options present under WebAPI security page.


Adding security in Atlas
(Chris Knoll) #2

Atlas has a security configuration as well. Lookin gat your screenshot, i don’t see a ‘sign in’ link at the top.

The default config.js file (in /js/config/app.js) has this value specified:

appConfig.userAuthenticationEnabled = false;

In order to enable security (if your WebAPI has security enabled) you need to override this setting in a file called /js/config-local.js which will have a value like:

config.userAuthenticationEnabled = true;

In addition, there are a number of default authProviders that are defined by default. if you only want a subset of those, you will override the authProviders array in config-local.js to only include those you want to use.

@anthonysena, I don’t think the security setup in WebAPI covers the configuration for Atlas, and I don’t know if that should be included in the WebAPI documentation, or if the Atlas side needs an update.

@ambuj, I believe your SSL is set up properly: when you got the HTTP 401 resposne by going to /WebAPI/source/sources, your address bar shows that the SSL certificate seems to be working (unlike the second screenshot of atlas where https://10.70.7.25 is showing Not Secure. Means your SSL is configured for WebAPI connection, but your HTTP Server is not.

The 401 response is proper considering I believe your atlas is not configured to authenticate and so all requests to WebAPI will be un-authenticated, and therefore you will get a 401. Likewise, when you try to access any WebAPI endpoint directly through the browser with security enabled, none of the authorization headers are set up so it will think you are unauthorized.

I haven’t done too much work with security enabled, but it’s possible that once you have Atlas configured for authentication, once you authenticate in Atlas, you can go to a new tab and invoke WebAPI endpoints because the site’s cookie should remain in your session and it should authenticate. However, this is a theory, I could be wrong, so let me know what you find.

-Chris


Access rights features in Atlas
(Ambuj) #3

Thank you for the detailed information like always Chris, I wanted to enable SSL part as of now which I figured out by keeping the <security.provider> in settings.xml as it is i.e. DisabledSecurity and kept the SSL enabled.

In next phase when I will try to integrate it with AD/LDAP, I guess then only I need to make the required changes you mentioned in your post.

Thank you

  • Ambuj

t