We have an Atlas instance set up and running, which works fine. Now I’ve been trying to enable security, by using Google authentication initially, but I have not succeeded quite yet. I do feel that I’m almost there, but the callback from Google upon successfully authenticating a user still fails.
I have tried to follow the documentation available on the Wiki and GitHub, including the security page on the OHDSI wiki http://www.ohdsi.org/web/wiki/doku.php?id=development:security
#####Briefly, these are the steps taken so far:
- Registered/assigned a domain name to the server (atlasdemo.xyz)
- Set up an ‘OAuth 2.0 client ID’ (Web application) using Google’s API Manager:
- Authorized origin: >
- Authorized redirect:
- Configured the security block of the WebAPI settings.xml file and rebuilt the WebAPI.war file:
<security.oauth.google.apiKey>[api key from 2]</security.oauth.google.apiKey>
<security.oauth.google.apiSecret>[api secret from 2]</security.oauth.google.apiSecret>
- Set the
truein Atlas’ config.js file.
- Also made a small change in the welcome.js file to enable the Google authentication to be called when the Google button was clicked, would otherwise always call the Windows authentication.
It now shows the Sign in link in Atlas, and when clicked, I can choose Google for the Sign In with option, which takes me to Google’s account sign-in screen, where I can authenticate with my Google account. However, once authenticated, Google tries to call the Authorized redirect URL, appending status and code values – this fails with a 500 – Internal server error. The callback UR is of the following format:
If I strip off the state and code parameters, the URL redirects to the Atlas home page.
Is SSL required on the Atlas server in order to enable authentication? This is as of yet a demo/test setup, so securing the server with SSL has not been a priority yet.
Has anyone been able to get this to work with Google authentication, or spot anything I’ve overlooked?