Configuring Kheops with Keycloak

This post discusses how to install Kheops and Keycloak in 2 Centos 7 VMs.

First, install docker and docker-compose in both VMs.

You may also need to add the user to docker group

$ sudo usermod -aG docker $USER

and either log out and log in again (or restart, in case of a VM).

VM1:

Install Keycloak with Docker, together with a user account

First, create a fullchain.pem and privkey.pem from Letsencrypt.

Step 1: Keys!

Two options.

Option 1: Copy and rename the crt and key

$ cp keys-keycloak/fullchain.pem https/tls.crt

$ cp keys-keycloak/privkey.pem https/tls.key

Option 2: Create the crt and key with OpenSSL.

Alternatively, the crt and key can be created as below.

$ openssl x509 -outform der -in fullchain.pem -out tls.crt

$ openssl rsa -in privkey.pem -out tls.key

Move the tls.crt and tls.key to a separate folder (https) and cd to that directory.

Step 2. Set the permissions for the keys

$ cd https

$ chmod 700 .

$ chmod 600 tls.key

$ chmod 644 tls.crt

Step 3. Run the Keycloak container

$ docker run -d -p 443:8443 -e KEYCLOAK_USER=pradeeban -e KEYCLOAK_PASSWORD=password -v /home/pradeeban/https:/etc/x509/https --name kc jboss/keycloak

Keycloak will use port 443/https.

Now go to https://HOSTNAME

Log in with the user name and password you specified before.

Step 4. Now to configure a log in connect for Kheops

First create a new realm with the name, "demo".

1. Keycloak KHEOPS Login Client

Click the "Clients" tab, and choose the "Create" option.

Client ID = loginConnect

Click "Save", which will then open more configurations for the "LoginConnect" that you just created.

Turn on the option "Implicit Flow Enabled"

Turn off the "Direct Access Grants Enabled"

Valid Redirect URIs: https://KHEOPS-HOME/*

(for example: https://dbmi.virtualpacs.org/*)

Web origin: https://KHEOPS-HOME

(for example: https://dbmi.virtualpacs.org)


Click "Save" again.


2. Client Scope (kheops)

Click the "Client Scopes" tab, and choose the "Create" option.

Name: kheops

Turn off the "Display On Consent Screen"

Click "Save"


Click "Clients" again and go to "LoginConnect"

Go to the "Client Scopes" tab.

Choose "kheops" from the Available Client Scopes and choose the "Add selected" option. Remove all the other options from the Assigned Default Client Scopes as well as Assigned Default Client Scopes.

Add the email and full name token mappers to the kheops Client Scope by clicking on the Add Builtin button.

3. Service Account

Create another client "kheopsAuthorization".

Save, and then disable "Standard Flow Enabled" and "Direct Access Grants Enabled".

Change "Access Type" to "Confidential". and save.

Change "Service Accounts Enabled" to "On" and save.

The Service Account’s credentials (secret) can be found under the Credentials tab.

Choose the "KheopsAuthorization" Scope mappings. Under the "scope", disable "Full Scope Allowed" option. Choose "realm-management" as the "Client Roles", and add "view-users" option.

Now, repeat the above step for "Service Account".

The Service Account’s credentials (secret) can be found under the Credentials tab. Copy it to replace the default secret provided in kheopsDocker/kheops/secrets/kheops_keycloak_clientsecret, or provide it as the secret when prompted during the Kheops configuration.



4. Logging Impersonations

Under the "LoginConnect" client's Mappers tab, click "Add Bulletin", and add the Impersonator User ID."

Change the "Token Claim Name" to "act.sub". Then disable "Add to ID token" option.

Finally, click "Save". This is supposed to conclude the configurations unless I missed something.



Export your realm for later use from the host:

$ docker exec -it kc /opt/jboss/keycloak/bin/standalone.sh -Dkeycloak.migration.action=export -Dkeycloak.migration.provider=singleFile  -Djboss.http.port=8888 -Djboss.https.port=9999 -Djboss.management.http.port=7777 -Dkeycloak.migration.file=kkconf.json

Copy the file to the host machine, from the Docker container.

$ docker cp kc:/kkconf.json .

At the time of writing, Keycloak documentation had some issues that are fixed in the above command. 

Then next time, you can easily import this realm, rather than configuring everything from scratch:

$ docker run -e KEYCLOAK_USER=USERNAME -e KEYCLOAK_PASSWORD=PASSWORD \
    -e KEYCLOAK_IMPORT=/tmp/example-realm.json -v /tmp/example-realm.json:/tmp/example-realm.json jboss/keycloak 

Step 5: Configure Kheops

VM2:

Run Kheops with Docker

$ git clone https://github.com/OsiriX-Foundation/kheopsDocker.git

$ cd kheopsDocker

$ git checkout install-secure

$ sh kheopsinstall.sh            [See footnote at the end of this post].


Follow the prompts.

Enter the secret: Enter the secret copied from Keycloak in the previous step.

What is the Keycloak host ? (ex: https://keycloak.kheops.online) https://keycloak.virtualpacs.org

What is the Keycloak realm ? demo

What is your hostname ? (ex: demo.kheops.online) dbmi.virtualpacs.org


Add your public and private key in the directory kheops/secrets (fullchain1.pem / privkey1.pem)

$ cp keys-kheops/fullchain.pem kheopsDocker/kheops/secrets/fullchain1.pem

$ cp keys-kheops/privkey.pem kheopsDocker/kheops/secrets/privkey1.pem

Press enter to start KHEOPS

Now, access Kheops from https://dbmi.virtualpacs.org



To enable registrations of new users for Kheops, go to Realm Settings -> Login tab in your Keycloak instance and turn on User registration. If you do not want to allow anyone to create an account, you may instead click on Users -> Add user to manually create users.

Feb 19, 2020: As of today, there is a minor tweak needed for this to get working.

In the .env file, set:

KHEOPS_REVERSE_PROXY_IMAGE_TAG=v0.9.0-contentsecurity-fix
before running the kheopsinstall.sh.

Configuring Keycloak for Kheops

Please follow the next blog post on this topic instead. This post is outdated.


This post discusses how to install Kheops and Keycloak in Centos 8.

First, install docker and docker-compose.

You may also need to add the user to docker group

$ sudo usermod -aG docker $USER

and either log out and log in again (or restart, in case of a VM).


Install Keycloak with Docker, together with a user account

$ docker run -e KEYCLOAK_USER= -e KEYCLOAK_PASSWORD= jboss/keycloak
 
$ docker run -p 8081:8080 -p 9443:8443 -e KEYCLOAK_USER=pradeeban -e KEYCLOAK_PASSWORD=password jboss/keycloak

Now go to http://localhost:8081

Log in with the user name and password you specified before.

Now to configure a log in connect for Kheops

1. Keycloak KHEOPS Login Client

Click the "Clients" tab, and choose the "Create" option.

Client ID = loginConnect

Click "Save", which will then open more configurations for the "LoginConnect" that you just created.

Turn on the option "Implicit Flow Enabled"

Turn off the "Direct Access Grants Enabled"

Valid Redirect URIs: http://localhost:8081/*

Web origin: http://localhost:8081

Click "Save" again.


2. Client Scope (kheops)

Click the "Client Scopes" tab, and choose the "Create" option.

Name: kheops

Turn off the "Display On Consent Screen"

Click "Save"


Click "Clients" again and go to "LoginConnect"

Go to the "Client Scopes" tab.

Choose "kheops" from the Available Client Scopes and choose the "Add selected" option. Remove all the other options from the Assigned Default Client Scopes as well as Assigned Default Client Scopes.

Add the email and full name token mappers to the kheops Client Scope by clicking on the Add Builtin button.

3. Service Account

Create another client "kheopsAuthorization".

Save, and then disable "Standard Flow Enabled" and "Direct Access Grants Enabled".

Change "Access Type" to "Confidential". and save.

Change "Service Accounts Enabled" to "On" and save.

The Service Account’s credentials (secret) can be found under the Credentials tab.

Choose the "KheopsAuthorization" Scope mappings. Under the "scope", disable "Full Scope Allowed" option. Choose "master-realm" as the "Client Roles", and add "view-users" option.

Now, repeat the above step for "Service Account".

The Service Account’s credentials (secret) can be found under the Credentials tab. Copy it to replace the default secret provided in kheopsDocker/kheops/secrets/kheops_keycloak_clientsecret.



4. Logging Impersonations

Under the "LoginConnect" client's Mappers tab, click "Add Bulletin", and add the Impersonator User ID."

Change the "Token Claim Name" to "act.sub". Then disable "Add to ID token" option.

Finally, click "Save". This is supposed to conclude the configurations unless I missed something.

Run OHIF Viewer with Docker

$ docker run -p 3000:80 -p 3443:443 ohif/viewer:latest

Confirm that OHIF Viewer is running fine, by going to localhost:3000 in your browser.

Run Kheops with Docker

$ git clone git@github.com:OsiriX-Foundation/kheopsDocker.git

$ cd kheopsDocker/kheops

Change the property values of docker-compose.env as shown below.


KHEOPS_KEYCLOAK_CLIENTID=kheopsAuthorization

KHEOPS_KEYCLOAK_URI=https://localhost:9443

KHEOPS_KEYCLOAK_REALMS=demo


KHEOPS_VIEWER_URL=http://localhost:3000

Save and exit.

Start the Kheops containers.

$ cd ..

$ sh script_run_docker.sh

Now go to http://localhost:8042 from your favorite browser to access Kheops.

 $ docker ps
CONTAINER ID        IMAGE                                              COMMAND                  CREATED             STATUS              PORTS                                                                                                                                              NAMES
c340d0e1f214        osirixfoundation/kheops-reverse-proxy:ci-test      "./etc/nginx/conf.d/…"   About an hour ago   Up About an hour    0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:8042->8042/tcp, 0.0.0.0:8048->8048/tcp                                                           kheopsreverseproxy
0f9a44db1bfb        osirixfoundation/kheops-dicomweb-proxy:master      "./replaceSecretsAnd…"   About an hour ago   Up About an hour    0.0.0.0:8049->8080/tcp                                                                                                                             kheopsdicomwebproxy
0416a8badd18        osirixfoundation/kheops-ui:master                  "./docker-entrypoint…"   About an hour ago   Up About an hour    80/tcp, 3000/tcp                                                                                                                                   kheopsui
38a3b77ca2a2        osirixfoundation/kheops-authorization:dev          "./replaceSecretsAnd…"   About an hour ago   Up About an hour    8080/tcp                                                                                                                                           kheopsauthorization
2e2f7e7282bd        osirixfoundation/kheops-zipper:master              "./replaceSecretsAnd…"   About an hour ago   Up About an hour    8080/tcp                                                                                                                                           kheopszipper
3908f545ff49        osirixfoundation/pacs-authorization-proxy:master   "/bin/sh -c '. $NGIN…"   About an hour ago   Up About an hour    0.0.0.0:82->80/tcp                                                                                                                                 pacsauthorizationproxy
88cf4203c434        osirixfoundation/kheops-dcm4chee-arc-psql:latest   "/script_entrypoint.…"   About an hour ago   Up About an hour    0.0.0.0:2575->2575/tcp, 0.0.0.0:8080->8080/tcp, 0.0.0.0:8443->8443/tcp, 0.0.0.0:8787->8787/tcp, 0.0.0.0:9990->9990/tcp, 0.0.0.0:11112->11112/tcp   pacsarc
b4147f1c4244        osirixfoundation/kheops-database:demo              "verify-secret-env-v…"   About an hour ago   Up About an hour    5432/tcp                                                                                                                                           db
7edb16bc1868        dcm4che/slapd-dcm4chee:2.4.44-15.0                 "/docker-entrypoint.…"   About an hour ago   Up About an hour    389/tcp                                                                                                                                            pacsldap
d5290c892e16        jboss/keycloak                                     "/opt/jboss/tools/do…"   About an hour ago   Up About an hour    0.0.0.0:9443 -> 8443/tcp, 0.0.0.0:8081->8080/tcp                                                                                                                   jovial_varahamihira
279bf6a09ce0        ohif/viewer:latest                                 "/usr/src/entrypoint…"   About an hour ago   Up About an hour    0.0.0.0:3000->80/tcp, 0.0.0.0:3443->443/tcp                                                                                                        dreamy_hawking

Quickly view your DICOM files locally

Install Kheops and OHIF Viewer with Docker

$ docker run -p 3000:80 ohif/viewer:latest

Now, OHIF Viewer can be accessed from http://localhost:3000 and Kheops from http://localhost:8042/

Load any Dicom files to your Kheops and click the "Open OHIF"

It will take you to a long URL of the hosted OHIF Viewer online. Most likely this won't work.

https://ohif.kheops.online/viewer/?url=http%3A%2F%2Flocalhost%3A8042%2Fapi%2Flink. ....

In the above URL, replace https://ohif.kheops.online/ with http://localhost:3000 as in

http://localhost:3000/viewer/?url=http%3A%2F%2Flocalhost%3A8042%2Fapi%2Flink. ....

Now you see the DICOM images in your own OHIF Viewer deployment.

Setting up Kheops - the docker projects

Kheops deployment consists of several Docker projects. This post lists them, adopted from the CI docker-compose.

UI 

1) kheops-ui:
    image: osirixfoundation/kheops-ui:${KHEOPS_UI_IMAGE_TAG}
    https://github.com/OsiriX-Foundation/KheopsUI

Reverse Proxy

2) kheops-reverse-proxy:

    image: osirixfoundation/kheops-reverse-proxy:${KHEOPS_REVERSE_PROXY_IMAGE_TAG}

    https://github.com/OsiriX-Foundation/KheopsNginx

Authorization

3) kheops-database (postgresql):

    image: osirixfoundation/kheops-database:${KHEOPS_DATABASE_IMAGE_TAG}

    https://github.com/OsiriX-Foundation/KheopsDatabase

4) kheops-authorization:

    image: osirixfoundation/kheops-authorization:${KHEOPS_AUTHORIZATION_IMAGE_TAG}

    https://github.com/OsiriX-Foundation/KheopsAuthorization

5) kheops-dicomweb-proxy:

    image: osirixfoundation/kheops-dicomweb-proxy:${KHEOPS_DICOMWEB_PROXY_IMAGE_TAG}

    https://github.com/OsiriX-Foundation/KheopsDICOMwebProxy

Zipper

6) kheops-zipper:

    image: osirixfoundation/kheops-zipper:${KHEOPS_ZIPPER_IMAGE_TAG}

    https://github.com/OsiriX-Foundation/KheopsZipper

Authorization Proxy

7) pacs-authorization-proxy:

    image: osirixfoundation/pacs-authorization-proxy:${PACS_AUTHORIZATION_PROXY_IMAGE_TAG}

    https://github.com/OsiriX-Foundation/PACSProxyAuthorization

DCM4CHEE PACS

8) ldap: LDAP Server initalized for the DICOM Archive

    image: dcm4che/slapd-dcm4chee:${PACS_LDAP_IMAGE_TAG}

    https://github.com/dcm4che-dockerfiles/slapd-dcm4chee

DCM4CHEE LDAP also internally uses its own Postgresql database.

9) archive:

    image: osirixfoundation/kheops-dcm4chee-arc-psql:${KHEOPS_ARC_IMAGE_TAG}

    https://github.com/OsiriX-Foundation/kheops-dcm4chee-arc-psql

In addition to these 9 docker containers, Keycloak runs in another VM and communicate with these containers.

We need to fit the dockers in an appropriate number of VMs.

A conservative approach would be, 2 VMs.
1 with Keycloak and everything else with the Docker containers on the 2nd.

I think the Kheops proposed approach would be 7 VMs.
1. Keycloak
2. Kheops UI
3. Kheops Authorization
4. Reverse Proxy
5. Zipper
6. Authorization Proxy
7. DCM4Chee PACS

But maybe, Kheops UI and Kheops Authorization can be merged into a single Kheops VM. In that case, we can also move zipper into that Kheops VM. Probably Authorization Proxy should just live with dcm4chee PACS.

Then we have 4 VMs:
1. Keycloak
2. Kheops containers (kheops-ui, kheops-database, kheops-authorization, kheops-dicomweb-proxy, and kheops-zipper)
3. Reverse Proxy container (kheops-reverse-proxy)
4. DCM4Chee containers (slapd-dcm4chee, kheops-dcm4chee-arc-psql, and pacs-authorization-proxy)

I think the 4 VM route is decent.

Running Kheops on a Mac OS host

This post discusses how to run Kheops from the OsiriX-Foundation on Mac OS, with Docker.

$ git clone git@github.com:OsiriX-Foundation/kheopsDocker.git

$ cd kheopsDocker/

$ sh script_run_docker.sh

Install newman

$ sudo npm install -g newman

/usr/local/bin/newman -> /usr/local/lib/node_modules/newman/bin/newman.js

+ newman@4.5.6

added 160 packages from 196 contributors in 5.481s

   ╭────────────────────────────────────────────────────────────────╮

   │                                                                │

   │       New minor version of npm available! 6.9.0 → 6.13.2       │

   │   Changelog: https://github.com/npm/cli/releases/tag/v6.13.2   │

   │               Run npm install -g npm to update!                │

   │                                                                │

   ╰────────────────────────────────────────────────────────────────╯

Replace line 10 in script_run_docker.sh

with

newman run postman/kheops-Get_tokens.json -e postman/kheops_localhost.postman_environment.json -g postman/Workspace.postman_globals.json --export-globals postman/Workspace.postman_globals.json

Save the file.

If you are using Docker for Mac, you may encounter the error listed in https://github.com/docker/for-mac/issues/2396

Creating pacsldap ... error

Creating db       ...

ERROR: for pacsldap  Cannot start service ldap: b'Mounts denied: \r\nThe paths /etc/localtime and /usr/share/zoneinfo/Europe/Zurich\r\nare not shared from OS X and are not known to Docker.\r\nYou can configure shared paths from Docker -> Preferences... -> File Sharing.\r\Creating db       ... done

ERROR: for ldap  Cannot start service ldap: b'Mounts denied: \r\nThe paths /etc/localtime and /usr/share/zoneinfo/Europe/Zurich\r\nare not shared from OS X and are not known to Docker.\r\nYou can configure shared paths from Docker -> Preferences... -> File Sharing.\r\nSee https://docs.docker.com/docker-for-mac/osxfs/#namespaces for more info.\r\n.'

ERROR: Encountered errors while bringing up the project.

As a work-around, remove all the occurrences of the below line from kheops/docker-compose.yml.

      - /etc/localtime:/etc/localtime:ro

$ sudo mkdir /dcm4chee-arc

$ sudo chmod 777 /dcm4chee-arc

Share /usr/share/zoneinfo/Europe/ and /dcm4chee-arc from the Preferences of Docker Desktop in your Mac host machine.

Save the file and then re-run

$ sh script_run_docker.sh

$ sh script_run_docker.sh

Stopping db       ... done

Stopping pacsldap ... done

Removing pacsarc  ... done

Removing db       ... done

Removing pacsldap ... done

Removing network kheops_default

Removing volume kheops_dcm4chee-ldap-ldap

Removing volume kheops_dcm4chee-ldap-slapdd

Removing volume kheops_dcm4chee-db-data

Removing volume kheops_dcm4chee-arc-wildfly

Removing volume kheops_kheops-db-data

Creating network "kheops_default" with the default driver

Creating volume "kheops_dcm4chee-ldap-ldap" with default driver

Creating volume "kheops_dcm4chee-ldap-slapdd" with default driver

Creating volume "kheops_dcm4chee-db-data" with default driver

Creating volume "kheops_dcm4chee-arc-wildfly" with default driver

Creating volume "kheops_kheops-db-data" with default driver

Creating db       ... done

Creating pacsldap ... done

Creating pacsarc  ... done

Creating kheopszipper           ... done

Creating kheopsauthorization    ... done

Creating pacsauthorizationproxy ... done

Creating kheopsui               ... done

Creating kheopsdicomwebproxy    ... done

Creating kheopsreverseproxy     ... done

CONTAINER ID        IMAGE                                              COMMAND                  CREATED             STATUS              PORTS                                                                                                                                              NAMES

d5caa14fac54        osirixfoundation/kheops-reverse-proxy:ci-test      "./etc/nginx/conf.d/…"   47 seconds ago      Up 45 seconds       0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:8042->8042/tcp, 0.0.0.0:8048->8048/tcp                                                           kheopsreverseproxy

67552e9c9469        osirixfoundation/kheops-dicomweb-proxy:master      "./replaceSecretsAnd…"   48 seconds ago      Up 46 seconds       0.0.0.0:8049->8080/tcp                                                                                                                             kheopsdicomwebproxy

92710a77dd25        osirixfoundation/kheops-ui:master                  "./docker-entrypoint…"   48 seconds ago      Up 46 seconds       80/tcp, 3000/tcp                                                                                                                                   kheopsui

c9fa33eb693d        osirixfoundation/kheops-authorization:dev          "./replaceSecretsAnd…"   50 seconds ago      Up 47 seconds       8080/tcp                                                                                                                                           kheopsauthorization

0f267500942f        osirixfoundation/kheops-zipper:master              "./replaceSecretsAnd…"   50 seconds ago      Up 48 seconds       8080/tcp                                                                                                                                           kheopszipper

c95c6e4380c6        osirixfoundation/pacs-authorization-proxy:master   "/bin/sh -c '. $NGIN…"   50 seconds ago      Up 48 seconds       0.0.0.0:82->80/tcp                                                                                                                                 pacsauthorizationproxy

89c52e69534a        osirixfoundation/kheops-dcm4chee-arc-psql:latest   "/script_entrypoint.…"   51 seconds ago      Up 49 seconds       0.0.0.0:2575->2575/tcp, 0.0.0.0:8080->8080/tcp, 0.0.0.0:8443->8443/tcp, 0.0.0.0:8787->8787/tcp, 0.0.0.0:9990->9990/tcp, 0.0.0.0:11112->11112/tcp   pacsarc

78bf11251bf7        dcm4che/slapd-dcm4chee:2.4.44-15.0                 "/docker-entrypoint.…"   52 seconds ago      Up 50 seconds       389/tcp                                                                                                                                            pacsldap

f4628a1a1c44        osirixfoundation/kheops-database:demo              "verify-secret-env-v…"   52 seconds ago      Up 50 seconds       5432/tcp                                                                                                                                           db

newman

kheops-Get_tokens

→ well-known

  GET https://keycloak.kheops.online/auth/realms/travis/.well-known/openid-configuration [200 OK, 2.62KB, 657ms]

→ get token user 1 (titi)

  POST https://keycloak.kheops.online/auth/realms/travis/protocol/openid-connect/token [200 OK, 2.01KB, 325ms]

→ get token user 2 (toto)

  POST https://keycloak.kheops.online/auth/realms/travis/protocol/openid-connect/token [200 OK, 2.01KB, 314ms]

→ get token user 3 (tata)

  POST https://keycloak.kheops.online/auth/realms/travis/protocol/openid-connect/token [200 OK, 2.01KB, 332ms]

┌─────────────────────────┬─────────────────────┬────────────────────┐

│                         │            executed │             failed │

├─────────────────────────┼─────────────────────┼────────────────────┤

│              iterations │                   1 │                  0 │

├─────────────────────────┼─────────────────────┼────────────────────┤

│                requests │                   4 │                  0 │

├─────────────────────────┼─────────────────────┼────────────────────┤

│            test-scripts │                   4 │                  0 │

├─────────────────────────┼─────────────────────┼────────────────────┤

│      prerequest-scripts │                   0 │                  0 │

├─────────────────────────┼─────────────────────┼────────────────────┤

│              assertions │                   0 │                  0 │

├─────────────────────────┴─────────────────────┴────────────────────┤

│ total run duration: 1790ms                                         │

├────────────────────────────────────────────────────────────────────┤

│ total data received: 7.53KB (approx)                               │

├────────────────────────────────────────────────────────────────────┤

│ average response time: 407ms [min: 314ms, max: 657ms, s.d.: 144ms] │

└────────────────────────────────────────────────────────────────────┘

Then go to http://localhost:8042 from your favorite browser.

Register yourself when it redirects to a page such as https://keycloak.kheops.online/auth/realms/travis/protocol/openid-connect/auth?client_id=loginConnect&redirect_uri=.........

It will take you back to http://localhost:8042/inbox after the registration. Now Kheops is ready to use!

Kheops Web UI

I can even tweet from the Kheops Web UI with a link to the created album!
"My KHEOPS shared album. http://localhost/view/ttuArLPrFv834JQ88KaQGY #KHEOPS"

Apparently, the link is broken. It should be: http://localhost:8042/view/ttuArLPrFv834JQ88KaQGY
But I see the parallels with the concept of Óbidos (MEDIator) replicasets in the given UUID ttuArLPrFv834JQ88KaQGY.

One can also create a sharing URL with upload/edit/delete capabilities (again, the port is not correctly used. But that is a front-end bug they can fix. For our purposes, we just need to add the port in the shared URL).

I can also view the images that I uploaded from OHIF viewer directly, by clicking that link. It uses their cloud hosted instance of the OHIF viewer to view the image stored locally, as can be seen from the URL.







We also observe the Docker containers initialized by this integrated project are - 1) db, 2) pacsldap, 3) pacsarc, 4) pacsauthorizationproxy, 5) kheopszipper, 6) kheopsauthorization, 7) kheopsdicomwebproxy, 8) kheopsui, and 9) kheopsreverseproxy. This system uses the managed Keycloak instance in the cloud for its authorization.