OpenMrs startup Fails and stuck at Refreshing Context when I try to run OAuth module with Reference Application

mksd · September 2, 2021, 5:17pm

@user007 what exactly are you doing that requires OAuth2? SMART on FHIR?

user007 · September 3, 2021, 4:00am

Hi @mksd ,
So I am trying to setup openMRS as external Identity Provider using OAuth in KeyCloak so that war applications like oviyam Web DICOM Viewer can be secured using OIDC Keycloak.

In my implementation I will be using Keycloak as Broker. All I want to acheive is to use authentication of Oviyam via OAuth of openMRS.

Please guide if you know a better plan.

mksd · September 3, 2021, 7:35am

@user007 you should have a look at the OAuth 2 Login module.

The work to support service accounts is currently under way. The PR for that is virtually ready here:

https://github.com/openmrs/openmrs-module-oauth2login/pull/9

I need to review the documentation before merging. Otherwise it’s been tested enough to be merged, and then we will be heading for a first release of that module.

However you may face a pretty major impediment if you’re looking at doing all this with Bahmni: https://github.com/openmrs/openmrs-module-oauth2login#requirements

user007 · September 3, 2021, 7:42am

@mksd

We intend to use openMRS as OAuth server, the above suggested module will turn openMRS into OAuth client and thus it will disable openMRS authentication which is required in our case. Thanks

mksd · September 3, 2021, 7:58am

Okay… I’m not sure I understand how that would work. That is normally what Keycloak does.

But yes indeed, that module assumes that OpenMRS relies on an IDP and becomes an OAuth2 client.

user007 · September 3, 2021, 8:14am

@mksd

Currently I am facing error

HTTP Status 500 - Request processing failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping#0': Invocation of init method failed; nested exception is java.lang.IllegalStateException: Ambiguous mapping found. Cannot map 'appointmentBlockCalendarController' bean method

during startup of OAuth2 module. Please help in resolving this.

I am also using the module appointmentscheduling-1.12.0.omod

mksd · September 3, 2021, 8:42am

The actual error is deeper down your log:

Ambiguous mapping found. Cannot map 'appointmentBlockCalendarController' bean method 
[...]:
  There is already 'appointmentBlockFormController' bean method

Something happens that confuses the filters between those two HTTP POST endpoints:

Check whether your own modules filters, if any, may be involved in the logs as well.

ibacher · September 3, 2021, 12:44pm

It’s worth pointing out that the technology relied on by that module to create an OAuth server was sunset by Spring and while there’s a revival of the Spring OAuth server, that module hasn’t yet been updated to take advantage of it.

One work-around for that would be to take advantage of this Keycloak plugin which allows Keycloak to use the OpenMRS user table as an authentication source.