The XnatProvisioner is a COmanage Plugin https://incommon.org/software/comanage.
This Plugin manages users and their project roles on the XNAT imaging platform https://www.xnat.org.
This plugin provisions users to XNAT, but does not remove users from XNAT since XNAT does not support user deletion. This plugin does support enabling/disabling users in XNAT when a user is active/suspended in COmanage. When a CoPerson role is active/suspended in COmanage, the XNAT user is added/removed from the XNAT project.
This plugin provisions projects to XNAT, but does not delete projects if the related COmanage objects are removed. Project deletion in XNAT is left to the XNAT administration to achieve using other methods.
This plugin only manages users' assignment to projects via the default XNAT project groups: Owners, Members and Collaborators. This is achieved by assigning a role to a CO Person via the customised COmanage Extended Types Attributes affiliation.
and associated COmanage objects
-
update the COmanage Extended Types Attributes with the following additions.
-
select For Attribute of type Affiliation (CO Person Role) and FILTER for the Affiliation attribute list.
-
Add three Extended Type Attributes with the following "Name"/"Display Name" pair values:
- xnatcollaborator/XNAT Collaborator
- xnatmember/XNAT Member
- xnatowner/XNAT Owner
This Plugin uses the string values xnatcollaborator, xnatmember and xnatowner and these strings must match these values.
- for each XNAT Server, add a COmanage Server object with the following configuration options:
- Type: HTTP
- HTTP Authentication Type: Basic
- Supply a Username and Password for a local XNAT user with XNAT admin rights and API access.
- Create or use a regular group to link a COmanage Server object to a XNAT COmanage Provisioning Target.
Thought it is possible to have more than XNAT Provisioner Plugin per XNAT server, it is not adviseable. Each XNAT server should have a single XNAT Provisioner Target.
- for each XNAT Server, add a Provisioning Target with the following configuration options:
- Plugin: XnatProvisioner
- Target XNAT Server: select from the list of servers configured in COmanage Server configuration.
- CoPerson Identifier Type: to use as the XNAT primary user identifier (this should be a unique and persistent attribute for users - email address is not suitable because email addresses change).
- Services linking group: Services (as projects) assigned to this group are provisioned by this Provisioning Target.
- XNAT username prefix: this value is added as a prefix to the XNAT username. The value should match the prefix assigned in the XNAT OIDC configuration. Max 6 characters, can be empty.
- Project ID Prefix: this value is added as a prefix to the XNAT Project ID. Max 6 characters, can be empty.
- Deliminter for XNAT Project Title: This is the delimiter value used in the XNAT Project Running Title to separate the Project ID from the Project Title. Max 3 characters.
- Add a COmanage Services Object with the following configuration options:
- Name: this will be the XNAT Project Title.
- COU: Select a COU - this will provision those users assocaited to this COU (via Role Attributes) to the XNAT Project.
- Service Group: Select a group that matches the COmanage Provisioning Targets Services linking group.
- Short Label: This is the XNAT Project ID (prefixed with the Project ID Prefix).
Note: The XNAT Running Title is the concat of Project ID Prefix and the Short Label.
- COmanage CO Person objects are assigned roles to be provisioned to XNAT and to also be assigned to XNAT Projects.
- Select a CO Person and for Role Attributes add a new role with the following configuration:
- Select a child COU that contains xnat in the name.
- Update Affiliation and select one of the pre-defined affiliations from this list:
- XNAT Collaborator
- XNAT Member
- XNAT Owner
This COmanage Plugin has been tested with the following platform versions:
- COmanage: v4.3.3 and v4.3.4
- XNAT: version 1.8.10.1, build: 52