pynetdicom.pdu_primitives.UserIdentityNegotiation

class pynetdicom.pdu_primitives.UserIdentityNegotiation

Representation of the User Identity Negotiation primitive.

Allows peer AEs to exchange generic application information.

The SOP Class Common Extended Negotiation is optional and there may only be a single SOPClassCommonExtendedNegotiation item for each available SOP Class UID.

In general, a User Identity Negotiation request that is accepted will result in Association establishment and possibly a server response if requested and supported by the peer. If a server response is requested but not received then the Requestor must decide how to proceed. An Association rejected due to an authorisation failure will be indicated using Rejection Permanent with a Source of “DICOM UL service provided (ACSE related function)”.

How the Acceptor handles authentication is to be implemented by the end-user and is outside the scope of the DICOM standard.

A-ASSOCIATE-RQ | user_identity_type | positive_response_requested | primary_field | secondary_field

A-ASSOCIATE-AC The server_response parameter is required when a response to the User Identity Negotiation request is to be issued (although this depends on whether or not this is supported by the Acceptor).

user_identity_type

A-ASSOCIATE-RQ only. One of the following values:

  • 1 - Username as string in UTF-8
  • 2 - Username as string in UTF-8 and passcode
  • 3 - Kerberos Service ticket
  • 4 - SAML Assertion
  • 5 - JSON Web Token
Type:int or None
positive_response_requested

A-ASSOCIATE-RQ only. True when requesting a response, False otherwise (default is False)

Type:bool
primary_field

A-ASSOCIATE-RQ only. Contains either the username, Kerberos Service ticket or SAML assertion depending on user_identity_type.

Type:bytes or None
secondary_field

A-ASSOCIATE-RQ only. Only required if the user_identity_type is 2, when it should contain the passcode as a bytes object, None otherwise

Type:bytes or None
server_response

A-ASSOCIATE-AC only. Shall contain the Kerberos Service ticket or SAML response if the user_identity_type in the Request was 3 or 4. Shall be None if user_identity_type was 1 or 2.

Type:bytes or None

Examples

>>> from pynetdicom.pdu_primitives import UserIdentityNegotiation
>>> item = UserIdentityNegotiation()
>>> item.user_identity_type = 2
>>> item.positive_response_requested = True
>>> item.primary_field = b'username'
>>> item.secondary_field = b'password'

References

  • DICOM Standard, Part 7, Annex D.3.3.7
__init__()

Initialize self. See help(type(self)) for accurate signature.

Methods

__init__() Initialize self.
from_primitive() Convert the primitive to a PDU item ready to be encoded.

Attributes

positive_response_requested Return Positive Response Requested.
primary_field Return Primary Field.
secondary_field Return the Secondary Field.
server_response Return the Server Response.
user_identity_type Return the User Identity Type.
from_primitive()

Convert the primitive to a PDU item ready to be encoded.

Returns:

item – pdu_items.UserIdentitySubItemAC

Return type:

pdu_items.UserIdentitySubItemRQ or

Raises:
  • ValueError – If server_response is None and user_identity_type or primary_field are None
  • ValueError – If server_response is None and user_identity_type is 2 and secondary_field is None
positive_response_requested

Return Positive Response Requested.

primary_field

Return Primary Field.

secondary_field

Return the Secondary Field.

server_response

Return the Server Response.

user_identity_type

Return the User Identity Type.