pynetdicom._handlers.doc_handle_userid(event: Event, *args: Sequence[Any]) Tuple[bool, Optional[bytes]][source]

Documentation for handlers bound to evt.EVT_USER_ID.

User implementation of this handler is required if User Identity Negotiation is to be supported by the association. If no handler is implemented and bound to evt.EVT_USER_ID then the association will be accepted (provided there’s no other reason to reject it) and no User Identity Negotiation response will be sent in reply even if one is requested.



  • event (events.Event) –

    The event representing an association request being received which contains a User Identity Negotiation item. Event attributes are:

    • assoc: the Association that is running the service that received the user identity negotiation request.

    • event: the event that occurred as InterventionEvent.

    • primary_field: the Primary Field value (as bytes), contains the username, the encoded Kerberos ticket or the JSON web token, depending on the value of user_id_type.

    • secondary_field: the Secondary Field value. Will be None unless the user_id_type is 2 in which case it will be bytes.

    • timestamp: the date and time that the negotiation request was processed as datetime.datetime.

    • user_id_type: the User Identity Type value (as an int), which indicates the form of user identity being provided:

      • 1 - Username as a UTF-8 string

      • 2 - Username as a UTF-8 string and passcode

      • 3 - Kerberos Service ticket

      • 4 - SAML Assertion

      • 5 - JSON Web Token

  • args – If the handler was bound to the event using bind(event, handler, args) or by passing evt_handlers=[(event, handler, args), ...], where args is a list then there will be one or more optional extra parameters matching the contents of args.


  • is_verified (bool) – Return True if the user identity has been confirmed and you wish to proceed with association establishment, False otherwise.

  • response (bytes or None) – If user_id_type is:

    • 1 or 2, then return None

    • 3 then return the Kerberos Server ticket as bytes

    • 4 then return the SAML response as bytes

    • 5 then return the JSON web token as bytes