This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Logging into XNAT

Logging into XNAT


If your organisation is part of the Australian Access Federation (AAF), you can use your AAF credentials to sign up. See here

For more details on the Australian Access Federation, see

RCC Authenticate

To use this login, you would have received an email from a UQ XNAT administrator with the login information.

1 - AAF login

Login using Australian Access Federation (AAF)

If your organisation is part of the Australian Access Federation (AAF), you can use your AAF credentials to sign up. Follow the steps below to sign-up/login using AAF.

  1. Open
  2. Login in with the AAF Single sign-on button (shown below)

This will take you to your XNAT home page.

2 - Alias tokens

Alias tokens

AAF is used for logging into the XNAT website itself.

But there are a lot of tools and services that will require a connect to the XNAT server externally

These could include

  • Windows or Mac desktop clients, like XNAT Desktop
  • Command line tools such as xnatpy, pyxnat, xnatutils etc

All of these tools and services need a way to authenticating to your XNAT account without AAF.

An alias token is a time-limited, long, randomised username and password used for authenticating from external services, without compromising your AAF account or credentials. They can be generated and revoked easily

We’ll look at how to generate them next

Generating Alias tokens

To access the alias token Click your name on the top right of the website. This will take you to your user profile management page

Then click the “Manage Alias Tokens” option

There, you’ll find the option to “Create an Alias Token”

When you create the alias token, it will appear as a new entry

Alias tokens expire 60 days after creation There will be an expiration date column.

You can have multiple alias tokens. And they can be deleted and created as needed to revoke permissions. Each one will be randomised and unique.

Lets have a look at the alias token details which you can access by clicking on the token.

The key attributes that we need are the alias and the secret The alias is your username And secret is your password

So you can use the alias and secret for any external clients requesting a username and password.

Just note, the alias and secret are effectively a temporary set of login credentials. Do not reveal the secret. It is effectively your temporary password. If you no longer require the alias token, or suspect a secret has been compromised, just delete the alias token.