[GeoNetwork-devel] Geonetwork Single Sign on

Hello,

I am trying to achieve single sign on using Geonetwork.

I have followed the following example in Login http://geonetwork-opensource.org/manuals/2.6.4/developer/xml_services/java_xml_services.html where the HttpClient object is being reused to make further services which requires authentication

Instead of resusing HttpClient after the first login in geonetwork we want to get the Cookies and then for subsequent requests for services which require authentication we want to make use of these cookies.

I am trying to do this using the following code

URL url = new URL(http://localhost:8080/geonetwork/srv/en/xml.user.login);

URLConnection urlConn = url.openConnection();

urlConn.setRequestProperty(“Cookie”, cookieHeader);

urlConn.connect();

cookieHeaderName = urlConn.getHeaderField(“Set-Cookie”);

Then I use the following cookieHeaderName for subsequent service calls.

What should be the format of cookieHeader and what values do we need to set it in? I tried setting JSESSIONID, but I always gets User Not Authenticated.Kindly help.

Regards

Kumaran

Kumaran,

Here is how I do this in Python using the httplib, urllib and lxml
libraries. It should be very similar in with httpClient. Cookie parameters
used are "username" and "password". To retrieve this info, I put this in the
header, "'Cookie': GNConnection.cookie".

First I get a connection and assign the username and password then place
these in a cookie:

def connect(username, pword):
        
        GN = GNConnection
        path = '/geonetwork/srv/en/xml.user.login'
        
        try:
            httpServ = httplib.HTTPConnection(GN.GNServer)
            httpServ.set_debuglevel(0)
            httpServ.connect()
            param = urllib.urlencode({'username':username,
'password':pword})
            header = {"Content-type": "application/x-www-form-urlencoded",
                        "Accept":
"text/plain,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
                        "Connection": "keep-alive", "Keep-Alive":"300"}
            httpServ.request('POST', path, param, header)
            conn = httpServ.getresponse()
            conn.read()

            ckstr = conn.getheader('set-cookie')
            cook = ckstr.split(';')
            GN.cookie = cook[0]
            
        except urllib2.URLError, e:
            print e
            conn.status = 400

Next, I retrieve records using the username and password stored in the
cookie:

    def xmlcall(service, param):
        
        header = {'Accept': 'image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg ',
                    'Accept-Language': 'en-nz',
                    'Content-Type': 'application/x-www-form-urlencoded',
                    'Connection': 'Keep-Alive',
                    'Cookie': GNConnection.cookie}
        
        path ='/geonetwork/srv/en/' + service

        doc = urllib2.Request('http://' + GNConnection.GNServer + path,
param, header)
        response1 = urllib2.urlopen(doc)
        txt = response1.read()
        
        return txt

Cheers,
Byron

Kumaran Narayanaswamy wrote:

Hello,

I am trying to achieve single sign on using Geonetwork.

I have followed the following example in Login
http://geonetwork-opensource.org/manuals/2.6.4/developer/xml_services/java_x
ml_services.html where the HttpClient object is being reused to make
further services which requires authentication

Instead of resusing HttpClient after the first login in geonetwork we want
to get the Cookies and then for subsequent requests for services which
require authentication we want to make use of these cookies.

I am trying to do this using the following code

    URL url = new
URL(http://localhost:8080/geonetwork/srv/en/xml.user.login);

                URLConnection urlConn = url.openConnection();

                urlConn.setRequestProperty("Cookie", cookieHeader);

                urlConn.connect();

                cookieHeaderName = urlConn.getHeaderField("Set-Cookie");

Then I use the following cookieHeaderName for subsequent service calls.

What should be the format of cookieHeader and what values do we need to
set
it in? I tried setting JSESSIONID, but I always gets User Not
Authenticated.Kindly help.

Regards

Kumaran

------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
GeoNetwork-devel mailing list
GeoNetwork-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-devel
GeoNetwork OpenSource is maintained at
http://sourceforge.net/projects/geonetwork

Kumaran Narayanaswamy wrote:

Hello,

I am trying to achieve single sign on using Geonetwork.

I have followed the following example in Login
http://geonetwork-opensource.org/manuals/2.6.4/developer/xml_services/java_x
ml_services.html where the HttpClient object is being reused to make
further services which requires authentication

Instead of resusing HttpClient after the first login in geonetwork we want
to get the Cookies and then for subsequent requests for services which
require authentication we want to make use of these cookies.

I am trying to do this using the following code

    URL url = new
URL(http://localhost:8080/geonetwork/srv/en/xml.user.login);

                URLConnection urlConn = url.openConnection();

                urlConn.setRequestProperty("Cookie", cookieHeader);

                urlConn.connect();

                cookieHeaderName = urlConn.getHeaderField("Set-Cookie");

Then I use the following cookieHeaderName for subsequent service calls.

What should be the format of cookieHeader and what values do we need to
set
it in? I tried setting JSESSIONID, but I always gets User Not
Authenticated.Kindly help.

Regards

Kumaran

------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
GeoNetwork-devel mailing list
GeoNetwork-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-devel
GeoNetwork OpenSource is maintained at
http://sourceforge.net/projects/geonetwork

--
View this message in context: http://osgeo-org.1803224.n2.nabble.com/Geonetwork-Single-Sign-on-tp6557050p6559954.html
Sent from the GeoNetwork developer mailing list archive at Nabble.com.