We currently have a geoserver instance running which requires authentication to get data. As we are using Single Signon, we are able to go to geonetwork application and then geoserver without having to re-enter credentials when going to geoserver.
So we tried to add a layer to geonetwork map servers however we receive a 404 error.
It seems that this may be related to the web proxy
https://geonetwork-opensource.org/manuals/trunk/eng/users/maintainer-guide/production-use/index.html#web-proxy
I’m believe geonetwork is accepting the wms service url and calling the service as a proxy without any credentials. I’m not sure why it returns a 404 instead of a 401 (maybe related to https://github.com/geonetwork/core-geonetwork/issues/4747)
So I believe the request to geoserver were not using the proxy url, the Single signin would still apply and it should work.
On the link above it contains the following text.
“A best practice is to whitelist a series of servers which are known to contain data services. However the best guidance here is to recommend to any data provider to enable CORS on their services, and then disable the web proxy. CORS fixes the cross browser communication limitation in the proper way.”
Question:
How is the web proxy disabled? I cannot find any information in the documentation.
Where are the servers whitelisted? Is this on geonetwork or elsewhere? Is it possible to have our geoserver request not use the web proxy but all other server requests could continue to use the web proxy.
Thank you
Hi, the client app should try first to access directly the requested URL
https://github.com/geonetwork/core-geonetwork/blob/main/web-ui/src/main/resources/catalog/components/utility/CORSInterceptor.js#L105-L106
and if it fails then try using the proxy ?
Cheers.
Francois
Le jeu. 22 avr. 2021 à 19:41, Ian Allen <ianwallen@anonymised.com> a écrit :
We currently have a geoserver instance running which requires authentication to get data. As we are using Single Signon, we are able to go to geonetwork application and then geoserver without having to re-enter credentials when going to geoserver.
So we tried to add a layer to geonetwork map servers however we receive a 404 error.
It seems that this may be related to the web proxy
https://geonetwork-opensource.org/manuals/trunk/eng/users/maintainer-guide/production-use/index.html#web-proxy
I’m believe geonetwork is accepting the wms service url and calling the service as a proxy without any credentials. I’m not sure why it returns a 404 instead of a 401 (maybe related to https://github.com/geonetwork/core-geonetwork/issues/4747)
So I believe the request to geoserver were not using the proxy url, the Single signin would still apply and it should work.
On the link above it contains the following text.
“A best practice is to whitelist a series of servers which are known to contain data services. However the best guidance here is to recommend to any data provider to enable CORS on their services, and then disable the web proxy. CORS fixes the cross browser communication limitation in the proper way.”
Question:
How is the web proxy disabled? I cannot find any information in the documentation.
Where are the servers whitelisted? Is this on geonetwork or elsewhere? Is it possible to have our geoserver request not use the web proxy but all other server requests could continue to use the web proxy.
Thank you
GeoNetwork-devel mailing list
GeoNetwork-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-devel
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork
Francois,
Thank you for the advice.
In the end, I believe we hit an cors design limitation
https://stackoverflow.com/questions/63959005/how-to-avoid-cors-issue-on-302-redirect-after-an-ajax-post-call
When we attempt to access the WMS service, it does a redirect to keycloak to verify authentication. But the problem is that since the redirect is to a different domain, the origin gets set to “null” and so it fails cors.
We are still investigating to see if we can find a solution.
(attachments)
···
From: Francois Prunayre fx.prunayre@anonymised.com
Sent: April 23, 2021 2:47 AM
To: Ian Allen ianwallen@anonymised.com
Cc: Devel geonetwork-devel@lists.sourceforge.net geonetwork-devel@lists.sourceforge.net
Subject: Re: [GeoNetwork-devel] Web Proxy issue
Hi, the client app should try first to access directly the requested URL
https://github.com/geonetwork/core-geonetwork/blob/main/web-ui/src/main/resources/catalog/components/utility/CORSInterceptor.js#L105-L106
and if it fails then try using the proxy ?
Cheers.
Francois
Le jeu. 22 avr. 2021 à 19:41, Ian Allen <ianwallen@anonymised.com…> a écrit :
We currently have a geoserver instance running which requires authentication to get data. As we are using Single Signon, we are able to go to geonetwork application and then geoserver without having to re-enter credentials when going to geoserver.
So we tried to add a layer to geonetwork map servers however we receive a 404 error.
It seems that this may be related to the web proxy
https://geonetwork-opensource.org/manuals/trunk/eng/users/maintainer-guide/production-use/index.html#web-proxy
I’m believe geonetwork is accepting the wms service url and calling the service as a proxy without any credentials. I’m not sure why it returns a 404 instead of a 401 (maybe related to https://github.com/geonetwork/core-geonetwork/issues/4747)
So I believe the request to geoserver were not using the proxy url, the Single signin would still apply and it should work.
On the link above it contains the following text.
“A best practice is to whitelist a series of servers which are known to contain data services. However the best guidance here is to recommend to any data provider to enable CORS on their services, and then disable the web proxy. CORS fixes the cross browser communication limitation in the proper way.”
Question:
How is the web proxy disabled? I cannot find any information in the documentation.
Where are the servers whitelisted? Is this on geonetwork or elsewhere? Is it possible to have our geoserver request not use the web proxy but all other server requests could continue to use the web proxy.
Thank you
GeoNetwork-devel mailing list
GeoNetwork-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-devel
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork