Geonetwork security: 2FA or only login via LAN

Login into a geonetwork server via the user interface is imho very insecure: everyone can login and that even without 2FA. Or am I missing something? Are there options to implement 2FA and even better, options to disable login from outside the LAN?

Hi,

No plan as of now to implement 2FA as far as I’m aware of. This being said, GeoNetwork can also be integrated with an identity provider such as CAS or Keycloak, which should offer stronger security options and let you restrict the login action to LAN only for instance.

Additionally, the login menu on the top-right can be disabled in the UI config (administration menu > settings). You might want to do that if you don’t want your public catalog to show such an option to the public.

1 Like

Ok, thx!

But how do you login when the login menu is disabled?

You can access to http://SERVER/geonetwork/srv/eng/catalog.signin to login. Also as suggested by @jahow you can integrate an external identity provider like CAS / KeyCloak or OpenId.