Dear List,
Introduction and Background:
This email is a proposal for a new Authentication module that can be used to integrate GeoServer with external HTTP Authentication endpoints. GeoServer already provides authentication via JDBC, LDAP. The new proposed module works similarly, as it queries an external URL to authenticate the user. There are multiple scenarios where GeoServer is deployed in environments having centralized authentication services. This community module is aimed at simplifying and streamlining this type integration.
Authentication :
The external HTTP endpoint will be configurable through known place holders {user} and {passowrd}. (e.g http://localhost:5000/auth?u={user}&p={password}. These placeholders will be substituted with credentials.
Authorization Options :
For services responding with roles, the module will parse the roles in response using a configured Regex expression.
Alternatively, an existing Role service can be selected to authorize a successfully authenticated user. By default the system level Role service will be used.
Looking forward to your valuable feedback and suggestions
regards,
Imran
– I.R