[Geoserver-users] Active Directory Authentication

GeoServer GeoServer User
1

Hi all,

I have been asked to implement Microsoft Active Directory Federation
Services as an identity provider and I was wondering if it would be possible
to use the credentials the user enters at the prompt for Active Directory
Federation Services to access resources within Geoserver?

In the past, I have implemented a Shibboleth IDP and the HTTP header
authentication within Geoserver to achieve this and did so successfully -
but I cannot seem to get it working with ADFS as the IDP. The requirement
is still in place to have a Shibboleth Service Provider protecting the
Geoserver instance.

Any help you can provide would be much appreciated.

Thanks,
Fran

--
View this message in context: http://osgeo-org.1560.x6.nabble.com/Active-Directory-Authentication-tp5179999.html
Sent from the GeoServer - User mailing list archive at Nabble.com.

2

Hi Fran,

···

In the past, I have implemented a Shibboleth IDP and the HTTP header
authentication within Geoserver to achieve this and did so successfully -
but I cannot seem to get it working with ADFS as the IDP. The requirement
is still in place to have a Shibboleth Service Provider protecting the
Geoserver instance.

I don’t have direct experience with ADFS, but can you explain how are you trying to integrate it with GeoServer? Using a Shibboleth Service Provider with an Apache frontend?

Thanks
Mauro

==
GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.

Dott. Mauro Bartolomeoli
@mauro_bart
Senior Software Engineer

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

3

Hi Mauro,

I am using a Shibboleth Service Provider, but use IIS as a web server and
have set up Application Request Routing to ensure anything with
"geoserver/web" in the URL is forwarded to port 8080 as part of the standard
Geoserver Jetty set up.

Thanks,
Fran

--
View this message in context: http://osgeo-org.1560.x6.nabble.com/Active-Directory-Authentication-tp5179999p5180305.html
Sent from the GeoServer - User mailing list archive at Nabble.com.

4

Hi Fran,
The Shibboleth configuration of the user data to extract from ADFS and forward through the service provider is probably the place to investigate if you cannot get user info in GeoServer.
Have you tried to replace GeoServer with a simple Java servlet (or JSP) to print all the http headers and see if the Shib-* prefixed ones are present and correct?

Thanks
Mauro

···

2015-01-07 10:18 GMT+01:00 fhmsparkle <Mooref@anonymised.com>:

Hi Mauro,

I am using a Shibboleth Service Provider, but use IIS as a web server and
have set up Application Request Routing to ensure anything with
“geoserver/web” in the URL is forwarded to port 8080 as part of the standard
Geoserver Jetty set up.

Thanks,
Fran


View this message in context: http://osgeo-org.1560.x6.nabble.com/Active-Directory-Authentication-tp5179999p5180305.html

Sent from the GeoServer - User mailing list archive at Nabble.com.

Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net

Geoserver-users mailing list
Geoserver-users@anonymised.comsts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users