Hi there
Just learning about Geoserver - I have a multi-tenant web mapping application running on ArcGIS server which I am trying to replace with geoserver. Identity of the users for tenants are maintained through another identity api. After successful login Api generates the session token through get token service for a user passing the fixed credentials. Geoserver provides Digest and http header method- but is there a way to generate unique tokens for every session- so that no information related to user authentication is hard coded in client side code. Thanks
Hi
I am a little bit confused about your architecture. Which identiy API and product are you using ?
Cheers
Christian
···
On Wed, Jan 6, 2016 at 8:27 PM, Deepti Puri <deepti202jais@anonymised.com> wrote:
Hi there
Just learning about Geoserver - I have a multi-tenant web mapping application running on ArcGIS server which I am trying to replace with geoserver. Identity of the users for tenants are maintained through another identity api. After successful login Api generates the session token through get token service for a user passing the fixed credentials. Geoserver provides Digest and http header method- but is there a way to generate unique tokens for every session- so that no information related to user authentication is hard coded in client side code. Thanks
Geoserver-users mailing list
Geoserver-users@anonymised.comsts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
–
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
Hi,
from what I understand, you are trying to share the session token generated by your identity API so that it can be used to authenticate requests to GeoServer.
If this is the case, the authkey community module can be used for that purpose, but you need a service that translates the token to a real username. You say that you are using a get token service to authenticate the user and get a session token. Does your identity API have a service to get user info given a particular token?
Regards,
Mauro Bartolomeoli
···
2016-01-06 20:27 GMT+01:00 Deepti Puri <deepti202jais@anonymised.com>:
Hi there
Just learning about Geoserver - I have a multi-tenant web mapping application running on ArcGIS server which I am trying to replace with geoserver. Identity of the users for tenants are maintained through another identity api. After successful login Api generates the session token through get token service for a user passing the fixed credentials. Geoserver provides Digest and http header method- but is there a way to generate unique tokens for every session- so that no information related to user authentication is hard coded in client side code. Thanks
Geoserver-users mailing list
Geoserver-users@anonymised.comsts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
Hi Christian and Mauro
We are using the leaflet and Angular based client side app which communicates with spatial data through C# API.
Identity server (a C# based API) matches the email id and password from identity storage and calls ArcGIS server get token service with a generic username, password and referer (essentially we are calling this from server side API (used as proxy server for intial request) and generating an authentication token). and this token is used for all the communication between user and arcgis server until token expired for the session. So we don’t need to store any credential on client side code. In this scenario, tokens are unique for a user’s session.
Geoserver can be configured for a key or encrypted password but I am trying to explore an option where we can have some sort of session password with some sort of expiration / validation of referer. We don’t want to move all the users to geoserver currently.
Please advise if something is not clear.
Thanks
···
On Sun, Jan 10, 2016 at 9:46 AM, Christian Mueller <christian.mueller@anonymised.com> wrote:
Hi
I am a little bit confused about your architecture. Which identiy API and product are you using ?
Cheers
Christian
On Wed, Jan 6, 2016 at 8:27 PM, Deepti Puri <deepti202jais@anonymised.com> wrote:
Hi there
Just learning about Geoserver - I have a multi-tenant web mapping application running on ArcGIS server which I am trying to replace with geoserver. Identity of the users for tenants are maintained through another identity api. After successful login Api generates the session token through get token service for a user passing the fixed credentials. Geoserver provides Digest and http header method- but is there a way to generate unique tokens for every session- so that no information related to user authentication is hard coded in client side code. Thanks
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
–
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
Hi Deepti,
with the authkey module GeoServer can use a session token like the one you are talking about. But if you need by session tokens, expiration and other advanced features, GeoServer is not able to do that by its own, it can use your infrastructure and use the externally generated token to authenticate requests, but cannot create or expire them.
When integrated this way, the client can send requests to GeoServer with an additional parameter with the token and no other credentials.
Regards,
Mauro Bartolomeoli
···
2016-01-11 15:51 GMT+01:00 Deepti Puri <deepti202jais@anonymised.com>:
Hi Christian and Mauro
We are using the leaflet and Angular based client side app which communicates with spatial data through C# API.
Identity server (a C# based API) matches the email id and password from identity storage and calls ArcGIS server get token service with a generic username, password and referer (essentially we are calling this from server side API (used as proxy server for intial request) and generating an authentication token). and this token is used for all the communication between user and arcgis server until token expired for the session. So we don’t need to store any credential on client side code. In this scenario, tokens are unique for a user’s session.
Geoserver can be configured for a key or encrypted password but I am trying to explore an option where we can have some sort of session password with some sort of expiration / validation of referer. We don’t want to move all the users to geoserver currently.
Please advise if something is not clear.
Thanks
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
Geoserver-users mailing list
Geoserver-users@anonymised.comsts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
On Sun, Jan 10, 2016 at 9:46 AM, Christian Mueller <christian.mueller@anonymised.com> wrote:
Hi
I am a little bit confused about your architecture. Which identiy API and product are you using ?
Cheers
Christian
On Wed, Jan 6, 2016 at 8:27 PM, Deepti Puri <deepti202jais@anonymised.com> wrote:
Hi there
Just learning about Geoserver - I have a multi-tenant web mapping application running on ArcGIS server which I am trying to replace with geoserver. Identity of the users for tenants are maintained through another identity api. After successful login Api generates the session token through get token service for a user passing the fixed credentials. Geoserver provides Digest and http header method- but is there a way to generate unique tokens for every session- so that no information related to user authentication is hard coded in client side code. Thanks
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
–
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH