Im having trouble getting http digest to work with anything in geoserver 2.6.
I've added a digest authentication filter to the REST filter chain and
removed the anonymous and basic filters. In addition, I've edited the
rest.properties file to allow the required roles access to the rest paths.
Using a variety of agents (wget, curl, firefox), I simply cannot
authenticate to the REST API once all of these are configured. I Inspected
the header output of the interchange, and geoserver *appears* to be sending
what is expected wrt to the HTTP digest protocol, and the agents appear to
be responding back properly, but I'm getting 401 all the same.
I HAVE made changes elsewhere to the security configuration (replaced the
default admin user with a differently named one, being sure to grant the
ADMIN role to the new user) but I would not expect this to be an issue.The
only thing I'm seeing in the debug log output is a message saying that
AuthenticationCache couldn't find anything, which I would expect having not
logged in yet.
The only time I can access the rest api with digest authentication
configured is if I am logged in as the admin user in the web gui, and then
during that session navigate to the REST api in the browser.
My main goal with this post is to determine if someone is successfully
running digest authentication against the REST API using geoserver 2.6, so
that I know whether to continue to look for configuration problems or break
out the debugger (I've actually starting debugging somewhat, but there is a
lot going on in the security subsystems, so that is going to take a while).
Interestingly, I could not get digest authentication to work properly in
2.2.1 (the version I upgraded from) without manual changes to the security
configuration xml (some kind of gui issue).
email:
clifford.harms[at]navy.mil
clifford.harms[at]gmail.com
--
View this message in context: http://osgeo-org.1560.x6.nabble.com/Securing-REST-with-http-digest-tp5176711.html
Sent from the GeoServer - User mailing list archive at Nabble.com.
Hi Clifford
Could you send me your security/rest.properties and the security/config.xml file.
Cheers
Christian
···
On Fri, Dec 5, 2014 at 11:43 PM, clifford.harms <clifford.harms@anonymised.com> wrote:
Im having trouble getting http digest to work with anything in geoserver 2.6.
I’ve added a digest authentication filter to the REST filter chain and
removed the anonymous and basic filters. In addition, I’ve edited the
rest.properties file to allow the required roles access to the rest paths.
Using a variety of agents (wget, curl, firefox), I simply cannot
authenticate to the REST API once all of these are configured. I Inspected
the header output of the interchange, and geoserver appears to be sending
what is expected wrt to the HTTP digest protocol, and the agents appear to
be responding back properly, but I’m getting 401 all the same.
I HAVE made changes elsewhere to the security configuration (replaced the
default admin user with a differently named one, being sure to grant the
ADMIN role to the new user) but I would not expect this to be an issue.The
only thing I’m seeing in the debug log output is a message saying that
AuthenticationCache couldn’t find anything, which I would expect having not
logged in yet.
The only time I can access the rest api with digest authentication
configured is if I am logged in as the admin user in the web gui, and then
during that session navigate to the REST api in the browser.
My main goal with this post is to determine if someone is successfully
running digest authentication against the REST API using geoserver 2.6, so
that I know whether to continue to look for configuration problems or break
out the debugger (I’ve actually starting debugging somewhat, but there is a
lot going on in the security subsystems, so that is going to take a while).
Interestingly, I could not get digest authentication to work properly in
2.2.1 (the version I upgraded from) without manual changes to the security
configuration xml (some kind of gui issue).
email:
clifford.harms[at]navy.mil
clifford.harms[at]gmail.com
–
View this message in context: http://osgeo-org.1560.x6.nabble.com/Securing-REST-with-http-digest-tp5176711.html
Sent from the GeoServer - User mailing list archive at Nabble.com.
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
Geoserver-users mailing list
Geoserver-users@anonymised.comsts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
–
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH