[GeoNode-users] geoserver authentication in multi-geosites

Eugenio Trumpy frippe12573 at hotmail.com
Fri Apr 7 07:05:13 PDT 2017


Dear Francesco,


I had no problem with geonode classical installation and I was able to configure also geosites thanks to the help of this mailing list. Unfortunately I had to update geoserver to a newer version respect the one distributed with geonode, since I had some issues with nodata areas produced by the reprojecting procedures of the raster layers. The mailing list suggested me to upgrade geoserver. Almost everything works fine with the geoserver-2.9 except the authentication both in the master site and in the geosites I have.


If I leave the master URL name in <baseurl> in config.xml in security/auth/geonodeauthprovider/ I'm able to authanticate as admin in geoserver only from the master site, but not from the geosites. If I follow the instruction to leave <baseurl> in config.xml in security/auth/geonodeauthprovider/ empty as decribed in https://github.com/terranodo/geosites-project/blob/master/GEOSITES-README.md I cannot authenticate neither from the master site nor in the geosites.

I guess I have something wrong somewhere.


Probably my last email was a bit confused, due to the fact that I tried to change many times the configuration without positive results, and I was a bit frustrated.


That said I'm ready to help the community as I can, I can write some lines from my notes about how to setup a geosite from a normal geonode installation, or if you prefer suggest which point in the documentation have to be updated, but consider I'm not a developer.


Thanks


Eugenio



________________________________
Da: Francesco Bartoli <xbartolone at gmail.com>
Inviato: giovedì 6 aprile 2017 17.46
A: Eugenio Trumpy
Cc: Alessio Fabiani; Simone Dalmasso; geonode-users at lists.osgeo.org
Oggetto: Re: [GeoNode-users] geoserver authentication in multi-geosites

Dear Eugenio,

since the master is not working and there is a plenty of documentation how a plain geonode 2.4 should be configured even for the old authentication mechanism I'd rather you did not claim help early for more complex features like multi tenancy authentication as opposed to challenging yourself to solve the easiest.

That said I'd encourage again to keep notes of everything that could be helpful to improve our documentation for geosites and give back to the community with pull requests.
Your project can be very useful in such a sense because what you are going to achieve is not common so far and in case of a successful integration (I'm quite sure of this) all the community can also further benefit.

Many thanks
Ciao
Francesco

Sent from Nylas Pro<https://link.nylas.com/link/43o9gzlmd58gqwkxv3di3wjcc/local-22b04220-62bf/0?redirect=https%3A%2F%2Fnylas.com%2Fnylas-pro%3Fref%3Dn1&r=ZnJpcHBlMTI1NzNAaG90bWFpbC5jb20=>, the most powerful email app for work


On apr 6 2017, at 4:40 pm, Eugenio Trumpy <frippe12573 at hotmail.com> wrote:

Unfortunately I have to come back again on this topic, that seemed to be almost solved yesterday, because this morning I realized that in my running configuration I cannot view any layer (i.e. in the info page I see the pink tiles) if I'm not logged in geoserver as admin, and since the authentication via geonode dosen't currently work fine that is a problem.

This happen both from the master and from geosites.

I think there still is some problem on geoserver configuration.

No useful info on logs.


________________________________
Da: Simone Dalmasso <simone.dalmasso at gmail.com>
Inviato: mercoledì 5 aprile 2017 15.39
A: Eugenio Trumpy
Cc: geonode-users at lists.osgeo.org
Oggetto: Re: geoserver authentication in multi-geosites

Eugenio, I don't see wrong config. It is ok I guess to leave the master site host in the gs config as well as I think it is ok that you cannot log in directly into gs from a child site. That said, when geosites was developed, the geoserver ext was modified to make sure that geoserver pings the same host that made the http request for authentication instead of relying on the base url parameter. So ideally it should work as you would expect.


2017-04-05 14:39 GMT+02:00 Eugenio Trumpy <frippe12573 at hotmail.com<mailto:frippe12573 at hotmail.com>>:

Hi,


I'm working on geonode 2.4 in a Ubuntu server 14.04LTS (tomcat7, java8).

I had to upgrade geoserver from 2.7.x version up to 2.9.x.

In the system I configured geonode to work as multi-geosites.

The master site is the normal geonode site, I mean it use the local_setting.py I have in /geonode/geonode

The geosites are in /geonode/geonode/contrib/geosites, and they use the relative config files.


The documentation: https://github.com/terranodo/geosites-project/blob/master/GEOSITES-README.md<https://github.com/terranodo/geosites-project/blob/master/GEOSITES-README.md&r=ZnJpcHBlMTI1NzNAaG90bWFpbC5jb20=>

indicates to leave empty <baseurl> in config.xml in security/auth/geonodeauthprovider/

In that way I have this error:

java.lang.IllegalArgumentException: host parameter is null
        org.apache.commons.httpclient.HttpConnection.<init>(HttpConnection.java:206)
        org.apache.commons.httpclient.HttpConnection.<init>(HttpConnection.java:155)
        org.apache.commons.httpclient.SimpleHttpConnectionManager.getConnectionWithTimeout(SimpleHttpConnectionManager.java:175)
        org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:153)
        org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
        org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
        org.geonode.security.HTTPClient.sendGET(HTTPClient.java:89)
        org.geonode.security.DefaultSecurityClient.authenticate(DefaultSecurityClient.java:185)
        org.geonode.security.DefaultSecurityClient.authenticateCookie(DefaultSecurityClient.java:116)
        org.geonode.security.GeoNodeAuthenticationProvider.authenticate(GeoNodeAuthenticationProvider.java:66)
        org.geoserver.security.GeoServerAuthenticationProvider.authenticate(GeoServerAuthenticationProvider.java:58)
        org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:167)
        org.geoserver.security.GeoServerSecurityManager$1.authenticate(GeoServerSecurityManager.java:323)
        org.geonode.security.GeoNodeCookieProcessingFilter.doFilter(GeoNodeCookieProcessingFilter.java:94)
        org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
        org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)
        org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)
        org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilter(GeoServerSecurityContextPersistenceFilter.java:53)
        org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)
        org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)
        org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
        org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
        org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
        org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:152)
        org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
        org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
        org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:87)
        org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:42)
        org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:48)
        org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:44)
        org.springframework.web.filter.CharacterEncodingFilter.doFilterIntaernal(CharacterEncodingFilter.java:121)
        org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

both if I use the geoserver link in the menu (once logged in) and if I call geoserver by using the geoserver url in the browser address bar.


If set the doman name of the master site in <baseurl> in config.xml in security/auth/geonodeauthprovider/

I'm able to enter in geoserver as admin from the menu, by the way doing the same operation from a geosite

I got the geoserverage but not logged.


The master site virtualhost as well as those of the geosites have the proxypass and reverse pointing to http://localhost:8080/geoserver<http://localhost:8080/geoserver&r=ZnJpcHBlMTI1NzNAaG90bWFpbC5jb20=>

The same in /geonode/geonode/contrib/geosites/local_setting.py and pre-setting.py I have http://localhost:8080/geoserver<http://localhost:8080/geoserver&r=ZnJpcHBlMTI1NzNAaG90bWFpbC5jb20=>


Is there a wrong configuration?

Any hints?





--
Simone
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20170407/f5e7bb61/attachment-0001.html>


More information about the geonode-users mailing list