<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
h1
{mso-style-priority:9;
mso-style-link:"Heading 1 Char";
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:24.0pt;
font-family:"Times New Roman","serif";
font-weight:bold;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.Heading1Char
{mso-style-name:"Heading 1 Char";
mso-style-priority:9;
mso-style-link:"Heading 1";
font-family:"Cambria","serif";
color:#365F91;
font-weight:bold;}
span.m-3572463882427276572400184714-12042007
{mso-style-name:m_-3572463882427276572400184714-12042007;}
span.m-3572463882427276572296245114-12042007
{mso-style-name:m_-3572463882427276572296245114-12042007;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--> gfidisc.scisys.co.uk {color:black; !important} </style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<meta name="application-name" content="gfidisc.scisys.co.uk "> </head>
<body lang="EN-GB" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Brilliant – very useful – exactly what we are about to implement. If this works as per explained we will feedback here.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#7A2B2E">Pascal Coulon
<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#7A2B2E">GIS Technical Architect</span><span style="color:blue">
</span><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#7A2B2E">-</span><span style="color:blue">
</span><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#7A2B2E">Enterprise Solutions & Defence</span><span style="color:blue"><br>
</span><b><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#C72E2D">SCISYS UK Limited</span></b><span style="color:blue">
<br>
</span><span style="font-size:7.5pt;font-family:"Arial","sans-serif";color:#343434">T: +44 (0)117 916</span><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#343434">5237 | F: +44 (0)1249 465237 | M:+44 (0) 7876397844<br>
E: </span><span lang="FR" style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#343434"><a href="mailto:pascal.coulon@scisys.co.uk"><span lang="EN-GB">pascal.coulon@scisys.co.uk</span></a></span><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#343434">
| </span><span lang="FR" style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#343434"><a href="http://www.scisys.co.uk/"><span lang="EN-GB">http://www.scisys.co.uk</span></a></span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Francesco Bartoli [mailto:xbartolone@gmail.com]
<br>
<b>Sent:</b> 22 January 2018 20:59<br>
<b>To:</b> Alessio Fabiani<br>
<b>Cc:</b> Pascal Coulon; geonode-users@lists.osgeo.org<br>
<b>Subject:</b> Re: [GeoNode-users] Geonode & Geoserver - Secure WMS<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Never tried this <a href="https://github.com/GeoNode/geonode/pull/3415">https://github.com/GeoNode/geonode/pull/3415</a> but it should allow to get an access token from external applications.<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">@Pascal, it is worth a look and maybe a PR for geonode docs on how to use it.<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Thanks<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Francesco <o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">Il giorno 22/gen/2018, alle ore 19:02, Alessio Fabiani <<a href="mailto:alessio.fabiani@geo-solutions.it">alessio.fabiani@geo-solutions.it</a>> ha scritto:<o:p></o:p></p>
</div>
<p class="MsoNormal"><br>
<br>
<o:p></o:p></p>
<div>
<p class="MsoNormal">Hello Pascal,<o:p></o:p></p>
<div>
<p class="MsoNormal">currently, without further customizations, the only way to access resources from external clients is by putting the valid OAUth2 access_token generated by GeoNode into the OWS request URL parameters.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">To retrieve this, you need to log into GeoNode, go to any layer details, click on "Download Layer" and copy the "access_token" query parameter from any of the generated query strings.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">There are plans to make it more easy for the users to retrieve the access_token from GeoNode in the future, but currently this is the only way to do this.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><br clear="all">
<o:p></o:p></p>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif"">Regards,</span><span style="font-size:9.5pt"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif"">Alessio Fabiani</span><span style="font-size:9.5pt"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif"">==<br>
GeoServer Professional Services from the experts! Visit <a href="http://goo.gl/it488V" target="_blank">
http://goo.gl/it488V</a> for more information.<br>
==<br>
<br>
Ing. Alessio Fabiani</span><span style="font-size:9.5pt"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif"">@alfa7691<br>
Founder/Technical Lead</span><span style="font-size:9.5pt"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif""><br>
GeoSolutions S.A.S.<br>
Via di Montramito 3/A<br>
55054 Massarosa (LU)<br>
Italy<br>
phone: +39 0584 962313<br>
fax: +39 0584 1660272<br>
mob: +39 331 6233686<br>
<br>
<a href="http://www.geo-solutions.it/" target="_blank">http://www.geo-solutions.it</a><br>
<a href="http://twitter.com/geosolutions_it" target="_blank">http://twitter.com/geosolutions_it</a><br>
<br>
-------------------------------------------------------</span><span style="font-size:9.5pt"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif"">AVVERTENZE AI SENSI DEL D.Lgs. 196/2003</span><span style="font-size:9.5pt"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif"">Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente
al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo
dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.</span><span style="font-size:9.5pt"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif"">The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature
or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or
partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received
in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission,
viruses, etc.</span><span style="font-size:9.5pt"><o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">2018-01-22 18:50 GMT+01:00 Pascal Coulon <<a href="mailto:Pascal.Coulon@scisys.co.uk" target="_blank">Pascal.Coulon@scisys.co.uk</a>>:<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Hello,<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">I have a use case where I need to securely access OGC services managed by GeoNode, Geoserver and GeoFence. Access is required outside Geonode portal into third party application:
desktop, other spatial web portal, etc.<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Geonode is used as the gateway to manage all datasets. On setting the permissions on a given datasets the relevant permissions are being pushed to GeoFence via its rest API. By
default a ground data rule is set by default in GeoFence that prevent accessing / viewing all datasets; which means that then datasets would only be visible based on permissions set in GeoNode.<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">The above part makes sense as long as one browses the data only in GeoNode. However, as soon as one wants to access the OGC end points in say QGIS / ArcMAP (e.g. wms, wfs) available
on <a href="http://mydomain/geoserver/geonode/wms" target="_blank">http://mydomain/geoserver/geonode/wms</a>, you are not anymore authenticated. I have already looked into basic authentication; but as far as I understand it, this approach requires recreating
the Geonode user in GeoServer. <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">What are the options then for a desktop / third party application’s user to access the secure OGC end-points managed through Geonode? Which Geoserver authentication filter one should
use?<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Hope this makes sense. Any thoughts or pointer would be greatly appreciated.<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Cheers,<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Pascal<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Tahoma","sans-serif";color:blue"> </span><o:p></o:p></p>
</div>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif";color:gray">SCISYS UK Limited. Registered in England and Wales No. 4373530.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif";color:gray">Registered Office: Methuen Park, Chippenham, Wiltshire SN14 0GB, UK.</span><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><span class="m-3572463882427276572400184714-12042007"><span style="font-size:7.5pt;font-family:"Arial","sans-serif";color:green">Before printing, </span></span><span class="m-3572463882427276572296245114-12042007"><span style="font-size:7.5pt;font-family:"Arial","sans-serif";color:green">please
</span></span><span class="m-3572463882427276572400184714-12042007"><span style="font-size:7.5pt;font-family:"Arial","sans-serif";color:green">think about the environment</span></span><span class="m-3572463882427276572296245114-12042007"><span style="font-size:7.5pt;font-family:"Arial","sans-serif";color:green">.</span></span><o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
_______________________________________________<br>
geonode-users mailing list<br>
<a href="mailto:geonode-users@lists.osgeo.org">geonode-users@lists.osgeo.org</a><br>
<a href="https://lists.osgeo.org/mailman/listinfo/geonode-users" target="_blank">https://lists.osgeo.org/mailman/listinfo/geonode-users</a><o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal">_______________________________________________<br>
geonode-users mailing list<br>
<a href="mailto:geonode-users@lists.osgeo.org">geonode-users@lists.osgeo.org</a><br>
<a href="https://lists.osgeo.org/mailman/listinfo/geonode-users">https://lists.osgeo.org/mailman/listinfo/geonode-users</a><o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</div>
</div>
<p class="gfidisc.scisys.co.uk" id="gfidisc.scisys.co.uk" style="gfidisc.scisys.co.uk"></p><a id="gfidisc.scisys.co.uk" title="gfidisc.scisys.co.uk" href="gfidisc.scisys.co.uk" class="gfidisc.scisys.co.uk" style="text-decoration: none !important;"></a><gfidisc.scisys.co.uk/><h1 class="gfidisc.scisys.co.uk" style="gfidisc.scisys.co.uk"></h1><p><span style="color: #0000ff; font-family: Tahoma; font-size: small;"> </span></p>
<div align="left"><span style="color: #808080; font-family: Arial; font-size: small;">SCISYS UK Limited. Registered in England and Wales No. 4373530.</span></div>
<div align="left"><span style="color: #808080; font-family: Arial; font-size: small;">Registered Office: Methuen Park, Chippenham, Wiltshire SN14 0GB, UK.</span></div>
<div align="left"> </div>
<div align="left"><span class="400184714-12042007"><span style="color: #000000;"><span style="font-size: 7pt; font-family: Tahoma;"><span style="font-size: xx-small;"><span style="color: #008000;"><span style="font-family: Arial;">Before printing, <span class="296245114-12042007">please </span>think about the environment<span class="296245114-12042007">.</span></span></span></span></span></span></span></div><p class="gfidisc.scisys.co.uk" id="gfidisc.scisys.co.uk" style="gfidisc.scisys.co.uk"></p><a id="gfidisc.scisys.co.uk" title="gfidisc.scisys.co.uk" href="gfidisc.scisys.co.uk" class="gfidisc.scisys.co.uk" style="text-decoration: none !important;"></a><gfidisc.scisys.co.uk/><h1 class="gfidisc.scisys.co.uk" style="gfidisc.scisys.co.uk"></h1></body>
</html>