<div dir="ltr"><div><div><div><div>Hello all, <br><br></div>I wonder if anyone could share any advise on some more authentication situations:<br><br></div>1) we enabled basic authentication for our Mapproxy service and it works great on desktop/server applications. It works as supposed in browsers too, but it would be great to avoid the standard browser prompt and do authentication in the code. Does anyone have successful example or a good reference? <br>We tried sending XMLHTTPRequest with Authorization header before requesting services, but run into two issues: it appears that due to CORS requirements we can only allow one origin in Apache config, which is not acceptable; and also after one successful XMLHTTPRequest Authorization header was not saved by browser and prompt appeared anyway when services were requested later.<br><br></div>2) what type of authentication should be used for better usability of browser requests? Is there a method that would work well both in desktop and browser clients? If anyone could share any experience or sources, we will greatly appreciate!<br><br></div>Thank you!<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Mar 13, 2014 at 1:44 PM, Pestereva, Anna <span dir="ltr"><<a href="mailto:apestereva@aerialservicesinc.com" target="_blank">apestereva@aerialservicesinc.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><span>Thank you, Matt,<br><br>originally I also thought that was the issue, but the 'REMOTE_USER' variable was requested and caused errors even before this condition, so it is unrelated.<br><br>
With the help of Oliver Tonnhofer we figured that the issue was in apache config, where only /demo and /service locations were specified. Specifying general <Location /> made 'REMOTE_USER' available for all services.<br>
<br></span></div><div><span>Now off to fine tuning my authorization code.<br></span></div><div><span>Thanks again!<span class="HOEnZb"><font color="#888888"><br></font></span></span></div><span class="HOEnZb"><font color="#888888"><span>Anna<br></span></font></span></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Mar 13, 2014 at 6:03 AM, Matt Walker <span dir="ltr"><<a href="mailto:walkermatt@longwayaround.org.uk" target="_blank">walkermatt@longwayaround.org.uk</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir="ltr">Hi Anna,</p>
<p dir="ltr">I've not used OpenLDAP so I'm not in a position to comment no your first question but I have done some work with the various callbacks. If you are reporting that your auth callback is based on the example and that only requests with a service type of wms are authorised it sounds as though you may simply need to update the sample code to include support for tms etc. There is an explicit condition in the sample that will mean that only wms requests are authorised:</p>


<p dir="ltr">if service.startswith('wms.'):</p>
<p dir="ltr">Hope that helps,</p>
<p dir="ltr">Matt.</p>
<div class="gmail_quote"><div><div>On 12 Mar 2014 22:36, "Pestereva, Anna" <<a href="mailto:apestereva@aerialservicesinc.com" target="_blank">apestereva@aerialservicesinc.com</a>> wrote:<br type="attribution">
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div>
<div dir="ltr"><div>
Hello everybody,<br><br> I have two questions regarding authentication and authorization for Mapproxy.<br>
<div><br></div><div>We tried enabling basic authentication via 
OpenLDAP on the directory with Mapproxy configuration files.
 Without adding any authorization logic it works great for WMS, WMTS and TMS services and capabilities, but for several demo links (e.g. html viewers for WMS, WMS-C and TMS layer capabilities) we still 
see 401 errors in error logs.<br>
<br></div><div><b>Q1: 
 is basic authentication on WSGI application configuration folder not sufficient as approach, or are we just missing something in configuration? 
Could you please point us in a right direction, if this at all is meant to work?<br><br></b>
</div><br clear="all">
<div></div><div>On authorization side, I attempted a simple version very similar to the <a href="http://mapproxy.org/docs/latest/auth.html#authorization-callback" target="_blank">sample code on Mapproxy documentation</a>, just using environ['REMOTE_USER'] when comparing to the 
layers prefixes. This works great for WMS service, but for WMTS and TMS 
services (and a few demo links) we see errors in error logs related to reading the "remote_user" variable in
 authorization code: KeyError: 'REMOTE_USER'. <br><br><b>Q2: how to make sure that "remote_user" variable is populated and available when accessing all services, not just WMS? Should some other variable be used to catch authenticated user? - again, if it at all makes sense to use basic authentication for mapproxy.
</b></div><div></div><br></div>Thank you very much, I will really appreciate any help with any of the above questions!<br><div>-- <br><div dir="ltr"><b><span style="font-size:12pt;line-height:115%;font-family:Arial,sans-serif;color:rgb(0,40,168)">Anna Pestereva</span><span style="font-size:12pt;line-height:115%;font-family:Arial,sans-serif"> | <i><span>Application Developer & Cartographer</span></i></span></b><span style="line-height:115%;font-size:12pt;font-family:Arial,sans-serif"><br>






</span><b><span style="font-size:12pt;line-height:115%;font-family:Arial,sans-serif;color:gray">Aerial Services, Inc.
(ASI) </span></b><span style="font-size:12pt;line-height:115%;font-family:Arial,sans-serif;color:gray"><br>
</span><span style="font-size:10pt;line-height:115%;font-family:Arial,sans-serif;color:gray">Office:</span><span style="font-size:11pt;line-height:115%;font-family:Arial,sans-serif;color:gray"> <a value="+13192770436">(319) 277-0436</a> | </span><span style="font-size:10pt;line-height:115%;font-family:Arial,sans-serif;color:gray">Direct:</span><span style="font-size:11pt;line-height:115%;font-family:Arial,sans-serif;color:gray"> <a value="+13195530261">(319) 553-0261</a> | </span><span style="font-size:10pt;line-height:115%;font-family:Arial,sans-serif;color:gray">Mobile:</span><span style="font-size:11pt;line-height:115%;font-family:Arial,sans-serif;color:gray"> <a value="+13198306340">(319) 830-6340</a> | </span><span style="font-size:10pt;line-height:115%;font-family:Arial,sans-serif;color:gray">Fax:</span><span style="font-size:11pt;line-height:115%;font-family:Arial,sans-serif;color:gray"> <a value="+18668004799">(866) 800-4799</a></span><span style="line-height:115%;font-size:11pt;font-family:Arial,sans-serif"><br>






</span><span style="font-size:11pt;line-height:115%;font-family:Arial,sans-serif;color:gray">6315 Chancellor Drive
| Cedar Falls, Iowa 50613 </span><span style="line-height:115%;font-size:11pt;font-family:Arial,sans-serif"><br>
</span><span style="font-size:11pt;line-height:115%;font-family:Calibri,sans-serif"><a href="mailto:apestereva@AerialServicesInc.com" target="_blank"><span style="font-size:10pt;line-height:115%;font-family:Arial,sans-serif">APestereva@AerialServicesInc.com</span></a></span><span style="line-height:115%;font-size:10pt;font-family:Arial,sans-serif"> | </span><span style="font-size:11pt;line-height:115%;font-family:Calibri,sans-serif"><a href="http://www.linkedin.com/in/annapestereva" target="_blank"><span style="font-size:10pt;line-height:115%;font-family:Arial,sans-serif">LinkedIn</span></a></span><span style="line-height:115%;font-size:10pt;font-family:Arial,sans-serif"><br>






</span><span style="font-size:11pt;line-height:115%;font-family:Calibri,sans-serif"><a href="http://www.aerialservicesinc.com/" target="_blank"><b><span style="line-height:115%;font-family:Arial,sans-serif">www.AerialServicesInc.com</span></b></a></span><b><u><span style="font-size:11pt;line-height:115%;font-family:Arial,sans-serif;color:blue"> </span></u></b><span><span style="font-size:10pt;line-height:115%;font-family:Arial,sans-serif;color:gray">| </span></span><span style="font-size:11pt;line-height:115%;font-family:Calibri,sans-serif"><a href="http://aerialservicesinc.com/photoblogmetry/" target="_blank"><span style="font-size:10pt;line-height:115%;font-family:Arial,sans-serif">Photo{blog}metry</span></a></span><span><u><a href="http://www.aerialservicesinc.com/" target="_blank"></a></u></span></div>




</div></div>
<br></div></div>_______________________________________________<br>
MapProxy mailing list<br>
<a href="mailto:MapProxy@lists.osgeo.org" target="_blank">MapProxy@lists.osgeo.org</a><br>
<a href="http://lists.osgeo.org/mailman/listinfo/mapproxy" target="_blank">http://lists.osgeo.org/mailman/listinfo/mapproxy</a><br></blockquote></div>
</blockquote></div><br><br clear="all"><br>-- <br><div dir="ltr"><b><span style="font-size:12pt;line-height:115%;font-family:Arial,sans-serif;color:rgb(0,40,168)">Anna Pestereva</span><span style="font-size:12pt;line-height:115%;font-family:Arial,sans-serif"> | <i><span>Application Developer & Cartographer</span></i></span></b><span style="line-height:115%;font-size:12pt;font-family:Arial,sans-serif"><br>



</span><b><span style="font-size:12pt;line-height:115%;font-family:Arial,sans-serif;color:gray">Aerial Services, Inc.
(ASI) </span></b><span style="font-size:12pt;line-height:115%;font-family:Arial,sans-serif;color:gray"><br>
</span><span style="font-size:10pt;line-height:115%;font-family:Arial,sans-serif;color:gray">Office:</span><span style="font-size:11pt;line-height:115%;font-family:Arial,sans-serif;color:gray"> <a value="+13192770436">(319) 277-0436</a> | </span><span style="font-size:10pt;line-height:115%;font-family:Arial,sans-serif;color:gray">Direct:</span><span style="font-size:11pt;line-height:115%;font-family:Arial,sans-serif;color:gray"> <a value="+13195530261">(319) 553-0261</a> | </span><span style="font-size:10pt;line-height:115%;font-family:Arial,sans-serif;color:gray">Mobile:</span><span style="font-size:11pt;line-height:115%;font-family:Arial,sans-serif;color:gray"> <a value="+13198306340">(319) 830-6340</a> | </span><span style="font-size:10pt;line-height:115%;font-family:Arial,sans-serif;color:gray">Fax:</span><span style="font-size:11pt;line-height:115%;font-family:Arial,sans-serif;color:gray"> <a value="+18668004799">(866) 800-4799</a></span><span style="line-height:115%;font-size:11pt;font-family:Arial,sans-serif"><br>



</span><span style="font-size:11pt;line-height:115%;font-family:Arial,sans-serif;color:gray">6315 Chancellor Drive
| Cedar Falls, Iowa 50613 </span><span style="line-height:115%;font-size:11pt;font-family:Arial,sans-serif"><br>
</span><span style="font-size:11pt;line-height:115%;font-family:Calibri,sans-serif"><a href="mailto:apestereva@AerialServicesInc.com" target="_blank"><span style="font-size:10pt;line-height:115%;font-family:Arial,sans-serif">APestereva@AerialServicesInc.com</span></a></span><span style="line-height:115%;font-size:10pt;font-family:Arial,sans-serif"> | </span><span style="font-size:11pt;line-height:115%;font-family:Calibri,sans-serif"><a href="http://www.linkedin.com/in/annapestereva" target="_blank"><span style="font-size:10pt;line-height:115%;font-family:Arial,sans-serif">LinkedIn</span></a></span><span style="line-height:115%;font-size:10pt;font-family:Arial,sans-serif"><br>



</span><span style="font-size:11pt;line-height:115%;font-family:Calibri,sans-serif"><a href="http://www.aerialservicesinc.com/" target="_blank"><b><span style="line-height:115%;font-family:Arial,sans-serif">www.AerialServicesInc.com</span></b></a></span><b><u><span style="font-size:11pt;line-height:115%;font-family:Arial,sans-serif;color:blue"> </span></u></b><span><span style="font-size:10pt;line-height:115%;font-family:Arial,sans-serif;color:gray">| </span></span><span style="font-size:11pt;line-height:115%;font-family:Calibri,sans-serif"><a href="http://aerialservicesinc.com/photoblogmetry/" target="_blank"><span style="font-size:10pt;line-height:115%;font-family:Arial,sans-serif">Photo{blog}metry</span></a></span><span><u><a href="http://www.aerialservicesinc.com/" target="_blank"></a></u></span></div>

</div>
</div></div></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr"><b><span style="font-size:12pt;line-height:115%;font-family:Arial,sans-serif;color:rgb(0,40,168)">Anna Pestereva</span><span style="font-size:12pt;line-height:115%;font-family:Arial,sans-serif"> | <i><span>Application Developer & Cartographer</span></i></span></b><span style="line-height:115%;font-size:12pt;font-family:Arial,sans-serif"><br>


</span><b><span style="font-size:12pt;line-height:115%;font-family:Arial,sans-serif;color:gray">Aerial Services, Inc.
(ASI) </span></b><span style="font-size:12pt;line-height:115%;font-family:Arial,sans-serif;color:gray"><br>
</span><span style="font-size:10pt;line-height:115%;font-family:Arial,sans-serif;color:gray">Office:</span><span style="font-size:11pt;line-height:115%;font-family:Arial,sans-serif;color:gray"> <a value="+13192770436">(319) 277-0436</a> | </span><span style="font-size:10pt;line-height:115%;font-family:Arial,sans-serif;color:gray">Direct:</span><span style="font-size:11pt;line-height:115%;font-family:Arial,sans-serif;color:gray"> <a value="+13195530261">(319) 553-0261</a> | </span><span style="font-size:10pt;line-height:115%;font-family:Arial,sans-serif;color:gray">Mobile:</span><span style="font-size:11pt;line-height:115%;font-family:Arial,sans-serif;color:gray"> <a value="+13198306340">(319) 830-6340</a> | </span><span style="font-size:10pt;line-height:115%;font-family:Arial,sans-serif;color:gray">Fax:</span><span style="font-size:11pt;line-height:115%;font-family:Arial,sans-serif;color:gray"> <a value="+18668004799">(866) 800-4799</a></span><span style="line-height:115%;font-size:11pt;font-family:Arial,sans-serif"><br>


</span><span style="font-size:11pt;line-height:115%;font-family:Arial,sans-serif;color:gray">6315 Chancellor Drive
| Cedar Falls, Iowa 50613 </span><span style="line-height:115%;font-size:11pt;font-family:Arial,sans-serif"><br>
</span><span style="font-size:11pt;line-height:115%;font-family:Calibri,sans-serif"><a href="mailto:apestereva@AerialServicesInc.com" target="_blank"><span style="font-size:10pt;line-height:115%;font-family:Arial,sans-serif">APestereva@AerialServicesInc.com</span></a></span><span style="line-height:115%;font-size:10pt;font-family:Arial,sans-serif"> | </span><span style="font-size:11pt;line-height:115%;font-family:Calibri,sans-serif"><a href="http://www.linkedin.com/in/annapestereva" target="_blank"><span style="font-size:10pt;line-height:115%;font-family:Arial,sans-serif">LinkedIn</span></a></span><span style="line-height:115%;font-size:10pt;font-family:Arial,sans-serif"><br>


</span><span style="font-size:11pt;line-height:115%;font-family:Calibri,sans-serif"><a href="http://www.aerialservicesinc.com/" target="_blank"><b><span style="line-height:115%;font-family:Arial,sans-serif">www.AerialServicesInc.com</span></b></a></span><b><u><span style="font-size:11pt;line-height:115%;font-family:Arial,sans-serif;color:blue"> </span></u></b><span><span style="font-size:10pt;line-height:115%;font-family:Arial,sans-serif;color:gray">| </span></span><span style="font-size:11pt;line-height:115%;font-family:Calibri,sans-serif"><a href="http://aerialservicesinc.com/photoblogmetry/" target="_blank"><span style="font-size:10pt;line-height:115%;font-family:Arial,sans-serif">Photo{blog}metry</span></a></span><span><u><a href="http://www.aerialservicesinc.com/" target="_blank"></a></u></span></div></div>
</div>