[GeoNode-devel] Working on GeoServer OAuth2 authentication

Jeffrey Johnson ortelius at gmail.com
Tue Aug 30 04:14:13 PDT 2016 

Images didnt come through. Lets also just update the GNIP here?
https://github.com/GeoNode/geonode/issues/2374

On Tue, Aug 30, 2016 at 4:07 AM, Alessio Fabiani <
alessio.fabiani at geo-solutions.it> wrote:

> Dear all,
> working on a refactoring of the GeoNode-GeoServer Auth subsystem, the idea
> would be to use the OAuth2 Protocol to allow GeoServer grab the
> Authorizations from GeoNode (or from a common OAuth2 Provider).
>
> The first step is to allow GeoServer to authenticate through the OAuth2
> Protocol.
>
> I just finished (almost) a new GeoServer extension allowing users to do
> that.
>
> Here [1] you can find a community module allowing GeoServer to
> authenticate through the OAuth2 protocol.
>
> The basic "oauth2" module contains the general infrastructure.
>
> The "oauth2-google" module is an extension showing how is possible to use
> Google OAuth2 Provider to authenticate and validate the "access_token".
>
> Moreover the Security Filter also "simulates" an SSO based on OAuth2 by
> injecting a provided "access_token" (which is then validated against the
> configured OAuth2 Provider) similar to the GeoServer "AuthKey" module.
>
> How the OAuth2 Filter works
> =====================
>
> 1. The GeoServer GUI allows to configure the OAuth2 Service connection
> parameters and select the GeoServer UserRoleService to use
>
>
>>
> 2. The new filter may be added to the standard GeoServer Filter Chain
>
>
>> 3. If not authenticated, GeoServer redirects the user automatically to the
> Google Login Page
>
>
> ​4. The OAuth2 Protocol asks for Authorizations
>
>
> ​5. Accepting the authorization, the user is redirected to the GeoServer
> endpoint
>
>
>>
> Best Regards,
> Alessio Fabiani.
>
> [1] - https://github.com/geosolutions-it/geoserver/tree/oauth2-filter
>
> ==
> GeoServer Professional Services from the experts!
> Visit http://goo.gl/it488V for more information.
> ==
>
> Ing. Alessio Fabiani
> @alfa7691
> Founder/Technical Lead
>
> GeoSolutions S.A.S.
> Via di Montramito 3/A
> 55054  Massarosa (LU)
> Italy
> phone: +39 0584 962313
> fax:     +39 0584 1660272
> mob:   +39 331 6233686
>
> http://www.geo-solutions.it
> http://twitter.com/geosolutions_it
>
> -------------------------------------------------------
>
> *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003*
>
> Le informazioni contenute in questo messaggio di posta elettronica e/o
> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
> loro utilizzo è consentito esclusivamente al destinatario del messaggio,
> per le finalità indicate nel messaggio stesso. Qualora riceviate questo
> messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
> darcene notizia via e-mail e di procedere alla distruzione del messaggio
> stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
> divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
> utilizzarlo per finalità diverse, costituisce comportamento contrario ai
> principi dettati dal D.Lgs. 196/2003.
>
>
>
> The information in this message and/or attachments, is intended solely for
> the attention and use of the named addressee(s) and may be confidential or
> proprietary in nature or covered by the provisions of privacy act
> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
> Code).Any use not in accord with its purpose, any disclosure, reproduction,
> copying, distribution, or either dissemination, either whole or partial, is
> strictly forbidden except previous formal approval of the named
> addressee(s). If you are not the intended recipient, please contact
> immediately the sender by telephone, fax or e-mail and delete the
> information in this message that has been received in error. The sender
> does not give any warranty or accept liability as the content, accuracy or
> completeness of sent messages and accepts no responsibility  for changes
> made after they were sent or for other risks which arise as a result of
> e-mail transmission, viruses, etc.
>
> ---------------------------------------------------------------------
>
> _______________________________________________
> geonode-devel mailing list
> geonode-devel at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/geonode-devel
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-devel/attachments/20160830/4011e9b3/attachment.html>

More information about the geonode-devel mailing list