[GeoNode-devel] Working on GeoServer OAuth2 authentication

Jeffrey Johnson ortelius at gmail.com
Tue Aug 30 04:19:15 PDT 2016


Dropping the users list. Looks like you just cross posted to
geoserver-devel and I see the images there.

On Tue, Aug 30, 2016 at 4:18 AM, Francesco Bartoli <xbartolone at gmail.com>
wrote:

> same in my email client
>
> Il giorno 30/ago/2016, alle ore 13:14, Jeffrey Johnson <ortelius at gmail.com>
> ha scritto:
>
> Images didnt come through. Lets also just update the GNIP here?
> https://github.com/GeoNode/geonode/issues/2374
>
> On Tue, Aug 30, 2016 at 4:07 AM, Alessio Fabiani <alessio.fabiani at geo-
> solutions.it> wrote:
>
>> Dear all,
>> working on a refactoring of the GeoNode-GeoServer Auth subsystem, the
>> idea would be to use the OAuth2 Protocol to allow GeoServer grab the
>> Authorizations from GeoNode (or from a common OAuth2 Provider).
>>
>> The first step is to allow GeoServer to authenticate through the OAuth2
>> Protocol.
>>
>> I just finished (almost) a new GeoServer extension allowing users to do
>> that.
>>
>> Here [1] you can find a community module allowing GeoServer to
>> authenticate through the OAuth2 protocol.
>>
>> The basic "oauth2" module contains the general infrastructure.
>>
>> The "oauth2-google" module is an extension showing how is possible to use
>> Google OAuth2 Provider to authenticate and validate the "access_token".
>>
>> Moreover the Security Filter also "simulates" an SSO based on OAuth2 by
>> injecting a provided "access_token" (which is then validated against the
>> configured OAuth2 Provider) similar to the GeoServer "AuthKey" module.
>>
>> How the OAuth2 Filter works
>> =====================
>>
>> 1. The GeoServer GUI allows to configure the OAuth2 Service connection
>> parameters and select the GeoServer UserRoleService to use
>>
>>
>>>>
>> 2. The new filter may be added to the standard GeoServer Filter Chain
>>
>>
>>>> 3. If not authenticated, GeoServer redirects the user automatically to
>> the Google Login Page
>>
>>
>> ​4. The OAuth2 Protocol asks for Authorizations
>>
>>
>> ​5. Accepting the authorization, the user is redirected to the GeoServer
>> endpoint
>>
>>
>>>>
>> Best Regards,
>> Alessio Fabiani.
>>
>> [1] - https://github.com/geosolutions-it/geoserver/tree/oauth2-filter
>>
>> ==
>> GeoServer Professional Services from the experts!
>> Visit http://goo.gl/it488V for more information.
>> ==
>>
>> Ing. Alessio Fabiani
>> @alfa7691
>> Founder/Technical Lead
>>
>> GeoSolutions S.A.S.
>> Via di Montramito 3/A
>> 55054  Massarosa (LU)
>> Italy
>> phone: +39 0584 962313
>> fax:     +39 0584 1660272
>> mob:   +39 331 6233686
>>
>> http://www.geo-solutions.it
>> http://twitter.com/geosolutions_it
>>
>> -------------------------------------------------------
>>
>> *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003*
>>
>> Le informazioni contenute in questo messaggio di posta elettronica e/o
>> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
>> loro utilizzo è consentito esclusivamente al destinatario del messaggio,
>> per le finalità indicate nel messaggio stesso. Qualora riceviate questo
>> messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
>> darcene notizia via e-mail e di procedere alla distruzione del messaggio
>> stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
>> divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
>> utilizzarlo per finalità diverse, costituisce comportamento contrario ai
>> principi dettati dal D.Lgs. 196/2003.
>>
>>
>> The information in this message and/or attachments, is intended solely
>> for the attention and use of the named addressee(s) and may be confidential
>> or proprietary in nature or covered by the provisions of privacy act
>> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
>> Code).Any use not in accord with its purpose, any disclosure, reproduction,
>> copying, distribution, or either dissemination, either whole or partial, is
>> strictly forbidden except previous formal approval of the named
>> addressee(s). If you are not the intended recipient, please contact
>> immediately the sender by telephone, fax or e-mail and delete the
>> information in this message that has been received in error. The sender
>> does not give any warranty or accept liability as the content, accuracy or
>> completeness of sent messages and accepts no responsibility  for changes
>> made after they were sent or for other risks which arise as a result of
>> e-mail transmission, viruses, etc.
>>
>> ---------------------------------------------------------------------
>>
>> _______________________________________________
>> geonode-devel mailing list
>> geonode-devel at lists.osgeo.org
>> http://lists.osgeo.org/mailman/listinfo/geonode-devel
>>
>>
> _______________________________________________
> geonode-devel mailing list
> geonode-devel at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/geonode-devel
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-devel/attachments/20160830/c4d67f04/attachment.html>


More information about the geonode-devel mailing list