[GeoNode-devel] geonode REST role service - Adminstrator role dropdown empty

Peter Marlow Peter.Marlow at scisys.co.uk
Wed Dec 20 05:42:57 PST 2017


The geoserver WAR is being retrieved from here: http://build.geonode.org/geoserver/latest/geoserver-2.12.x.war

I’ve found the geonode button in geoserver – when I select it I get a page saying authorise geoserver, when I click ‘Authorize’ I’m just taken back to the geoserver login page with a ‘code’ parameter passed in the URI, is that correct? Or should that have taken me to geonode? I’ve viewed the dropdown lists after using this authorize button but they are still empty.

I’ll try using GeoServer 2.9 as you suggest, thanks for your help so far Alessio.

Thanks,
Pete

From: Alessio Fabiani [mailto:alessio.fabiani at geo-solutions.it]
Sent: 20 December 2017 12:17
To: Peter Marlow
Cc: Alessio Fabiani; geonode-devel at lists.osgeo.org
Subject: Re: [GeoNode-devel] geonode REST role service - Adminstrator role dropdown empty

Mmm, yes the configuration looks ok.

The button appears if you logout from GeoServer (at least it should appear).

Sorry, don't remember if I already asked, where did you get the geoserver WAR and it's default DATA DIR?

However I never tested GeoServer 2.12.x with GeoNode 2.6.3.

Maybe you can try to go back to GeoServer 2.9 from here

http://build.geonode.org/geoserver/latest/





Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead

GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: +39 0584 962313
fax:     +39 0584 1660272
mob:   +39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

On Wed, Dec 20, 2017 at 1:02 PM, Peter Marlow <Peter.Marlow at scisys.co.uk<mailto:Peter.Marlow at scisys.co.uk>> wrote:
GeoServer is present at http://localhost:8080/geoserver but can also be accessed via http://localhost/geoserver

This my geonode config:
[cid:image001.png at 01D37997.9246EA60]


This is my geoserver config:
[cid:image002.png at 01D37997.9246EA60]

That all looks to be correct to me…?

I can’t see any button within GeoServer that logs me into GeoNode, whereabouts should I see this button?

Thanks,
Pete

From: Alessio Fabiani [mailto:alessio.fabiani at geo-solutionsit<mailto:alessio.fabiani at geo-solutions.it>]
Sent: 20 December 2017 11:37
To: Peter Marlow
Cc: Alessio Fabiani; geonode-devel at lists.osgeo.org<mailto:geonode-devel at lists.osgeo.org>
Subject: Re: [GeoNode-devel] geonode REST role service - Adminstrator role dropdown empty

Where GeoServer is exposed?

http://localhost/geoserver/ ? Or something else?

Make sure you have all the redirect uris configured on GeoNode Admin

[Inline image 1]

And also on GeoServer geonode-oauth2 plugin make sure all the addresses point to the goenode base (in your case should be http://localhost instead of http://localhost:8000) except for the redirect uri which must be the GeoServer endpoint.


However if you can login by clicking the geonode button on GeoServer GUI, the configuration is good.




Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead

GeoSolutions SA.S.

Via di Montramito 3/A<https://maps.google.com/?q=Via+di+Montramito+3/A+%0D+55054+%C2%A0Massarosa&entry=gmail&source=g>
55054  Massarosa<https://maps.google.com/?q=Via+di+Montramito+3/A+%0D+55054+%C2%A0Massarosa&entry=gmail&source=g> (LU)
Italy
phone: +39 0584 962313<tel:0584%20962313>
fax:     +39 0584 1660272<tel:0584%20166%200272>
mob:   +39 331 6233686<tel:331%20623%203686>

http://www.geo-solutions.it
http://twitter.com/geosolutions_it<http://twittercom/geosolutions_it>

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

On Wed, Dec 20, 2017 at 12:15 PM, Peter Marlow <Peter.Marlow at scisys.co.uk<mailto:Peter.Marlow at scisys.co.uk>> wrote:
I’ve restarted Apache and Tomcat.

I’ve taken a tcpdump to see the connections going from geoserver to geonode

10:55:53.913021 IP localhost.55298 > localhost.http: Flags [P.], seq 206:432, ack 361, win 350, options [nop,nop,TS val 10620058 ecr 10620058], length 226: HTTP: GET /account/login/?next=/api/roles HTTP/1.1
10:55:53.951452 IP localhost.http > localhost.55298: Flags [.], ack 432, win 359, options [nop,nop,TS val 10620068 ecr 10620058], length 0
10:55:54.004726 IP localhost.http > localhost.55298: Flags [P.], seq 361:5375, ack 432, win 359, options [nop,nop,TS val 10620081 ecr 10620058], length 5014: HTTP: HTTP/1.1 200 OK
10:55:54.004807 IP localhost.55298 > localhost.http: Flags [.], ack 5375, win 1373, options [nop,nop,TS val 10620081 ecr 10620081], length 0
10:55:54.007690 IP localhost.55298 > localhost.http: Flags [P.], seq 432:637, ack 5375, win 1373, options [nop,nop,TS val 10620082 ecr 10620081], length 205: HTTP: GET /api/roles HTTP/1.1
10:55:54.007699 IP localhost.http > localhost.55298: Flags [.], ack 637, win 367, options [nop,nop,TS val 10620082 ecr 10620082], length 0
10:55:54.012633 IP localhost.http > localhost.55298: Flags [P.], seq 5375:5734, ack 637, win 367, options [nop,nop,TS val 10620083 ecr 10620082], length 359: HTTP: HTTP/1.1 302 FOUND
10:55:54.013317 IP localhost.55298 > localhost.http: Flags [P.], seq 637:863, ack 5734, win 1452, options [nop,nop,TS val 10620083 ecr 10620083], length 226: HTTP: GET /account/login/?next=/api/roles HTTP/1.1

It looks like it is calling out to geonode ok but is being redirected to the login page…? Suggests the authentication between geoserver and geonode is incorrect.

I’ve setup the Client ID and Client Secret within GeoNode and GeoServer as described in the tutorial though - http://docs.geonode.org/en/master/tutorials/admin/geoserver_geonode_security/

Are there any other checks I can perform to determine whether geoserver is passing the correct security details to geonode?

Thanks,
Pete

From: Alessio Fabiani [mailto:alessio.fabiani at geo-solutionsit<mailto:alessio.fabiani at geo-solutions.it>]
Sent: 20 December 2017 10:37
To: Peter Marlow
Cc: Alessio Fabiani; geonode-devel at lists.osgeo.org<mailto:geonode-devel at lists.osgeo.org>
Subject: Re: [GeoNode-devel] geonode REST role service - Adminstrator role dropdown empty

Nope the geonode address is not a problem, you can use whatever is accessible.

Did you also restarted GeoServer / Tomcat ?


Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead

GeoSolutions S.A.S.
Via di Montramito 3/A<https://maps.google.com/?q=Via+di+Montramito+3/A+%0D+55054+%C2%A0Massarosa&entry=gmail&source=g>
55054  Massarosa<https://maps.google.com/?q=Via+di+Montramito+3/A+%0D+55054+%C2%A0Massarosa&entry=gmail&source=g> (LU)
Italy
phone: +39 0584 962313<tel:0584%20962313>
fax:     +39 0584 1660272<tel:0584%20166%200272>
mob:   +39 331 6233686<tel:331%20623%203686>

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

On Wed, Dec 20, 2017 at 11:32 AM, Peter Marlow <Peter.Marlow at scisys.co.uk<mailto:Peter.Marlow at scisys.co.uk>> wrote:
Hi Alessio,

Thanks for the reply!

It looks like the /api endpoint on my geonode is accessible at http://localhost/ and not at http://localhost:8000/. Is this a problem?

I’ve configured the base URL of the Role Service to be just http://localhost/ but I still don’t see the ROLE_ADMIN user in the dropdowns.

GeoNode has a superuser configured with the username ‘admin’, it doesn’t have any groups though, do I need to create a group?

If I open up port 8000 in my apache2 config how would I go about changing the GeoNode api to be on port 8000? (is that actually necessary?)

Thanks,
Pete

From: Alessio Fabiani [mailto:alessio.fabiani at geo-solutionsit<mailto:alessio.fabiani at geo-solutions.it>]
Sent: 20 December 2017 09:18
To: Peter Marlow
Cc: geonode-devel at lists.osgeo.org<mailto:geonode-devel at lists.osgeo.org>
Subject: Re: [GeoNode-devel] geonode REST role service - Adminstrator role dropdown empty

Hi,
the roles are taken from GeoNode.

You need to be sure that:

1. GeoServer can reach GeoNode
2. the base url of the role service is correctly pointing to GeoNode
3. GeoNode has either an admin user configured and groups

If still not working you can try to do some curl requests to GeoNode and see if it is correctly responding.

curl -X GET "http://localhost:8000/api/roles"




Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead

GeoSolutions S.A.S.
Via di Montramito 3/A<https://maps.google.com/?q=Via+di+Montramito+3/A+%0D+55054+%C2%A0Massarosa&entry=gmail&source=g>
55054  Massarosa<https://maps.google.com/?q=Via+di+Montramito+3/A+%0D+55054+%C2%A0Massarosa&entry=gmail&source=g> (LU)
Italy
phone: +39 0584 962313<tel:0584%20962313>
fax:     +39 0584 1660272<tel:0584%20166%200272>
mob:   +39 331 6233686<tel:331%20623%203686>

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

On Tue, Dec 19, 2017 at 6:14 PM, Peter Marlow <Peter.Marlow at scisys.co.uk<mailto:Peter.Marlow at scisys.co.uk>> wrote:
Hi all,

I’m configuring geonode/geoserver security using the tutorial here - http://docs.geonode.org/en/master/tutorials/admin/geoserver_geonode_security/

The problem I have is that when I create the ‘geonode REST role service’ both the ‘Administrator role’ and ‘Group administrator role’ dropdowns are empty – the tutorial suggests they should contain the value ROLE_ADMIN.

Any ideas where this ROLE_ADMIN should be configured in order to make it available in the dropdowns?

GEOSERVER VERSION – 2.12-SNAPSHOT
GEONODE VERSION – 2.6.3

Thanks,
Pete



SCISYS UK Limited. Registered in England and Wales No. 4373530.
Registered Office: Methuen Park, Chippenham, Wiltshire SN14 0GB, UK.

Before printing, please think about the environment.

_______________________________________________
geonode-devel mailing list
geonode-devel at lists.osgeo.org<mailto:geonode-devel at lists.osgeo.org>
https://lists.osgeo.org/mailman/listinfo/geonode-devel




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-devel/attachments/20171220/860546ef/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 20690 bytes
Desc: image001.png
URL: <http://lists.osgeo.org/pipermail/geonode-devel/attachments/20171220/860546ef/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 29479 bytes
Desc: image002.png
URL: <http://lists.osgeo.org/pipermail/geonode-devel/attachments/20171220/860546ef/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 18449 bytes
Desc: image003.png
URL: <http://lists.osgeo.org/pipermail/geonode-devel/attachments/20171220/860546ef/attachment-0005.png>


More information about the geonode-devel mailing list