[GeoNode-users] Geonode 2.6c1, admin user is not automatically logged into geoserver

Alessio Fabiani alessio.fabiani at geo-solutions.it
Tue Apr 18 01:33:14 PDT 2017


Hello Eric,

the REST endpoints should be protected by default and accessible only
through internal GeoServer admin user (which is different from GeoNode one;
you can find it's credentials inside the "local_settings.py")

e.g. using CURL you would need to query the REST endpoints as curl -u
admin:***** ...

The other errors are quite strange and currently I cannot say the cause
without further details.

If you started from an old GeoServer DATA DIR (2.7 maybe) you might need to
do some changes manually in order to fix some issues with the
Authentication Providers.

Please, read carefully this guide

http://docs.geonode.org/en/latest/tutorials/admin/geoserver_geonode_security/index.html

which explains in details how GeoNode and GeoServer security interacts and
how should be correctly configured.

Let me know if you still have issues and, in that case, let's try to
throubleshoot them somehow.






Best Regards,
Alessio Fabiani.

==
GeoServer Professional Services from the experts!
Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani
@alfa7691
github <https://github.com/afabiani?tab=overview>
Founder/Technical Lead

GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: +39 0584 962313
fax:     +39 0584 1660272
mob:   +39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

*AVVERTENZE AI SENSI DEL D.Lgs. 196/2003*

Le informazioni contenute in questo messaggio di posta elettronica e/o
nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
loro utilizzo è consentito esclusivamente al destinatario del messaggio,
per le finalità indicate nel messaggio stesso. Qualora riceviate questo
messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
darcene notizia via e-mail e di procedere alla distruzione del messaggio
stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
utilizzarlo per finalità diverse, costituisce comportamento contrario ai
principi dettati dal D.Lgs. 196/2003.



The information in this message and/or attachments, is intended solely for
the attention and use of the named addressee(s) and may be confidential or
proprietary in nature or covered by the provisions of privacy act
(Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
Code).Any use not in accord with its purpose, any disclosure, reproduction,
copying, distribution, or either dissemination, either whole or partial, is
strictly forbidden except previous formal approval of the named
addressee(s). If you are not the intended recipient, please contact
immediately the sender by telephone, fax or e-mail and delete the
information in this message that has been received in error. The sender
does not give any warranty or accept liability as the content, accuracy or
completeness of sent messages and accepts no responsibility  for changes
made after they were sent or for other risks which arise as a result of
e-mail transmission, viruses, etc.

---------------------------------------------------------------------

On Fri, Apr 14, 2017 at 9:13 PM, Eric Goddard <egoddard1010 at gmail.com>
wrote:

> Thanks Alessio, using the geonode button does work now. I missed that
> addition and was expecting it to work the same as in 2.4.
>
> I can authenticate with Geoserver now, however when trying to upload a
> layer through geonode it throws an error:
>
> (actual url replaced since it isn't ready yet)
>
> Tried to make a GET request to
> https://geonode.example.com/geoserver/rest/workspaces/default.xml but
> got a 404 status code:
>
> trying to access the rest endpoints directly gives an error message,
> both over http and https so I don't think it is from the nginx/lets
> encrypt config. However, When I'm in the geoserver admin,
> clicking on any of the sidebar links such as Geoserver logs adds an
> extra https// in the link: Even though hovering over the link displays
> the correct link in the browser status bar, when you click on it I get
> https://https//geonode.example.com/geoserver/web/wicket/bookmarkable/org.
> geoserver.web.admin.StatusPage?8
>
> Thanks again,
> Eric
>
> On Fri, Apr 14, 2017 at 4:01 AM, Alessio Fabiani
> <alessio.fabiani at geo-solutions.it> wrote:
> > It is normal.
> >
> > If you are using OAtuh2, the GeoServer Admin GUI won't be automatically
> > logged. You need to authenticate through geonode icon or geoserver
> > credentials.
> >
> > This is different for access to the layers. GeoNode generates an
> > authentication token which is used to keep authentication.
> >
> > Alternatively you can get this token from session and use it to be
> > automatically authetnicated on GeoServer Admin GUI too.
> >
> >
> > Best Regards,
> > Alessio Fabiani.
> >
> > ==
> > GeoServer Professional Services from the experts!
> > Visit http://goo.gl/it488V for more information.
> > ==
> >
> > Ing. Alessio Fabiani
> > @alfa7691
> > github
> > Founder/Technical Lead
> >
> > GeoSolutions S.A.S.
> > Via di Montramito 3/A
> > 55054  Massarosa (LU)
> > Italy
> > phone: +39 0584 962313
> > fax:     +39 0584 1660272
> > mob:   +39 331 6233686
> >
> > http://www.geo-solutions.it
> > http://twitter.com/geosolutions_it
> >
> > -------------------------------------------------------
> >
> > AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
> >
> > Le informazioni contenute in questo messaggio di posta elettronica e/o
> nel/i
> > file/s allegato/i sono da considerarsi strettamente riservate. Il loro
> > utilizzo è consentito esclusivamente al destinatario del messaggio, per
> le
> > finalità indicate nel messaggio stesso. Qualora riceviate questo
> messaggio
> > senza esserne il destinatario, Vi preghiamo cortesemente di darcene
> notizia
> > via e-mail e di procedere alla distruzione del messaggio stesso,
> > cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
> divulgarlo
> > anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo
> per
> > finalità diverse, costituisce comportamento contrario ai principi dettati
> > dal D.Lgs. 196/2003.
> >
> >
> >
> > The information in this message and/or attachments, is intended solely
> for
> > the attention and use of the named addressee(s) and may be confidential
> or
> > proprietary in nature or covered by the provisions of privacy act
> > (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
> > Code).Any use not in accord with its purpose, any disclosure,
> reproduction,
> > copying, distribution, or either dissemination, either whole or partial,
> is
> > strictly forbidden except previous formal approval of the named
> > addressee(s). If you are not the intended recipient, please contact
> > immediately the sender by telephone, fax or e-mail and delete the
> > information in this message that has been received in error. The sender
> does
> > not give any warranty or accept liability as the content, accuracy or
> > completeness of sent messages and accepts no responsibility  for changes
> > made after they were sent or for other risks which arise as a result of
> > e-mail transmission, viruses, etc.
> >
> > ---------------------------------------------------------------------
> >
> >
> > On Thu, Apr 13, 2017 at 10:35 PM, Eric Goddard <egoddard1010 at gmail.com>
> > wrote:
> >>
> >> Hi all,
> >>
> >> I'm running Geonode 2.6c1 on Ubuntu 16.04 installed using Ansible
> >> (with geoserver-2.9.x-oauth2). My geonode instance is served over
> >> https with a LetsEncrypt certificate.
> >>
> >> After enabling ssl, I've gone through and changed the URLS for geonode
> >> and geoserver everywhere that I can think of so that it uses the https
> >> endpoint:
> >>
> >> /var/lib/tomcat8/webapps/geoserver/data/security/role/geonode REST
> >> role service/config.xml
> >>
> >> /var/lib/tomcat8/webapps/geoserver/data/security/auth/
> geonodeAuthProvider/config.xml
> >>
> >> /var/lib/tomcat8/webapps/geoserver/data/security/
> filter/geonode-oauth2/config.xml
> >> /var/lib/tomcat8/webapps/geoserver/data/global.xml
> >>
> >> GEOSERVER_LOCATION in local_settings.py has also been updated to the
> >> https endpoint.
> >>
> >> I also changed the redirect uris in the GeoServer application entry in
> >> the geonode admin panel under Django Oauth2 Toolkit > GeoServer to the
> >> https endpoint.
> >>
> >>
> >> The geoserver log after attempting to access geoserver from the logged
> >> in admin account:
> >>
> >> 2017-04-13 15:13:14,757 DEBUG
> >> [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] -
> >> Checking match of request : 'Path: /, QueryString: null'; against
> >> '/web/**'
> >> 2017-04-13 15:13:14,757 DEBUG
> >> [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] -
> >> Checking match of request : 'Path: /, QueryString: null'; against
> >> '/gwc/rest/web/**'
> >> 2017-04-13 15:13:14,757 DEBUG
> >> [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] -
> >> Checking match of request : 'Path: /, QueryString: null'; against '/'
> >> 2017-04-13 15:13:14,758 DEBUG
> >> [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] -
> >> Matched Path: /, QueryString: null with /
> >> 2017-04-13 15:13:14,758 DEBUG [org.geoserver.security] - Inspecting
> >> the http request looking for the GeoNode Session ID.
> >> 2017-04-13 15:13:14,758 DEBUG [org.geoserver.security] - Found 9
> cookies!
> >> 2017-04-13 15:13:14,759 DEBUG [org.geoserver.security] - Found GeoNode
> >> cookie: fgalnbhxuf3ynqazgs3bfm0uqqkk71l0
> >> 2017-04-13 15:13:14,761 DEBUG [org.geoserver.security] -
> >> preAuthenticatedPrincipal = null, trying to authenticate
> >> 2017-04-13 15:13:14,768 TRACE [org.geoserver.ows.OWSHandlerMapping] -
> >> No handler mapping found for [/]
> >> 2017-04-13 15:13:14,769 DEBUG
> >>
> >> [org.geoserver.security.filter.GeoServerSecurityContextPersis
> tenceFilter$1]
> >> - SecurityContextHolder now cleared, as request processing completed
> >> 2017-04-13 15:13:14,944 DEBUG
> >> [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] -
> >> Checking match of request : 'Path: /web/, QueryString: null'; against
> >> '/web/**'
> >> 2017-04-13 15:13:14,944 DEBUG
> >> [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] -
> >> Matched Path: /web/, QueryString: null with /web/**
> >> 2017-04-13 15:13:14,944 DEBUG [org.geoserver.security] - Inspecting
> >> the http request looking for the GeoNode Session ID.
> >> 2017-04-13 15:13:14,944 DEBUG [org.geoserver.security] - Found 9
> cookies!
> >> 2017-04-13 15:13:14,945 DEBUG [org.geoserver.security] - Found GeoNode
> >> cookie: fgalnbhxuf3ynqazgs3bfm0uqqkk71l0
> >> 2017-04-13 15:13:14,946 DEBUG [org.geoserver.security] -
> >> preAuthenticatedPrincipal = null, trying to authenticate
> >> 2017-04-13 15:13:14,953 TRACE [org.geoserver.ows.OWSHandlerMapping] -
> >> No handler mapping found for [/web/]
> >> 2017-04-13 15:13:15,021 DEBUG [org.geoserver.filters] - Compressing
> >> output for mimetype: text/html;charset=UTF-8
> >> 2017-04-13 15:13:15,028 DEBUG
> >>
> >> [org.geoserver.security.filter.GeoServerSecurityContextPersis
> tenceFilter$1]
> >> - SecurityContextHolder now cleared, as request processing completed
> >>
> >>
> >> I'm not really sure where go from here with troubleshooting, so any
> >> help is greatly appreciated. I've tried to include everything that
> >> that would be relevant to this issue, but if there is some other
> >> information that's needed please let me know.
> >>
> >> Thanks!
> >>
> >> Eric
> >> _______________________________________________
> >> geonode-users mailing list
> >> geonode-users at lists.osgeo.org
> >> https://lists.osgeo.org/mailman/listinfo/geonode-users
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20170418/362b904e/attachment-0001.html>


More information about the geonode-users mailing list