[MapProxy] mapproxy auth

Matt Walker walkermatt at longwayaround.org.uk
Thu Mar 13 04:03:27 PDT 2014


Hi Anna,

I've not used OpenLDAP so I'm not in a position to comment no your first
question but I have done some work with the various callbacks. If you are
reporting that your auth callback is based on the example and that only
requests with a service type of wms are authorised it sounds as though you
may simply need to update the sample code to include support for tms etc.
There is an explicit condition in the sample that will mean that only wms
requests are authorised:

if service.startswith('wms.'):

Hope that helps,

Matt.
On 12 Mar 2014 22:36, "Pestereva, Anna" <apestereva at aerialservicesinc.com>
wrote:

> Hello everybody,
>
> I have two questions regarding authentication and authorization for
> Mapproxy.
>
> We tried enabling basic authentication via OpenLDAP on the directory with
> Mapproxy configuration files. Without adding any authorization logic it
> works great for WMS, WMTS and TMS services and capabilities, but for
> several demo links (e.g. html viewers for WMS, WMS-C and TMS layer
> capabilities) we still see 401 errors in error logs.
>
>
>
> *Q1: is basic authentication on WSGI application configuration folder not
> sufficient as approach, or are we just missing something in configuration?
> Could you please point us in a right direction, if this at all is meant to
> work?*
>
> On authorization side, I attempted a simple version very similar to the sample
> code on Mapproxy documentation<http://mapproxy.org/docs/latest/auth.html#authorization-callback>,
> just using environ['REMOTE_USER'] when comparing to the layers prefixes.
> This works great for WMS service, but for WMTS and TMS services (and a few
> demo links) we see errors in error logs related to reading the
> "remote_user" variable in authorization code: KeyError: 'REMOTE_USER'.
>
> *Q2: how to make sure that "remote_user" variable is populated and
> available when accessing all services, not just WMS? Should some other
> variable be used to catch authenticated user? - again, if it at all makes
> sense to use basic authentication for mapproxy. *
>
> Thank you very much, I will really appreciate any help with any of the
> above questions!
> --
> *Anna Pestereva | Application Developer & Cartographer*
> *Aerial Services, Inc. (ASI) *
> Office: (319) 277-0436 | Direct: (319) 553-0261 | Mobile: (319) 830-6340|
> Fax: (866) 800-4799
> 6315 Chancellor Drive | Cedar Falls, Iowa 50613
> APestereva at AerialServicesInc.com <apestereva at AerialServicesInc.com> |
> LinkedIn <http://www.linkedin.com/in/annapestereva>
> *www.AerialServicesInc.com* <http://www.aerialservicesinc.com/> |
> Photo{blog}metry <http://aerialservicesinc.com/photoblogmetry/>*
> <http://www.aerialservicesinc.com/>*
>
> _______________________________________________
> MapProxy mailing list
> MapProxy at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapproxy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/mapproxy/attachments/20140313/071908f9/attachment.html>


More information about the MapProxy mailing list