Authentication

Ruben Pardo correosig at GMAIL.COM
Mon Jul 30 02:04:26 PDT 2007


Our problem is that we dinamically have to create user group authorization
with different layers, in that case we have to create a mapfile dinamically
with the layers and configure the control access (with apache
authorization?) of the user.
The proxy approach is one of the option that we are considering,
thanks.

2007/7/30, Rahkonen Jukka <Jukka.Rahkonen at mmmtike.fi>:
>
> Hi,
>
> Perhaps you could make a separate WMS-service for each user group you
> have?  With Mapserver it is easy because you only need to create a new
> mapfile and then control which mapfile the current user can access.  This
> should at least prevent fiddling with layer names.
>
> We are using proxy approach which creates a facede server on a local port
> after successful login and we are rather satisfied with that. System is self
> made but it is in principle close to OWS-proxy by deegree, of Web security
> service by 52nort.org.
>
> -Jukka Rahkonen-
>
>
> ________________________________
>
> Lähettäjä: UMN MapServer Users List puolesta: Ruben Pardo
> Lähetetty: ma 30.7.2007 10:59
> Vastaanottaja: MAPSERVER-USERS at LISTS.UMN.EDU
> Aihe: Re: [UMN_MAPSERVER-USERS] Authentication
>
>
> but if the request is generated in other layer, people can ask with a
> browser to the mapserver changing the name of the layer on the WMS,
> We have a WMS accesible with some layer to everybody and other to
> authenticate users.
> we are thinking on using a remoteWMS like deegree (with WASS) with
> mapserver, a single sign-on or something on apache (mod_auth or similiar).
> but we want to know how people use to implement this issue.
>
> Thanks.
>
>
> 2007/7/30, Gregor Mosheh <gregor at hostgis.com>:
>
>         Ruben Pardo wrote:
>         > We want to protect a number of layers to non-authenticate users.
>         > I want to ask how people use to protect layers served by
> mapserver? is
>         > there any mechanism inside mapserver for this?
>
>         There sure isn't. Authentication has to be done at some other
> layer,
>         typically the webserver layer. If Tomcat is generating the
> requests,
>         then that'd be the best place to do the authentication.
>
>         --
>         Gregor Mosheh / Greg Allensworth
>         System Administrator, HostGIS cartographic development & hosting
> services
>         http://www.HostGIS.com/
>
>         "Remember that no one cares if you can back up,
>           only if you can restore." - AMANDA
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/mapserver-users/attachments/20070730/e7b1a840/attachment.htm>


More information about the MapServer-users mailing list