Re: [Geoserver-users] Possible to obtain groups from HTTP Headers?

Wed, 24 Feb 2016 00:21:12 -0800 

Hi Martin,

2016-02-24 2:03 GMT+01:00 Martin Davis <[email protected]>:

> We are running GeoServer behind a HTTP security proxy which provides both
> user authentication and user group membership information (via HTTP
> Headers).
>
> Is it possible to somehow pass the user groups into GeoServer for use by
> Security subsystem, against a suitably configured Role Service?
>

What you can currently do is use the HTTP Header Authentication Filter to
extract both the username and a list of roles (not groups) from two
distinct HTTP headers.
To accomplish that you need to choose Request Header as the Role Source in
the filter configuration.

>From related help: If the *role source* is *Request header*, the name of
the HTTP header attribute has to be specified.The content of this attribute
are the roles of the principal. The default role delimiter is the semicolon
*;*.GeoServer accepts the sent roles without verification.

Since roles are used for authorization purposes, probably it's not an issue
mapping your groups to GeoServer roles.

If you need something more flexible, some customization of this filter is
needed.

Regards,
Mauro Bartolomeoli



>
> We are happy to write a custom filter to extract the HTTP headers - it's
> just not clear if there's a place to put the group information so that it
> can be utilized by the Security subsystem.
>
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
> _______________________________________________
> Geoserver-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>
>

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Reply via email to