Главная Обзор Помощь
Регистрация Вход
siwei
/
web-server
1
0
Ответвить 0
Файлы Задачи 0 Запросы на слияние 0 Вики
Ветка: master
Ветки Метки
web-server
/
doc
/
en
/
user
/
source
/
community
/
web-service-auth
/
configuration.rst

configuration.rst 2.8 KB
Постоянная ссылка История Исходник

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849 
  1. .. _webserviceauth_configuration:
    2. 

  2. 

  3. HTTP Based Authorization configuration
    4. 

  4. ======================================
    5. 

  5. 

  6. The ``HTTP Based Authorization plug-in`` will try to authenticate the user on an configured external authentication service.
    7. 

  7. The username and the password will be sent to the service in one of the following ways:
    8. 

  8. 

  9. * In a Header named ``X-HTTP-AUTHORIZATION``.
    10. 

  10. * As a query parameters or as request path. For this use case the url needs to be configured by inseritng two placeholder, namely ``{user}`` and ``{password}`` , where the username and password are expected to be provided eg. ``https://my-auth-service?username={username}&password={password}``.
    11. 

  11. 

  12. The Authentication Provider will perform a ``GET`` request, sending credential Base64 encoded. If the response status returned by the external service is different from ``200`` the user will not be authenticated.
    13. 

  13. 

  14. In case the external authentication service is returning the authenticated user's roles in the response body, it is possible to define a regular expression to extract them, allowing  for their usage for authorization. There is no limitation to a specific content type.
    15. 

  15. 

  16. 

  17. Once the plug-in is installed, it can be configured by:
    18. 

  18. 

  19. * Opening the *Authentication* option in the *Security* menu
    20. 

  20. * Choosing *Authentication provider* and then *add new*. 
    21. 

  21. * Choose the ``Web Service Authentication`` option
    22. 

  22. 

  23. .. figure:: images/newProvider.png
    24. 

  24. 

  25. 

  26. Clicking on ``Web Service Authentication`` offers the possibility to enter the provider settings.
    27. 

  27. 

  28. .. figure:: images/httpProviderConf.png
    29. 

  29. 

  30. Where:
    31. 

  31. 

  32. * ``Service URL`` is the URL of the external service meant to be used for authentication.
    33. 

  33. 

  34. * ``Timeout`` is the connection timeout.
    35. 

  35. 

  36. * ``Read Timeout`` is the timeout on waiting to read response data.
    37. 

  37. 

  38. * The ``Send credentials in X-HTTP-AUTHORIZATION Header`` checkbox is meant to be flagged if credentials have to be sent through the authorization header. If unchecked (default) GeoServer expects to find placeholders for username and password as ``{user}`` and ``{password}`` in the provided URL instead.
    39. 

  39. 

  40. * The ``Allow HTTP connection`` checkbox if flagged will allow authentication request to be performed toward an external service that uses ``HTTP`` protocol. By default only ``HTTPS`` is allowed.
    41. 

  41. 

  42. * In the ``Authorization`` section the radio button allows to define whether to use a GeoServer ``RoleService`` to read roles or if roles are meant to be returned by the external authentication service.
    43. 

  43. 

  44. * In case ``Read Roles from Web Response`` is chosen, a regular expression to extract the roles from the authentication service response needs to be provided.
    45. 

  45. 

  46. Once the settings are saved the new ``AuthenticationProvider`` is added to the list and needs to be added into the list of the providers' chain
    47. 

  47. 

  48. .. figure:: images/providersList.png
    49. 

  49.