As far as I see, you want to implement a proxy authentication. My idea is to redesign the geoserver security subsystem to make your job easier. A use case with my proposed components could be
1) Proxy identifying module (using a SAML ticket for example) 2) Fetch roles from LDAP using the SAML token 3) Geoserver ensures access control (using XAMCL as an example) There are a lot more possibilities, of course. If I start with a proposal, I can give you a ping. Christian Quoting "F. Phung" <[email protected]>: > <christian.mueller <at> nvoe.at> writes: > >> >> AFAIK, not out of the box. >> >> The geoserver security subsystem is not as plugable as it should be. >> Basically you need 3 plugable components >> >> 1) Identifying module >> 2) Role authority calculating the roles for identified users/systems >> 3) Access control based on the roles. > > Hello > > One of the georchestra project goals (http://demo.georchestra.org/ - sorry, > french speaking for now) is to share a common authentication between > geoserver, > viewers and external apps. We use a CAS login service based on user > and groups > in a LDAP directory. This is mainly based on camptocamp work > ( http://geoserver.org/display/GEOSDOC/GeoServer+Security+with+CAS ). > > The use case is : > > * admins declare users and groups in the LDAP > * users do SSO in the any georchestra module (CAS) > * geoserver security is used to allow/deny layer r/w > * external apps like qgis also may perform a BASIC auth based on the same > accounts > > We are still in beta stages and we want to get all modules up and > running in a > production environment before any packaged release. Stay tuned if this of any > interest. > > > ------------------------------------------------------------------------------ > Sell apps to millions through the Intel(R) Atom(Tm) Developer Program > Be part of this innovative community and reach millions of netbook users > worldwide. Take advantage of special opportunities to increase revenue and > speed time-to-market. Join now, and jumpstart your future. > http://p.sf.net/sfu/intel-atom-d2d > _______________________________________________ > Geoserver-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/geoserver-users > ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. ------------------------------------------------------------------------------ Sell apps to millions through the Intel(R) Atom(Tm) Developer Program Be part of this innovative community and reach millions of netbook users worldwide. Take advantage of special opportunities to increase revenue and speed time-to-market. Join now, and jumpstart your future. http://p.sf.net/sfu/intel-atom-d2d _______________________________________________ Geoserver-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-users
