The issue I am solving currently is authenticating from Leaflet to GeoServer. There is this post <https://stackoverflow.com/questions/44640905/how-make-geoserver-and-leaflet-secure-in-a-web-applciation> and I'm pretty sure that is what I need to do but I don't completely understand it. It doesn't really have much detail. I am not completely sure what the difference is between these two things from this documentation <https://docs.geoserver.org/latest/en/user/security/tutorials/index.html>:
- Configuring HTTP Header Proxy Authentication - Configuring Apache HTTPD Session Integration My architecture is that leaflet is hosted in apache httpd and we are using apache session variables to authenticate users into the site. GeoServer is hosted on a different virtual machine. This user session variable is saved as a cookie and can be retrieved from the system. We are passing the session variables to PostgreSQL through PHP to establish a POD connection such as: # ------------------- # CREATE POD # ------------------- $host = 'geoserver.myHost.com'; $port= '5432'; $db = 'myDB'; parse_str($_SERVER['HTTP_SESSION'], $SESSION); $user = $SESSION['LDAP_secured-user']; $pass = $SESSION['LDAP_secured-pw']; $dsn = "pgsql:host=$host;dbname=$db;port=$port"; $options = [ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, ]; try { $pdo = new PDO($dsn, $user, $pass, $options); } catch (\PDOException $e) { throw new \PDOException($e->getMessage(), (int)$e->getCode()); } For the WMS we are using the leaflet.wms.js plugin. So my goal is to somehow authenticate the user to GeoServer using the apache session variable from the web server. As far as I understand this can happen in two different ways: 1. The user credentials can be passed with the URL 2. The user can be authenticated to GeoServer on the back end. This is the PREFERED method as: 1. It is more secure as user credentials are not being passed in the URL 2. User can be authenticated once per session instead of with each request 3. Since the specific user is authenticated. GeoServer data security rules apply. IF it is actually not possible to authenticate the specific user but the authentication hapens server to server then we could manage this through a secondary permissions table which specifies the user role. Thanks much, Vera
_______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users