I have only ever used public geoserver instances, but I have had to use leaflet to access a protected ArcGIS servers. The process there is: 1/ At start of session, backend authenticates against AGS and receives a token (session-limited credentials). 2/ the token is passed by Leaflet with every call to the AGS server. (just adding it to layer params when setting up the layer).
Do you control the geoserver server? The other thing I have had to deal with a hidden geoserver – the geoserver is setup as “public”, (no authentication required), but only accessible via an authenticating proxy. After examining a few options, I wrote the proxy myself as it fitted within larger service supporting the mapping application. From: Vera Green <vera.green...@gmail.com> Sent: Friday, 12 June 2020 03:40 To: GeoServer Mailing List List <geoserver-users@lists.sourceforge.net> Cc: John Poole <jdpo...@gmail.com>; Rob Jones <r...@lions.com> Subject: [Geoserver-users] Leaflet to GeoServer Authentication The issue I am solving currently is authenticating from Leaflet to GeoServer. There is this post<https://stackoverflow.com/questions/44640905/how-make-geoserver-and-leaflet-secure-in-a-web-applciation> and I'm pretty sure that is what I need to do but I don't completely understand it. It doesn't really have much detail. I am not completely sure what the difference is between these two things from this documentation<https://docs.geoserver.org/latest/en/user/security/tutorials/index.html>: * Configuring HTTP Header Proxy Authentication * Configuring Apache HTTPD Session Integration My architecture is that leaflet is hosted in apache httpd and we are using apache session variables to authenticate users into the site. GeoServer is hosted on a different virtual machine. This user session variable is saved as a cookie and can be retrieved from the system. We are passing the session variables to PostgreSQL through PHP to establish a POD connection such as: # ------------------- # CREATE POD # ------------------- $host = 'geoserver.myHost.com<http://geoserver.myHost.com>'; $port= '5432'; $db = 'myDB'; parse_str($_SERVER['HTTP_SESSION'], $SESSION); $user = $SESSION['LDAP_secured-user']; $pass = $SESSION['LDAP_secured-pw']; $dsn = "pgsql:host=$host;dbname=$db;port=$port"; $options = [ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, ]; try { $pdo = new PDO($dsn, $user, $pass, $options); } catch (\PDOException $e) { throw new \PDOException($e->getMessage(), (int)$e->getCode()); } For the WMS we are using the leaflet.wms.js<http://leaflet.wms.js> plugin. So my goal is to somehow authenticate the user to GeoServer using the apache session variable from the web server. As far as I understand this can happen in two different ways: 1. The user credentials can be passed with the URL 2. The user can be authenticated to GeoServer on the back end. This is the PREFERED method as: * It is more secure as user credentials are not being passed in the URL * User can be authenticated once per session instead of with each request * Since the specific user is authenticated. GeoServer data security rules apply. IF it is actually not possible to authenticate the specific user but the authentication hapens server to server then we could manage this through a secondary permissions table which specifies the user role. Thanks much, Vera Notice: This email and any attachments are confidential and may not be used, published or redistributed without the prior written consent of the Institute of Geological and Nuclear Sciences Limited (GNS Science). If received in error please destroy and immediately notify GNS Science. Do not copy or disclose the contents.
_______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users