Ho!... I forgot to say that future removing of PyQGIS access to AuthManager api would be removed to have a better security model in QGIS. No one would be able to create a plugin to export qgis_auth.db stored credentials or certificates.
regards Luigi Pirelli ************************************************************************************************** * Boundless QGIS Support/Development: lpirelli AT boundlessgeo DOT com * LinkedIn: https://www.linkedin.com/in/luigipirelli * Stackexchange: http://gis.stackexchange.com/users/19667/luigi-pirelli * GitHub: https://github.com/luipir * Mastering QGIS: https://www.packtpub.com/application-development/mastering-qgis ************************************************************************************************** On 27 May 2016 at 17:28, Luigi Pirelli <lui...@gmail.com> wrote: > Hi Enzo > > AFAIK Shibboleth it's still not (still) supported by > AuthenticationManager, and Auth Manager have to be better integrated > in QgsConnectionManager class. > > thanks for the workaroud, but a good procedure would be: > > 1) Create a Shibboleth authentication plugin for Auth Manager (in a > while will be available the single sign-on OAuth authentication). > Larry Shaffer by Boundless just did a proof of concept during these > days in Girona Hackfest that can be used as development base. > > 2) Support the complete integration of the AuthManager in > QgsNetworkAccessManager that would become THE way to use any > connection. Future QGIS will have PyQGIS access to AuthManager almost > removed to leave the auth access only managed by NetworkManager. > This integration will request a refactory of OWS providers that > actually use directly AuthManager (and also PostGis provider) > > btw code snippets and use cases are always really useful :) > > I'm just investigating how to integrate AuthManager and NetworkManager > (Qt) with Windows key store (Credential Management). If you have > suggestions are really welcome :) > > regards > Luigi Pirelli > > ************************************************************************************************** > * Boundless QGIS Support/Development: lpirelli AT boundlessgeo DOT com > * LinkedIn: https://www.linkedin.com/in/luigipirelli > * Stackexchange: http://gis.stackexchange.com/users/19667/luigi-pirelli > * GitHub: https://github.com/luipir > * Mastering QGIS: > https://www.packtpub.com/application-development/mastering-qgis > ************************************************************************************************** > > > On 27 May 2016 at 13:24, enzogis <enzo.ciarm...@csi.it> wrote: >> Hi all, >> The main goal is to access to WMS/WFS exposed behind Shibboleth >> authentication page. >> I made many tests and partially I have success with a workaround: not sure >> but if I'm not wrong then I could signal a strange behaviour of wms provider >> with QgsNetworkAccessManager.instance() >> >> The problem is complex, I try to shortly explain: >> >> I need to load WMS/WFS layers that are exposed behind Shibboleth (SAML2) >> authentication page. >> From a web browser, the authentication system consists of these steps: >> - call the url >> http://example/wms?service=WMS&version=1.1.0&request=GetCapabilities >> - the system redirect to main authentication page https://secure/login.jsp >> with many options >> - the user indicates a valid PKCS#12 certificate >> - only after success it redirect to the first url and the user could see the >> wms response. >> >> In QGIS 2.14.3 I imported certificate but when I try to load that WMS layer, >> it shows an error: it expected wms capabilties response but it receive an >> html from main authentication page. >> >> Workaround: >> Thus, to achieve the goal, I replicated in Python the authentication process >> with a custom QWebView and extended QNetworkAccessManager with SSL support >> to use certificate. >> After succesfully access, the script dump cookies from the CookieJar and >> transfers them to QgsNetworkAccessManager.instance(). >> In that situation, the instance is authenticated and i can manually load >> layers and Shibboleth trusts cookies. >> >> That workaround works fine for WFS , but it fails for WMS. >> >> When i try to connect to WMS manually it have success and it shows a list of >> capabilities , but when i select a layer and i try to load it shows an >> error: in error logs there are html tags from the main authentication page. >> It seems that WMS provider uses QgsNetworkAccessManager.instance() only for >> get capabilities but not for loading each layer. >> >> Instead, the same solution works fine for WFS: from the dialog that show >> capabilities I can load a layer in QGIS and I assume that it uses >> authenticated QgsNetworkAccessManager.instance(). >> >> That different behaviour of wms and wfs providers is correct? >> It is a bug or I misunderstand something? >> >> Any suggestion would be greatly appreciated. >> If necessary for details I will attach code snippet. >> >> TIA >> -- >> Enzo Ciarmoli >> >> >> >> -- >> View this message in context: >> http://osgeo-org.1560.x6.nabble.com/PyQGIS-do-WMS-and-WFS-providers-use-QgsNetworkAccessManager-instance-tp5268513.html >> Sent from the Quantum GIS - Developer mailing list archive at Nabble.com. >> _______________________________________________ >> Qgis-developer mailing list >> Qgis-developer@lists.osgeo.org >> List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer >> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer _______________________________________________ Qgis-developer mailing list Qgis-developer@lists.osgeo.org List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer