from:"Nikola Jankovic"

Re: [Geoserver-users] Keycloak with geoserver 403 error

2019-10-18 Thread Nikola Jankovic

Hi Alessio,

Thanks for the reply.

You understood correctly. I followed the documentation fully but couldn't get 
the desired result, and after some tweaking & research I managed to achieve the 
full proper login.

I will make a PR with the updates.

Cheers,
Nikola

From: Alessio Fabiani 
Sent: 18 October 2019 14:51
To: Nikola Jankovic 
Cc: geoserver-users@lists.sourceforge.net 

Subject: Re: [Geoserver-users] Keycloak with geoserver 403 error

Hello Nikola,
sorry for the late reply and thanks for having dug into this issue.

So, as far as I understand, it is more matter of configuration right? And it 
looks like the documentation is incomplete or not clear enough, am I right?

Any chance for you to make a Pull Request on GeoServer with the updates to the 
docs so that we can review them?

If you confirm this, I will open a JIRA Issues which can be linked to the PR 
later on.

Please let me know,
Alessio.




Il giorno ven 18 ott 2019 alle ore 13:40 Nikola Jankovic 
mailto:nikola.janko...@eodc.eu>> ha scritto:
Hey all,

I have discovered what is the issue. Apparently the module doesn't recognize 
some of the token decryption algorithms, and I solved the issue by forcing 
RS256 on the client and including the realm-public-key for RS256 in the 
adapter config which is located in keycloak realm settings. This isn't 
mentioned in the documentation though. Any way to proceed with this?

Cheers,
Nikola
____
From: Nikola Jankovic mailto:nikola.janko...@eodc.eu>>
Sent: 16 October 2019 13:54
To: 
geoserver-users@lists.sourceforge.net<mailto:geoserver-users@lists.sourceforge.net>
 
mailto:geoserver-users@lists.sourceforge.net>>
Subject: [Geoserver-users] Keycloak with geoserver 403 error

Hello all,

I am trying to run keycloak & geoserver locally, but no matter what I try (also 
tried a bunch of other things besides using the guide here 
https://docs.geoserver.org/latest/en/user/community/keycloak/index.html) I 
always get 403 after logging in to geoserver from keycloak. A successful 
session & login are logged in keycloak, but I don't get access to the GUI 
which, at first, I am trying to protect. I know it is a community module and 
experimental, but has anyone had any success setting it up? Any help would be 
greatly appreciated. Not sure also whether this might be a bug.

Specs:
Geoserver 2.15.0 running in a docker Container
openjdk version "1.8.0_212"
OpenJDK Runtime Environment (build 1.8.0_212-8u212-b01-1~deb9u1-b01)
OpenJDK 64-Bit Server VM (build 25.212-b01, mixed mode)

I tried changing roles, mapping roles, disabling ssl fully, changing flows 
within keycloak & tried to replicate the user in geoserver but always 403.

Thanks in advance.

Cheers,
Nikola

___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net<mailto:Geoserver-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/geoserver-users


--

==

GeoServer Professional Services from the experts! Visit http://goo.gl/it488V 
for more information.
==
Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A - 55054  Massarosa (LU) - Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob:   +39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it
---

Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 
2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa 
che ogni circostanza inerente alla presente email (il suo contenuto, gli 
eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i 
destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per 
errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei 
comunque grato se potesse darmene notizia.

This email is intended only for the person or entity to which it is addressed 
and may contain information that is privileged, confidential or otherwise 
protected from disclosure. We remind that - as provided by European Regulation 
2016/679 “GDPR” - copying, dissemination or use of this e-mail or the 
information herein by anyone other than the intended recipient is prohibited. 
If you have received this email by mistake, please notify us immediately by 
telephone or e-mail.
__

Re: [Geoserver-users] Keycloak with geoserver 403 error

2019-10-18 Thread Nikola Jankovic

Hey all,

I have submitted the PR @ https://github.com/geoserver/geoserver/pull/3837

I hope this is enough & if you need more info just let me know.

Cheers,
Nikola

From: Alessio Fabiani 
Sent: 18 October 2019 15:09
To: Andrea Aime 
Cc: Alessio Fabiani ; Nikola Jankovic 
; geoserver-users@lists.sourceforge.net 

Subject: Re: [Geoserver-users] Keycloak with geoserver 403 error

Thanks Nikola and Andrea,
I created a JIRA issue to keep track of the change

https://osgeo-org.atlassian.net/browse/GEOS-9372

The Pull Request should title something like this:

[GEOS-9372] Community Keycloack plugin doc is incomplete

Regards,
Alessio.



Il giorno ven 18 ott 2019 alle ore 15:01 Andrea Aime 
mailto:andrea.a...@geo-solutions.it>> ha scritto:
On Fri, Oct 18, 2019 at 2:58 PM Alessio Fabiani 
mailto:alessio.fabi...@geo-solutions.it>> 
wrote:
Any chance for you to make a Pull Request on GeoServer with the updates to the 
docs so that we can review them?

If it's small changes, this would help:
https://docs.geoserver.org/latest/en/docguide/quickfix.html
Otherwise see the full doc guide:
https://docs.geoserver.org/latest/en/docguide/index.html

Cheers
Andrea

==

GeoServer Professional Services from the experts! Visit http://goo.gl/it488V 
for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions 
S.A.S. Via di Montramito 3/A 55054 Massarosa (LU) phone: +39 0584 962313 fax: 
+39 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it 
http://twitter.com/geosolutions_it 
--- Con riferimento alla 
normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento 
generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza 
inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è 
un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo 
scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, 
ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene 
notizia. This email is intended only for the person or entity to which it is 
addressed and may contain information that is privileged, confidential or 
otherwise protected from disclosure. We remind that - as provided by European 
Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or 
the information herein by anyone other than the intended recipient is 
prohibited. If you have received this email by mistake, please notify us 
immediately by telephone or e-mail.


--

==

GeoServer Professional Services from the experts! Visit http://goo.gl/it488V 
for more information.
==
Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A - 55054  Massarosa (LU) - Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob:   +39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it
---

Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 
2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa 
che ogni circostanza inerente alla presente email (il suo contenuto, gli 
eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i 
destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per 
errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei 
comunque grato se potesse darmene notizia.

This email is intended only for the person or entity to which it is addressed 
and may contain information that is privileged, confidential or otherwise 
protected from disclosure. We remind that - as provided by European Regulation 
2016/679 “GDPR” - copying, dissemination or use of this e-mail or the 
information herein by anyone other than the intended recipient is prohibited. 
If you have received this email by mistake, please notify us immediately by 
telephone or e-mail.
___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Re: [Geoserver-users] Keycloak with geoserver 403 error

2019-10-18 Thread Nikola Jankovic

Hey all,

I have discovered what is the issue. Apparently the module doesn't recognize 
some of the token decryption algorithms, and I solved the issue by forcing 
RS256 on the client and including the realm-public-key for RS256 in the 
adapter config which is located in keycloak realm settings. This isn't 
mentioned in the documentation though. Any way to proceed with this?

Cheers,
Nikola

From: Nikola Jankovic 
Sent: 16 October 2019 13:54
To: geoserver-users@lists.sourceforge.net 

Subject: [Geoserver-users] Keycloak with geoserver 403 error

Hello all,

I am trying to run keycloak & geoserver locally, but no matter what I try (also 
tried a bunch of other things besides using the guide here 
https://docs.geoserver.org/latest/en/user/community/keycloak/index.html) I 
always get 403 after logging in to geoserver from keycloak. A successful 
session & login are logged in keycloak, but I don't get access to the GUI 
which, at first, I am trying to protect. I know it is a community module and 
experimental, but has anyone had any success setting it up? Any help would be 
greatly appreciated. Not sure also whether this might be a bug.

Specs:
Geoserver 2.15.0 running in a docker Container
openjdk version "1.8.0_212"
OpenJDK Runtime Environment (build 1.8.0_212-8u212-b01-1~deb9u1-b01)
OpenJDK 64-Bit Server VM (build 25.212-b01, mixed mode)

I tried changing roles, mapping roles, disabling ssl fully, changing flows 
within keycloak & tried to replicate the user in geoserver but always 403.

Thanks in advance.

Cheers,
Nikola
___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

[Geoserver-users] Keycloak with geoserver 403 error

2019-10-16 Thread Nikola Jankovic

Hello all,

I am trying to run keycloak & geoserver locally, but no matter what I try (also 
tried a bunch of other things besides using the guide here 
https://docs.geoserver.org/latest/en/user/community/keycloak/index.html) I 
always get 403 after logging in to geoserver from keycloak. A successful 
session & login are logged in keycloak, but I don't get access to the GUI 
which, at first, I am trying to protect. I know it is a community module and 
experimental, but has anyone had any success setting it up? Any help would be 
greatly appreciated. Not sure also whether this might be a bug.

Specs:
Geoserver 2.15.0 running in a docker Container
openjdk version "1.8.0_212"
OpenJDK Runtime Environment (build 1.8.0_212-8u212-b01-1~deb9u1-b01)
OpenJDK 64-Bit Server VM (build 25.212-b01, mixed mode)

I tried changing roles, mapping roles, disabling ssl fully, changing flows 
within keycloak & tried to replicate the user in geoserver but always 403.

Thanks in advance.

Cheers,
Nikola
___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Re: [Geoserver-users] Geoserver authentication with keycloak issue

2019-10-11 Thread Nikola Jankovic

Hey all,

Figured out the problem, so posting in case someone else needs.

For production it is required to change following parameters in the keycloak 
adapter config:

  "ssl-required": "all",
  "confidential-port": 443,

Now I have other issues with mapping roles, but the original issue is solved 
for me.

Cheers,
Nikola
____
From: Nikola Jankovic 
Sent: 01 October 2019 10:57
To: geoserver-users@lists.sourceforge.net 

Subject: [Geoserver-users] Geoserver authentication with keycloak issue

Hello all,

I am trying to connect geoserver with the keycloak community module following 
the guide 
https://docs.geoserver.org/latest/en/user/community/keycloak/index.html, 
however I am facing some difficulty in doing so.

After adding the keycloak adapter to the web filter chain to protect the Web 
Admin GUI, the requests aren't being being redirected properly to the keycloak 
sign in page, and I get an Invalid parameter: redirect_uri error. I notice in 
the URL that it is trying to redirect to HTTP instead of HTTPS (keycloak only 
allows HTTPS and is configured accordingly). When I add HTTPS manually to the 
redirect_uri parameter in the URL then it redirects properly. HTTPS is 
configured currently with an NGINX redirect. Is this a configuration issue with 
Geoserver? I've tried setting the proxy base URL but that doesn't seem to help.

Specs:
Geoserver 2.15.0 running in a docker Container on Ubuntu 16.04
openjdk version "1.8.0_212"
OpenJDK Runtime Environment (build 1.8.0_212-8u212-b01-1~deb9u1-b01)
OpenJDK 64-Bit Server VM (build 25.212-b01, mixed mode)

If you need any more information, I will try to provide it. Thank you for 
taking the time to read and look into the issue.

Sincerely,
Nikola
___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Re: [Geoserver-users] Best practice for large amounts of orthophotos

2019-10-11 Thread Nikola Jankovic

Hi Mats,

I'm dealing with similar stuff, and I will drop a couple of links below for 
reference.

In case of 1. consider adding tiling and inner overviews for each of your 
images with gdal_translate & gdaladdo (also look up cloud optimized geotiffs), 
and storing them in a CRS that will mostly be requested (less reprojection 
overhead). If the data is meant for visualization also consider lossy 
compression to save space. If you need to serve raw data with WCS, go with some 
lossless compression at a lower level. Although this might mean getting read of 
the original data or duplicating data, and reprojecting also causes data loss 
(which I believe for orthophotos should be negligible).

For 2 & 3 I cannot speak since I need to deal with lots of files without too 
much influence on them so I didn't do research there.

https://www.cogeo.org/ - for http range requests but i notice also in general 
good for data optimization.
https://geoserver.geo-solutions.it/edu/en/enterprise/raster.html - skim through 
here for some good reference on tweaking/optimization/caching etc.

Cheers,
Nikola

From: Mats Elfström 
Sent: 11 October 2019 11:32
To: geoserver-users@lists.sourceforge.net 

Subject: [Geoserver-users] Best practice for large amounts of orthophotos


Hi all!

I would like to discuss best practice for serving rather large amounts of 
aerial imagery (ie orthophotos). My setup is Geoserver 2.16 on a local Windows 
Server. I also have PostgreSQL 10.5/Postgis 2.4.4 running on the same server, 
but that is not used for imagery at this point.

Imagery is stored in uncompressed geotifs, ~300MB each, and there are 150-250 
of these per year so it adds up to hundreds of GB’s. Disk space on the server 
is already an issue but can be augmented. I have FME and lots of experience 
working with aerial imagery, but less experience from imagery on Geoserver.

I have figured out and tested three approaches and will list them with the pros 
and cons I have found so far. They are not in order of preference or anything. 
Less disk space is more important than necessary bandwidth, but overall 
performance is important.

 1/ Use ImageMosaic and serve one folder of tiffs per year.

Pros: No file processing necessary, deliveries can simply be dumped in a 
folder. Folder doubles as data storage if original files need to be retrieved. 
Original resolution is unchanged.

Cons: Will need huge amounts of disk space. Despite some tiles tweaking, very 
slow performance, esp at small scales.

2/ Mosaic the image files into one ECW file with the original resolution and 
serve that from an ECW store.

Pros: Will take up significantly (1/5-1/10) less disk space. Very fast 
performance, regardless of scale.

Cons: Time consuming file processing, but a one-time job. Original files will 
need storage elsewhere. Possible licensing limitations on the ecw software.

3/ Mosaic the image files into one JP2k file and serve that from a JP2ECW store.

Pros: Will take up much less disk space, but more than ECW. No licensing issues.

Cons: Time consuming file processing, but a one-time job. Original files need 
storage elsewhere. Slightly slower performance than ECW.

In a case like this, what is a generally agreed best practice? All hints and 
suggestions are most welcome. Maybe there are better alternatives than the 
above? PostGIS raster storage maybe?

Thanks in advance and best regards, Mats.E

 
[https://docs.google.com/uc?export=download=0B6X-OqqLVTjPM2pwU05zTXNZWkU=0B6X-OqqLVTjPRzhtZUZyMDg3eFBoejRubGlkaGx3bVhNTHJrPQ]

GisKraft, GIS och webbkonsult
Mats Elfström, Väpplingvägen 21, SE-227 38 LUND, Sweden
tel: +46 70 595 39 35 / web: www.giskraft.com
___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

[Geoserver-users] Geoserver authentication with keycloak issue

2019-10-01 Thread Nikola Jankovic

Hello all,

I am trying to connect geoserver with the keycloak community module following 
the guide 
https://docs.geoserver.org/latest/en/user/community/keycloak/index.html, 
however I am facing some difficulty in doing so.

After adding the keycloak adapter to the web filter chain to protect the Web 
Admin GUI, the requests aren't being being redirected properly to the keycloak 
sign in page, and I get an Invalid parameter: redirect_uri error. I notice in 
the URL that it is trying to redirect to HTTP instead of HTTPS (keycloak only 
allows HTTPS and is configured accordingly). When I add HTTPS manually to the 
redirect_uri parameter in the URL then it redirects properly. HTTPS is 
configured currently with an NGINX redirect. Is this a configuration issue with 
Geoserver? I've tried setting the proxy base URL but that doesn't seem to help.

Specs:
Geoserver 2.15.0 running in a docker Container on Ubuntu 16.04
openjdk version "1.8.0_212"
OpenJDK Runtime Environment (build 1.8.0_212-8u212-b01-1~deb9u1-b01)
OpenJDK 64-Bit Server VM (build 25.212-b01, mixed mode)

If you need any more information, I will try to provide it. Thank you for 
taking the time to read and look into the issue.

Sincerely,
Nikola



Dipl.-Ing. Nikola Jankovic
Software developer & GIS Scientist

EODC Earth Observation Data Centre for Water Resources Monitoring GmbH
Franz-Grill-Straße 
9<https://maps.google.com/?q=Franz-Grill-Stra%C3%9Fe+9+%0D%0A_A-1030+Vienna+%0D%0A_Austria=gmail=g>
A-1030 
Vienna<https://maps.google.com/?q=Franz-Grill-Stra%C3%9Fe+9+%0D%0A_A-1030+Vienna+%0D%0A_Austria=gmail=g>
Austria<https://maps.google.com/?q=Franz-Grill-Stra%C3%9Fe+9+%0D%0A_A-1030+Vienna+%0D%0A_Austria=gmail=g>

Phone: +43 699 1668 7532
Web:   http://www.eodc.eu<http://www.eodc.eu/>
___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Re: [Geoserver-users] Keycloak with geoserver 403 error

Re: [Geoserver-users] Keycloak with geoserver 403 error

Re: [Geoserver-users] Keycloak with geoserver 403 error

[Geoserver-users] Keycloak with geoserver 403 error

Re: [Geoserver-users] Geoserver authentication with keycloak issue

Re: [Geoserver-users] Best practice for large amounts of orthophotos

[Geoserver-users] Geoserver authentication with keycloak issue

7 matches

Site Navigation

Mail list logo

Footer information