GNIP - Replace custom auth module with OAuth #1329
Comments
|
+1 for me. |
|
+1 |
|
While I agree a standard approach to authentication would be valuable, due to the way GeoServer authorizes layer access, my guess is that this will perform very poorly under any load if used for authorization. The reason I had to create the DB client was time-outs resulting from heavy HTTP traffic between the two. The DB client is 2 orders of magnitude faster than the old method and put no burden on the django server. |
|
Lets discuss security during the sprint. I would love to have external authentication in geonode with social or oauth and know that this works with geoserver in mapstory. |
|
Punting to 2.5 |
jj0hns0n
added
feature
|
@BerryDaniel lets talk about this now that its documented. May just be able to close? Moving to 2.7 anyway. |
|
We are currently working on a technical proposal for this. The OAuth2 prototype for GeoServer is working and is almost ready. About the authorization, the idea is to allow GeoNode to act as UserRoleProvider on per-layer request instead of providing the whole list of authorization like it does now. For more details please take a look here https://docs.google.com/document/d/1bF1IyFnfOEvShLWcjZ4exImscuOYF31Wjz-8EBQXEmE/edit?usp=sharing and specifically for GeoNode here https://docs.google.com/document/d/1fEs6NsCVC3KcB8TCM_P7BmxKLrza2n9fxlySdQVShQ8/edit?usp=sharing |
|
Ok, leaving this in 2.7 then. |
|
@afabiani @ingenieroariel going to close this as the new A&A has been merged which implements oAuth. We can open new tickets for this integration separately now. |
Overview
Taken from Andreas' email:
Currently, GeoServer in GeoNode uses an extension to inherit Django's
security settings.
Now that there is an oauth module available for GeoServer's Spring
security model (http://static.springsource.org/spring-security/oauth/support.html),
and several oauth implementations also exist for Django (e.g.
django-oauth, https://bitbucket.org/david/django-oauth-plus/wiki/Home),
I think it should be possible to get a standards compliant and
extensible way for Django and GeoServer to share GeoNode
authentication/authorization. As a positive side effect, GeoNode could
then also integrate better with other social networking platforms that
support oauth, which would maybe even give us the social networking
features we want for GeoNode for free.
Proposed By:
Assigned to release:
State:
Motivation:
Proposal:
Use cases:
Issues:
Testing:
Alternatives
Feedback
The text was updated successfully, but these errors were encountered: